FBI and DHS are Hacked
Posted by: Timothy Weaver on 02/09/2016 03:22 PM
[
Comments
]
The Director of National Intelligence, James Clapper, is set to appear before the Senate Select Committee on Intelligence and offer an assessment of worldwide threats. Before he can do that, a hacker has threatened to expose information on 20,000 FBI employees and 9,000 who work for the Department of Homeland Security (DHS).
Gabe Gumbs, vice president of strategy at Identity Finder, said: "The timing could not be worse for Clapper. There needs to be more outreach to the professional security community and a move away from relatively smaller number of people that currently occupy the echo chamber.β
Gumbs said: By now βwe know that persistent attackers will penetrate defenses,β he said. βThis attack highlights poor application of basic data minimization efforts.β
As is so common, the hacker managed to infiltrate the system by compromising a staffers email. Once he did that, he social engineered his way into the agency's web portal by calling the appropriate department, claiming to be a new employee, and was given the department's token code, which he used to log in to a PC and from there a virtual machine.
Gumbs said βThe most surprising aspect of this breach is the response or lack thereof. Much like the OPM breach, there are a lot of people whose personal lives are going to be affected by this.β
Source: SCMagazine
Gabe Gumbs, vice president of strategy at Identity Finder, said: "The timing could not be worse for Clapper. There needs to be more outreach to the professional security community and a move away from relatively smaller number of people that currently occupy the echo chamber.β
Gumbs said: By now βwe know that persistent attackers will penetrate defenses,β he said. βThis attack highlights poor application of basic data minimization efforts.β
As is so common, the hacker managed to infiltrate the system by compromising a staffers email. Once he did that, he social engineered his way into the agency's web portal by calling the appropriate department, claiming to be a new employee, and was given the department's token code, which he used to log in to a PC and from there a virtual machine.
Gumbs said βThe most surprising aspect of this breach is the response or lack thereof. Much like the OPM breach, there are a lot of people whose personal lives are going to be affected by this.β
Source: SCMagazine
Comments
