FBI and DHS are Hacked
Posted by: Timothy Weaver on 02/09/2016 08:22 PM
[
Comments
]
The Director of National Intelligence, James Clapper, is set to appear before the Senate Select Committee on Intelligence and offer an assessment of worldwide threats. Before he can do that, a hacker has threatened to expose information on 20,000 FBI employees and 9,000 who work for the Department of Homeland Security (DHS).
Gabe Gumbs, vice president of strategy at Identity Finder, said: "The timing could not be worse for Clapper. There needs to be more outreach to the professional security community and a move away from relatively smaller number of people that currently occupy the echo chamber.”
Gumbs said: By now “we know that persistent attackers will penetrate defenses,” he said. “This attack highlights poor application of basic data minimization efforts.”
As is so common, the hacker managed to infiltrate the system by compromising a staffers email. Once he did that, he social engineered his way into the agency's web portal by calling the appropriate department, claiming to be a new employee, and was given the department's token code, which he used to log in to a PC and from there a virtual machine.
Gumbs said “The most surprising aspect of this breach is the response or lack thereof. Much like the OPM breach, there are a lot of people whose personal lives are going to be affected by this.”
Source: SCMagazine
Gabe Gumbs, vice president of strategy at Identity Finder, said: "The timing could not be worse for Clapper. There needs to be more outreach to the professional security community and a move away from relatively smaller number of people that currently occupy the echo chamber.”
Gumbs said: By now “we know that persistent attackers will penetrate defenses,” he said. “This attack highlights poor application of basic data minimization efforts.”
As is so common, the hacker managed to infiltrate the system by compromising a staffers email. Once he did that, he social engineered his way into the agency's web portal by calling the appropriate department, claiming to be a new employee, and was given the department's token code, which he used to log in to a PC and from there a virtual machine.
Gumbs said “The most surprising aspect of this breach is the response or lack thereof. Much like the OPM breach, there are a lot of people whose personal lives are going to be affected by this.”
Source: SCMagazine
Comments
