Digital attackers have a history of targeting public sector organizations. For its 2018 Data Breach Investigations Report (DBIR), Verizon Enterprise tracked 22,788 security incidents that affected the public sector. Data disclosure occurred in 304 of those events; digital espionage via phishing or the use of a backdoor served as the most common pattern. Those techniques exposed personal information in 103 data breaches followed by secrets (60 incidents), medical details (34 incidents) and credentials (32 incidents). It’s unclear how many of the security incidents discussed above involved federal entities in the United States. But publications from organizations like The Heritage Foundation help fill in the blanks. Using that information, here are five of the most notable security incidents that recently affected federal entities.
The Department of Labor
On 16 August 2017, an official at the Department of Labor told Bloomberg BNA that the Department had taken down an employee web portal for reporting illnesses and injuries after detecting a “potential compromise” of a company’s data. The Department of Homeland Security (DHS informed the Occupational Safety and Health Administration (OSHA) about the issues stemming from OSHA’s Injury Tracking Application on 14 August. A government document reveals that the National Information Technology Center (NITC) analyzed OSHA’s utility and confirmed that there had been no breach of data. Officials responded by restoring the portal on 25 August.
Securities and Exchange Commission
That same month, the U.S. Securities and Exchange Commission announced that digital attackers exploited a software vulnerability affecting its Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system. This compromise, which occurred a year prior, enabled those responsible to access non-public information on businesses including quarterly earnings and merger statements but not sensitive personal data. Those actors then used that stolen information to invest in the stock market.
Deloitte
The Guardian revealed on 25 September 2017 that digital attacks had infiltrated Deloitte, one of the largest accountancy firms in the world. According to The Guardian’s reporting, the auditing and tax consultancy provider discovered the incident in March of that year and subsequently launched an investigation into the hack. This analysis revealed that the attackers had compromised the firm’s global email system as early as October or November 2016 by gaining access to a single administrator’s account protected only by a password. In so doing, those responsible for the attack achieved “access to all areas,” including the email storage locations of the U.S. Departments of State, Energy, Homeland Security and Defense; the U.S. Postal Service, the National Institutes of Health; the Federal National Mortgage Association and the Federal Home Loan Mortgage Corporation.
INSCOM
Later in September, a security researcher came across an Amazon Web Services simple storage service (S3) bucket configured for public access. He found the repository at the AWS subdomain “inscom.” That’s the abbreviation for the United States Army Intelligence and Security Command (INSCOM), an intelligence-gathering command operated by the U.S. Army and the National Security Agency. Included in the repository were 47 viewable files, three of which were downloadable. The largest of those files revealed a virtual hard drive containing information marked “Top Secret” and “NOFORN,” a restriction level which prohibits sharing even with foreign allies.
Defense Integrated Data Center, South Korea
As reported by Reuters, investigators within South Korea’s Defense Integrated Data Center first revealed that hackers from the Democratic People’s Republic of Korea had infiltrated its systems in May 2017. At the time, they did not disclose the information potentially compromised by the hack. That clarification came several months later in October when unidentified officials in the Data Center revealed that the hack had exposed 235 gigabytes of military documents, including plans developed in partnership with the U.S. military to wipe out North Korea’s leadership in the event of war.
Digital Security for Federal Entities
When paired with Verizon’s 2018 DBIR, the incidents discussed above reveal just some of the security risks facing federal entities. Organizations in the federal government need to respond by protecting their systems against digital attacks and by making sure their assets meet evolving federal information security compliance requirements. Learn how Tripwire can help with both.
