Do the Dept. of Energy and ESnet have a problem on their hands?

July 6, 2011
Cyber Security, FedCyber Wire
No Comment

via The Tech Herald

ESnet is a network that connects most of the major labs under the U.S. Department of Energy (DOE) to other research facilities across the globe. It’s a wealth of knowledge, considering who has access to it. So what would happen if ESnet was breached? How can one be sure that it hasn’t already happened?

If you consider the labs connected to ESnet, at least the ones that spring to mind where the DOE is concerned, it’s an impressive mix of research and development. ESnet connects the Oak Ridge National Laboratory (ORNL), the Pacific Northwest National Laboratory (PNNL), the Y12 National Security Complex, and FermiLab, just to name a few.

Last week, the PNNL closed their public website and rejected all incoming email traffic after they discovered that someone – somewhere – was targeting them. PR people called the attack sophisticated, but media coverage makes it look less so. The idea that access was restricted to email and Internet suggests that someone was Phishing, and someone at PNNL fell for it.

According to a PNNL spokesperson, the lab sees nearly 4 million attacks per day on its external network. However, if Phishing was at the root of the problem, and someone clicked on the malicious links or attachments, then the PNNL employee wouldn’t be alone. The same thing happened recently at ORNL, and once before years ago. This is in addition to another set of security issues.

In 2006, an ORNL contractor brought an unclassified laptop into a restricted area at Y12. Later it was learned that as many as 37 other laptops – owned by ORNL employees – were brought into the same restricted area. According to a DOE Inspector General report from 2008, nine of those laptops were taken on foreign travel to sensitive countries, a serious policy violation, and all 38 laptops were infected with Malware. In addition, 26 of them had wireless communications ability.

In 2007, ORNL suffered another breach after several emails with malicious attachments allowed outsiders to access a database with personal information stored on it. The database contained information on all of the visitors to the lab, spanning nearly 14 years. The emails were targeted to specific people, using topics that would uniquely hold their attention and entice them to open the attachments.

After more than 1,100 attempts, the attackers managed to get 11 people to fall for the scam. Moreover, ORNL said that the Los Alamos National Laboratory in New Mexico and California’s Lawrence Livermore National Laboratory were also targeted by the same attack.

Continued here.