07 Jul 2011

Two Department of Energy labs hacked

The websites of the U.S. Department of Energy's Pacific Northwest National Laboratory, in Richland, Washington, and Jefferson National Laboratory, in Newport News, Virginia, have been hacked, the labs acknowledged on July 6. Though the intrusions occurred on July 1, the sites were still down five days later.

PNNL spokesman Greg Koller told CNET no information, either classified or unclassified, appeared to have been compromised, though he called the attack "sophisticated." The Jefferson National Lab spokeswoman, Debbi Magaldi, told the news source the facility does not store any classified information, and its site was quickly secured following discovery of the exploit.

An internet security expert told Computerworld these breaches are probably the result of spear-phishing attacks similar to the one that recently compromised the Department of Energy's Oak Ridge, Tennessee, laboratory. In that case, an apparently official email was opened by Oak Ridge workers, whose computers were then infected by a Trojan that stole data by taking advantage of an Internet Explorer security loophole.

Bloomberg News recently reported on a Department of Homeland Security test in which a high number of government employees and contractors plugged potentially infected USB drives into their work computers.