Skip to content
Link copied to clipboard

Lab visitor info may have been accessed

Hackers attacked the Oak Ridge facility. Personal data covered 1990 through 2004.

KNOXVILLE, Tenn. - The Oak Ridge National Laboratory revealed yesterday that a "sophisticated cyber attack" over the last few weeks may have allowed personal information about thousands of lab visitors to be stolen.

The assault appeared "to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country," lab director Thom Mason said in a memo to the 4,200 employees at the Department of Energy facility.

Oak Ridge officials would not identify the other institutions affected by the breach. But they said hackers may have infiltrated a database of names, Social Security numbers and birthdates of every lab visitor between 1990 and 2004.

"There was no classified data of any kind compromised," lab spokesman Bill Stair said. "There are people who think that, because they accessed this database, that they had access to the lab's supercomputer. That is not the case. There was no access at all."

The lab has the second-fastest supercomputer in the world, an open-research, 101.7-teraflop Cray XT3/XT4 known as "Jaguar," and has plans to build another.

About 3,000 researchers annually visit the facility, a major Energy Department energy-research and high-performance computing center, about 25 miles west of Knoxville.

Officials have sent letters to about 12,000 potential victims. Mason said that, so far, there was "no evidence that the stolen information has been used."

The assault was in the form of phony e-mails containing attachments, which, when opened, allowed hackers to penetrate the lab's computer security. The practice is called "phishing." The first fake e-mail arrived Oct. 29. At least six more waves followed.

"At first glance, they appeared legitimate," Mason wrote. One notified employees of a scientific conference. Another pretended to notify the employee of a complaint on behalf of the Federal Trade Commission.

Each one instructed recipients to open an attachment for further information. And when they did, it "enabled the hackers to infiltrate the system and remove data," he wrote.

The lab's cyber police determined about 1,100 phony e-mail messages entered the lab's network. In 11 cases, an employee took the bait and opened the attachments.

"Our cyber security staff has been working nights and weekends to understand the nature of this attack," Mason wrote. "Reconstructing this event is a very tedious and time-consuming effort that likely will take weeks, if not longer, to complete."

Meanwhile, the lab will post updates on its Web site at



"Every year . . . our enemies find new and more sophisticated ways to tunnel under the fence," Stair said. "This is an ongoing challenge."