Hackers Steal Personal Details of 36, 000 People with US Army Connections

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.ibtimes.co.uk/articles/419150/20121229/american-army-hackers-fort-monmouth-cyber-attack.htm

Hackers have cracked computer systems connected with a former US
military base at Fort Monmouth, New Jersey, stealing the personal
details of more than 36,000 people.

The main victims of the attack are thought to be personnel at C4ISR
(Command, Control, Communications, Computers, Intelligence,
Surveillance, Reconnaissance) and Communications-Electronics Command
(CECOM).

The cyber-attackers also stole the personal information of visitors to
the base. Details such as "a mix of full names, dates and places of
birth, social security numbers, home addresses, and salaries" have
fallen into the hackers' hands, CECOM spokeswoman Andricka Thomas told
the Asbury Park Press.

Both C4SIR and CECOM were moved to Aberdeen Proving Ground in
September 2011, following the closure of Fort Monmouth.

The hackers are yet to be identified by the authorities, and the
Army's Cyber Command is leading an investigation into the attack. The
spokeswoman added that the attack was launched by "unknown" persons
and for "unknown reasons".

Follow us


The breach was discovered on 6 December and the affected databases
were immediately shut down.

"CECOM takes this incident very seriously and we apologise to all
personnel affected. We are taking urgent and decisive action to
prevent this from occurring again. This does not affect anyone's
ability to do their jobs, or impact entitlements," added Thomas.

The commanding officer of CECOM, Major General Robert Ferrell, has
sent letters to all the victims of the attack. He said the hackers had
gleaned information from visitor logs and from the Software
Engineering Centre's personnel files.

The US Army has offered one year's free credit monitoring to all those
affected by the attack.

To report problems or to leave feedback about this article,
e-mail:v.sridharan () ibtimes com
To contact the editor, e-mail: editor () ibtimes co uk
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.