Security breaches at federal agencies fuel speculation on break-in tactics

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/743404/security-breaches-at-federal-agencies-fuel-speculation-on-break-in-tactics

By Antone Gonsalves
CSO Online
November 18, 2013

The sketchy details in an FBI warning that hacktivists breached computer 
systems of multiple government agencies and stole sensitive information 
have fueled speculation on how the compromises occurred.

In a memo obtained by Reuters, the Federal Bureau of Investigation said 
the breaches linked to the hacktivist collective Anonymous were part of a 
campaign that started nearly a year ago. The attacks have affected the 
U.S. Army, Department of Energy (DOE), Department of Health and Human 
Services (DHHS) and possibly many more agencies.

Stolen data included the personal information of 104,000 employees, 
contractors, family members and others associated with the DOE, Reuters 
reported on Friday. The theft included information on almost 2,000 bank 
accounts.

Because best practices would dictate never storing such information on web 
servers, the breaches likely occurred at internal servers first, probably 
through a spear-phishing campaign that lured government employees to 
malicious websites, said Anup Ghosh, founder and chief executive of 
Invincea, which provides technology for defending against cyberattacks.

[...]



--
Dean Bushmiller teaches a great 5-Day CISM in Albany NY Dec. 2  6.
Call 327-937-9786 for details.