« A call for Baltimore-area tech events | Main | The technology behind Transformers: a nanotech dream? »

June 25, 2009

Johns Hopkins APL cyber attackers got past the firewall


Last week, I reported here that the Johns Hopkins University Applied Physics Lab's web site had been voluntarily taken down after officials there discovered they were facing a cyber attack.

The lab, which is in Laurel, Md., (left) does a lot of academic research. But it also partners with our military and with NASA on classified research. A quick recap: Last Sunday, June 14, officials at the APL discovered there was a cyber attack going on. Last week, I was told they had some evidence that it may have started as early as two weeks prior.

As a precaution, the APL officials ordered their external website taken down. A barebones splash page was put up a few days later for their website. And Internet access to all its employees was cut.

On Tuesday, APL restored its external Website, according to Helen Worth, the facility's spokeswoman. But employee Internet access remained curtailed and wasn't expected to be restored until today, Worth told me yesterday afternoon.

In an interview yesterday, Worth said that officials determined that the attackers penetrated past the Website's firewall and into the facility's internal network. But classified information was not accessed, she said.  Worth said it was believed that the attackers were looking for classified information and that officials were "pretty sure" employees' personal information was not touched.

Here's what I did not learn:

:: Worth declined to say which areas of the website were accessed or how officials determined the attackers were looking for classfied material.

:: Worth declined to say whether APL believed the cyber attack came from a source in the United State or from abroad. 

:: Worth also wouldn't tell me if any law enforcement agencies is involved in investigating the cyber attack, except to say that the government agencies they work with had been notified of the cyber attack.

"We have a very sophisticated system," Worth said. "We are well aware that we are a target. And we're now more sophisticated than we are before. We've been on top of security very strongly."

APL is an important facility. I wonder what some of our senators and representatives think about this security breach, especially in light of President Obama's renewed emphasis on cyber security. I'll try to find out. Stay tuned.

This is an archived version of the technology blog. For updated coverage, see the current baltTech location:
Posted by Gus Sentementes at 7:00 AM | | Comments (2)
Categories: University Tech


Couple questions for the APL people:

1) how did they discover the web site was compromised in the first place

2) how soon after it was compromised did they discover the fact

Also a spokesperson is just repeating what she has been told so I'd take her statements with a grain of salt. :-)

Grain of salt taken. -gs

I noticed that they subsequently switched their site from running on Microsoft IIS to Apache on Unix.

Hmmmmm..... -gs

Post a comment

All comments must be approved by the blog author. Please do not resubmit comments if they do not immediately appear. You are not required to use your full name when posting, but you should use a real e-mail address. Comments may be republished in print, but we will not publish your e-mail address. Our full Terms of Service are available here.

Verification (needed to reduce spam):

About Gus G. Sentementes
Gus G. Sentementes (@gussent on Twitter) has been writing for The Baltimore Sun since 2000. He's covered real estate, business, prisons, and suburban and Baltimore City crime and cops. He was one of the first reporters at The Sun to use multimedia tools and Web applications -- a video camera, an iPhone -- to cover breaking news. He hopes to cover Maryland geeks and the gadgets and Web sites they build, and learn -- and share -- something new every day.

Gus has a wife, a young daughter and two feuding cats. They live in Northeast Baltimore.
This is an archived version of the technology blog. For updated coverage, see the current baltTech location:

Most Recent Comments
Baltimore Sun coverage
Sign up for FREE business alerts
Get free Sun alerts sent to your mobile phone.*
Get free Baltimore Sun mobile alerts
Sign up for Business text alerts

Returning user? Update preferences.
Sign up for more Sun text alerts
*Standard message and data rates apply. Click here for Frequently Asked Questions.
Charm City Current
Stay connected