After a sophisticated cyber attack that forced Oak Ridge National Laboratory to shut down its Internet connection for two weeks, employees are now back on line.
Officials shut down the lab’s main Internet connection April 15 as an extraordinary step to limit damage from a sophisticated cyber attack, and the reopening of that connection apparently signifies a return to normal operations.
“We are delighted to announce that Internet connectivity has been restored at ORNL,” wrote, spokeswoman Barbara Penland in an email message.
Laboratory Director Thom Mason has characterized the remotely directed attack as an Advanced Persistent Threat, which takes hold unobtrusively and gradually broadens its reach inside computer networks in an effort to steal technical data and intellectual properties.
The lab’s investigation, beefed up by experts from other national labs, federal agencies and computer-related companies, indicated the malware entered ORNL systems April 7 after multiple lab employees clicked on a link in a phishing email disguised to look like benefits information from ORNL’s human resources department. A temporary vulnerability in the Internet Explorer software facilitated the entry.
ORNL became aware of the intrusion April 11 and monitored it until lab management made the decision around midnight April 15 to shut down the Internet connection. Mason said the move was necessary after it became apparent the malware was getting ready to remove data from ORNL’s systems.
“One of the characteristics of this Advanced Persistent Threat is that it can kind of phone back home to get instructions. … That’s why when you pull the plug on the Internet connection, all of sudden it can no longer do that,” Mason said.