The human factor is back on horseback

The Oak Ridge National Laboratory ( ORNL ) has undergone a complex and subtle Internet attack, admits its director Tom Mason (Thom Mason). The attackers acted on a very sophisticated scheme: fake emails with malicious attachments were sent to several employees whose computers have connections to both the World Wide Web and the internal networks of the laboratory. One careless action — and hackers gained access to a database of everyone who had been in Oak Ridge for 14 years, starting in 1990.

Having received and analyzed such information, hackers began to send address letters to "weak links" in the defense laboratory - to people who have a fairly high level of access to the local network from their computer. Having made about 1,100 attempts, using 7 different letter variants, almost indistinguishable from ordinary internal correspondence, they achieved that “at least 11 employees” opened dangerous attachments and gave them access to even deeper hidden secrets of the laboratory.

How serious damage caused the attack, not yet reported. However, the very fact of penetration into the network of a scientific center that performs research under the heading "Top Secret" for the Ministry of Defense and Intelligence, is already causing concern. And the way in which the attack was carried out, almost nullifies all the technical tricks to ensure information security, once again proving that the notorious human factor here is still the defining link.