Security contractor breach not detected for months
Source: AP-EXCITE
By STEPHEN BRAUN
WASHINGTON (AP) A cyberattack similar to previous hacker intrusions from China penetrated computer networks for months at USIS, the government's leading security clearance contractor, before the company noticed, officials and others familiar with an FBI investigation and related official inquiries told The Associated Press.
The breach compromised the private records of at least 25,000 employees at the Homeland Security Department and cost the company hundreds of millions of dollars in lost government contracts.
In addition to trying to identify the perpetrators and evaluate the scale of the stolen material, the government inquiries have prompted concerns about why computer detection alarms inside the company failed to quickly notice the hackers and whether federal agencies that hired the company should have monitored its practices more closely.
Former employees of the firm, U.S. Investigations Services LLC, also have raised questions about why the company and the government failed to ensure that outdated background reports containing personal data weren't regularly purged from the company's computers.
FULL story at link.
In this photo taken Oct. 17, 2014, the USIS building in Falls Church, Va. A cyber-attack similar to previous hacker intrusions from China penetrated computer networks for months at USIS, the government{2019}s leading security clearance contractor, before the company noticed the break-in, officials and others familiar with an FBI investigation and related official inquiries told The Associated Press. The breach compromised the private records of at least 25,000 employees at the Homeland Security Department and cost the company hundreds of millions of dollars in lost government contracts. (AP Photo/J. Scott Applewhite)
Read more: http://apnews.excite.com/article/20141103/us--security_clearance-hacking-3b2a238e46.html
Jackpine Radical
(45,274 posts)& searching for communications among low-level potheads to be wasting any time on China. Besides, fending off sophisticated Chinese hackers is hard. It makes their heads hurt.
Roselma
(540 posts)USIS is a private contractor that conducts security clearance research. It has nothing to do with the operations at NSA other than that some people who work at NSA may have had the research done on their clearances by USIS.
Jackpine Radical
(45,274 posts)jmowreader
(50,562 posts)Journeyman
(15,037 posts)May as well have stored all those records in old peach boxes out back by the dumpster if they weren't going to take minimal care to make it all secure. At least, stacked in old rotting boxes behind the building, the thieves would have at least had to leave their offices to come get the info. Instead, it was kept on an easily accessible server that anyone with a computer could tap into without even having to put on their shoes.
Until we get beyond this idea that "criminal masterminds" are "hacking" into "secure systems" to "steal" our information, and accept instead that none of it is protected in the least, we'll never take the necessary steps required to protect our personal information and financial dealings.
Erich Bloodaxe BSN
(14,733 posts)has any channel between it and the internet. I realize that in many sorts of environments, the very things you want the system to do actually require such, but for any server with a 'secure' task that doesn't require net access, I would require the system simply not to even have any way to access them or any other machine connected to them from anyone not sitting at a terminal onsite.
LiberalArkie
(15,728 posts)A database breach can also put data and be hidden by a massive retrieval of data.