An interesting story just appeared on CNN, "Hackers target State Dept. computers." Some of the more interesting excerpts from the story:
"Investigators believe hackers stole sensitive U.S. information and passwords and implanted backdoors in unclassified government computers to allow them to return at will, said U.S. officials familiar with the hacking."
The break-ins were reportedly discovered in mid-June. It would be interesting to know how the hackers implanted backdoors into the computers. Perhaps the admin and supervisor passwords were some of those stolen? Were the passwords clear text files? Or, were they poorly constructed so that they allowed a password cracker to gather them? Sounds like at least two-factor authentication would be a good idea for all government computer systems, doesn’t it?
""The department did detect anomalies in network traffic, and we thought it prudent to ensure our system’s integrity," department spokesman Kurtis Cooper said. Asked what information was stolen by the hackers, Cooper said, "Because the investigation is continuing, I don’t think we even know.""
Well, it is refreshing to finally have a representative of an organization that has experienced an incident honestly report that he doesn’t know what was taken or compromised.
"After the State Department break-ins, many employees were instructed to change their passwords. The department also temporarily disabled a technology known as secure sockets layer, used to transmit encrypted information over the Internet."
"Many diplomats were unable to access their online bank accounts using government computers because most financial institutions require the security technology to be turned on. Cooper said the department has since fixed that problem."
I find the disabling of SSL interesting…wonder what type of protection they implemented as a compensating control?
Technorati Tags
information security
IT compliance
government computer security incident
hacker
security breach
awareness and training
regulatory compliance
privacy