Tuesday, 16 February 2016

Hack' on DoJ and DHS downplayed

DHS

Data Breach – DoJ/DHS

The US authorities had approved a data breach disturbing the Department of Justice, DoJ as well as the Department of Homeland Security – DHS, though restrained its severity. As per technology news site, Motherboard, the hacker has stated that they would soon share personal information of around 20,000 DoJ employees comprising of staff at the FBI.

It was informed by the news site that it had verified small parts of the breach, but had also observed that some of the details listed seemed to be improper or probably out-dated. The Department of Justice too restrained the significance of the breach. DoJ spokesman, Peter Carr had informed Guardian that `the department has been looking into the unauthorized access of a system which was operated by one of its components comprising of employee contact information and this unauthorized access is under investigation.

However, there is no indication at this time that there is any breach of sensitive personally identifiable information. The department has taken this very seriously and is continuing to arrange protection as well as defensive measure in safeguarding information. Any activity which is determined to be criminal in nature would be referred to law enforcement for investigation’

Hacked Data Posted on Encrypted Website

Hacked data which had been anonymously posted on encrypted website and reviewed by the Guardian comprise of a DHS personnel directory and the information listed included phone numbers together with email addresses. These were for individuals who have not worked for DHS for years. Besides this, some of the listings also had out-dated titles.

The encrypted DHS directory had appeared online prior to 7 pm EDT on Sunday and the password seemed to be `lol’. A source demanding responsibility had informed Motherboard who had revealed the story of the hack, that they had compromised the employee account of DHS and had then used the information from it to convince an FBI phone operator to provide access to the computer system of DoJ.

 The hackers had promised to release the information from the DoJ on Monday. At 4 pm EDT, an identical list had been posted on the same site with a DoJ staff directory which had also appeared to be out-dated. In order to assess the hack, during a government wide-meeting, an official compared it to stealing a years old AT&T phone book after the telecom had digitized most of its data already.

Disruption Regularly in Government Data Security

However, experienced officials state that it should be less simple in obtaining access token by imitating an official from a different department over the phone to a help desk.Things tend to be disrupted regularly in government data security and the OPM hack, exposed in June, revealed the deeply researched security clearance of 21.5m present and former government employees together with contractors from phone numbers to fingerprints.

 But the DHS breach seems to be far less severe and it is especially embarrassing considering that the department has been selected the point of entry for all corporate data shared with government agencies in the debated information sharing program between government and industry developed last year, by the Cybersecurity Information Sharing Act. The program wherein private companies tend to share user information with the government in exchange for immunity from regulation had not been accepted from its start at the DHS, which is left holding the bag in the incident of a breach.

Alejandro Mayorkas, DHS deputy secretary cited troubling provision from the bill to Senator Al Franken in a letter sent in July, wrote that `the authorization to share cyber threat indicators and defensive measures with any other entity or the Federal Government, notwithstanding any other provision of law, could sweep away important privacy protection’

No comments:

Post a comment

Note: only a member of this blog may post a comment.