Saturday, December 08, 2007

Hackers hit Oak Ridge

I've lost track of how many times my information has been stolen at Ohio State and the state of Ohio. Sometimes, I don't even know why the information was in the database that was hacked. I surely don't know why an intern was carrying around an unsecured laptop in his car. A recent report on 60 minutes said credit card information is being stolen from retail stores because they're using insecure wireless networks. But even smart, techie people can be fooled, particularly by "phishing," so don't open those attachments.
    "Employing a highly targeted social-engineering trick, hackers were able to gain access to a database at the Oak Ridge National Laboratory -- one of the United States' biggest nuclear facilities -- containing information on people who visited during the past several years. Since the lab handles nuclear material, it collects quite a bit of personal data on visitors, including their Social Security numbers. The bad guys sent e-mails that appeared to be either an invitation to a scientific seminar or a Federal Trade Commission complaint. In both cases, users were prompted to open attachments. Despite the fact that this place employs some of the smartest people in the country, 11 staffers opened the attachments, and the hackers got in. Worse yet, the attack may have been part of a larger coordinated effort -- investigators are looking into that possibility." from TechNewsWorld
The Oak Ridge site posts this warning--and I'd call 15 years a bit more than "several":
    The original e-mail and first potential corruption occurred on October 29, 2007. We have reason to believe that data was stolen from a database used for visitors to the Laboratory.

    No classified information was lost; however, visitor personal information may have been stolen. If you visited ORNL between the years 1990 and 2004 your name and other personal information such as your social security number or date of birth may have been part of the stolen information. While there is no evidence that the stolen information has been used, the Laboratory deeply regrets the inconvenience caused by this event.

No comments: