Y-12 Nuclear Weapons Plant Targeted in Cyberattack

Wednesday, June 15, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

The public facing website at the Y-12 Nuclear Weapons Plant located at the Oak Ridge National Laboratory (ORNL) was temporarily disabled following reports of a cyber attack on Sunday.

The weapons plant is the latest defense facility to be targeted, following reports of unauthorized access events at contractors Lockheed, Northrop, and L3 Communications.

The Y-12 facility stores the majority of the nation's bomb-grade uranium, as well as producing replacement hardware to maintain aging nuclear weapons stores.

Officials at ORNL indicate that the systems targeted in the attack contained no sensitive national security data, and that no private or personal information was exposed in the event.

"The database did not contain any sensitive information and no Y-12-related activities were compromised," said Steven Wyatt, a spokesman for the National Nuclear Security Administration.

"The database was immediately taken out of service and is being analyzed by Y-12 cyber security staff. For this reason, Y-12's external website has been replaced with a temporary information page. At this point, there is no evidence that any plant-wide email or internal computing services have been affected, nor has any classified or sensitive information been accessed or affected by this incident," Wyatt said.

Though the operation seems to have been unsuccessful from the point of view of the attackers, experts warn that there is a chance that further attacks could expose sensitive data.

"The primary danger in an attack like this is that attackers might attempt to use the credentials that they obtain to access more sensitive systems," the University of Utah's Sean Lawson wrote.

In mid-April, Internet access and email systems where temporarily shut down at the Oak Ridge National Laboratory as investigators looked into events surrounding another reported cyber attack.

Details of the unauthorized access are few, but initial reports indicated that the targeted attack employed an email that may have contained malware.

“In this case, it was initiated with phishing email, which led to the download of some software that took advantage of a ‘zero day exploit,’ a vulnerability for which there is no patch yet issued,” ORNL Director Thom Mason.

Mason did not specify the software that was vulnerable to a zero day exploitation, but the event had followed closely on the heels of a critical software update issued by Adobe for the company's Flash Player.

ORNL was previously hit by a cyber attack in 2007 which resulted in the loss of a large amount of data, and the move to suspend internet access can be chalked up to lessons learned from the Lab's previous experience.

Possibly Related Articles:
16273
Network->General
Attack Headlines Network Security National Security hackers ORNL Oak Ridge National Laboratory Y-12 Nuclear Weapons Plant
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.