Johns Hopkins APL cyber attackers got past the firewall
Last week, I reported here that the Johns Hopkins University Applied Physics Lab's web site had been voluntarily taken down after officials there discovered they were facing a cyber attack.
The lab, which is in Laurel, Md., (left) does a lot of academic research. But it also partners with our military and with NASA on classified research. A quick recap: Last Sunday, June 14, officials at the APL discovered there was a cyber attack going on. Last week, I was told they had some evidence that it may have started as early as two weeks prior.
As a precaution, the APL officials ordered their external website taken down. A barebones splash page was put up a few days later for their website. And Internet access to all its employees was cut.
On Tuesday, APL restored its external Website, according to Helen Worth, the facility's spokeswoman. But employee Internet access remained curtailed and wasn't expected to be restored until today, Worth told me yesterday afternoon.
In an interview yesterday, Worth said that officials determined that the attackers penetrated past the Website's firewall and into the facility's internal network. But classified information was not accessed, she said. Worth said it was believed that the attackers were looking for classified information and that officials were "pretty sure" employees' personal information was not touched.
Here's what I did not learn:
:: Worth declined to say which areas of the website were accessed or how officials determined the attackers were looking for classfied material.
:: Worth declined to say whether APL believed the cyber attack came from a source in the United State or from abroad.
:: Worth also wouldn't tell me if any law enforcement agencies is involved in investigating the cyber attack, except to say that the government agencies they work with had been notified of the cyber attack.
"We have a very sophisticated system," Worth said. "We are well aware that we are a target. And we're now more sophisticated than we are before. We've been on top of security very strongly."
APL is an important facility. I wonder what some of our senators and representatives think about this security breach, especially in light of President Obama's renewed emphasis on cyber security. I'll try to find out. Stay tuned.
This is an archived version of the technology blog. For updated coverage, see the current baltTech location: baltimoresun.com/balttech
Comments
Couple questions for the APL people:
1) how did they discover the web site was compromised in the first place
2) how soon after it was compromised did they discover the fact
Also a spokesperson is just repeating what she has been told so I'd take her statements with a grain of salt. :-)
Grain of salt taken. -gs
Posted by: Paul | June 25, 2009 10:05 AM
I noticed that they subsequently switched their site from running on Microsoft IIS to Apache on Unix.
Hmmmmm..... -gs
Posted by: brennan | June 29, 2009 4:49 AM