Supercomputer lab reports 'sophisticated cyber attack'

The compromised Oak Ridge lab is home to the world's second-fastest supercomputer, a Cray XT3/4 capable of 101.7 teraflops.

KNOXVILLE - The Oak Ridge National Laboratory, a major energy, research and high-performance computing centre, revealed that a "sophisticated cyber attack" over the last few weeks may have allowed personal information about thousands of lab visitors to be stolen.

The assault appeared "to be part of a co-ordinated attempt to gain access to computer networks at numerous laboratories and other institutions" in the United States, lab director Thom Mason said in a memo to the 4200 employees at the Department of Energy facility.

Oak Ridge officials would not identify the other institutions affected by the breach. But they said hackers may have infiltrated a database of names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004.

"There was no classified data of any kind compromised," lab spokesman Bill Stair said. "There are people who think that because they accessed this database that they had access to the lab's supercomputer. That is not the case. There was no access at all."

The lab currently has the second-fastest supercomputer in the world, an open-research, 101.7-teraflop Cray XT3/XT4 known as "Jaguar," and has plans to build another.

About 3000 researchers annually visit the facility, a major energy research and high-performance computing centre, about 25 miles (40 kilometres) west of Knoxville.

Officials have sent letters to about 12,000 potential victims. Mason said so far there was "no evidence that the stolen information has been used."

The assault was in the form of phoney emails containing attachments, which when opened allowed hackers to penetrate the lab's computer security. The practice is called "phishing."

The lab's cyber police determined about 1100 phoney email messages entered the lab's network. In 11 cases, an employee took the bait and opened the attachments.

"Our cyber security staff has been working nights and weekends to understand the nature of this attack," Mason wrote. "Reconstructing this event is a very tedious and time-consuming effort that likely will take weeks, if not longer, to complete."

Meanwhile, the lab will post updates on its website at http://www.ornl.gov/identitytheft.

"Every year we build bigger and more sophisticated fences around our databases and every year our enemies find new and more sophisticated ways to tunnel under the fence," Stair said. "This is an ongoing challenge that is going to be there as far as we can see in the future."

- AP