PNNL Attack Exploited Zero Day

Thursday, July 14, 2011 @ 05:07 PM gHale


The attack that took the Energy Department’s Pacific Northwest National Laboratory (PNNL) down July 1 took advantage of a zero-day vulnerability.

Although external email and some internal communications are back, the lab’s website remains unavailable and the Richland, WA, lab still has no Internet access. Lab CIO Jerry Johnson said the remaining services should be up and running this week.

RELATED STORIES
Cybercrime Motto: Knowledge Means Profit
Over 286 Million New Cyber Threats in ‘10
‘Night Dragon’ Cyber Attacks Big Oil

Pacific Northwest was one of two Energy Department labs that became aware of an attack on July 1. The Thomas Jefferson Laboratory National Accelerator Facility in Newport News, Va., also went offline for a period after the attack, but restored Internet services and began rebuilding its Web site last week.

Battelle Memorial Institute of Columbus, Ohio, which manages the PNNL and several others for the Energy Department and the United Kingdom, also came under attack July 1. Corporate email and outside network access shut down but came back July 5.

Johnson said response teams at Pacific Northwest have found multiple malicious codes and tools as a result of the breach and PNNL is providing information on the attack to the Energy Department’s Cyber Incident Response Center, which can provide information to other response groups.

He said the response team needs to identify and clean up any compromised systems and any malware installed by the attackers, including any latent malware that could become active at a later time.

The team also needs to remedy any weak points in defenses exploited by the attackers.

The Pacific Northwest lab has a staff of 4,900, about 4,500 of them working at the Richland facility. It has an annual budget of about $1 billion. Roughly half of its work is in national and homeland security analysis and research, with the most of the rest in the areas of energy, smart grid development and the environment. The lab routinely repels more than 4 million probes and breach attempts a day, and because of its cyber security analytics and research it provides incident response assistance to other agencies and law enforcement.



Leave a Reply

You must be logged in to post a comment.