Even the Department of Homeland Security isn't Immune from Hackers — Details of 25,000 Workers Exposed

If the U.S. Department of Homeland Security can be impacted by hackers, it can happen to any business. Protect data now, and follow security best practices.


29 August 2014

Even the Department of Homeland Security isn't immune from hackers - details of 25,000 workers exposed - Graham Cluley

Last week it became apparent that the hacks which have hit the likes of high street names such as Target, Supervalu and UPS Stores are just part of a much wider wave of attacks which is thought to have affected more than 1,000 American businesses.

An advisory issued by the U.S. Department of Homeland Security on 22 August, warned that the Backoff malware was exploiting Point of Sale (PoS) systems, in its attempt to pilfer payment card information.

And, irony of ironies, it's not just U.S. retailers who are struggling with hackers. If latest reports are to believed, the Department of Homeland Security has itself suffered a cyber-attack which has exposed the records of some 25,000 staff.

Oops.

According to an Associated Press report, the hack occurred at a federal contractor tasked with handling security clearances.

The contractor, an organisation called USIS (but formerly known as the U.S. Investigations Service), acknowledged that its systems had been compromised earlier in August, but declined to say provide details about how many records had been accessed by the hackers.

Instead it chose to say that the hack had "all the markings of a state-sponsored attack."

Now, I don't know if the hack was the work of an unnamed foreign country, or not. But I do know that it is very hard to tell the difference between an attack conducted by a pizza-loving hacker who happens to work for an overseas intelligence agency, and a hoody-wearing hacker who is in the pocket of an organised criminal gang.

So statements apportioning blame for an attack always make me a little suspicious, especially when they decline to name countries, or to explain why they are so convinced that they know the types of people who might have perpetrated it.

Regardless of who might be responsible for the hack, it clearly has to be taken seriously.

It is therefore understandable given the type of work that USIS does for the Department of Homeland Security, and the type of highly personal data that could be at stake that the FBI has been called in to investigate the breach, and Homeland Security has chosen to suspend working with USIS.

Remember this: If big brand companies and organisations as security conscious as the Department of Homeland Security can be impacted by hackers, it might happen to your business too.

Protect your data now, demand that your suppliers and contractors also follow security best practices, and train your staff to reduce the chances of your data or that of your customers’ being in the hackers' next haul.



Graham Cluley

Graham Cluley

Graham Cluley is an award-winning veteran of the anti-virus industry, fighting cybercrime and raising awareness of computer security and privacy issues since the early 1990s. Find out more on his computer security blog or follow him on Twitter.