from the Department-of-Homeland-Security's-Security-Deportment dept.
Portions of the U.S. government appear to have been hacked once again:
US authorities have acknowledged a data breach affecting the Department of Justice and Department of Homeland Security - but downplayed its severity. A hacker, or hacking group, published via Twitter what they said were records of 9,000 DHS employees.
According to technology news site Motherboard, the hacker has said he will soon share the personal information of 20,000 DoJ employees, including staff at the FBI. The news site said it had verified small portions of the breach, but also noted that some of the details listed appeared to be incorrect or possibly outdated.
In a statement, the DHS told journalists: "We take these reports very seriously, however there is no indication at this time that there is any breach of sensitive or personally identifiable information." The Department of Justice also downplayed the breach's significance.
The hacker is understood to have used simple human engineering to bypass one stage of the authorities' security systems.
Motherboard quoted the hacker, who explained: "So I called up, told them I was new and I didn't understand how to get past [the portal]. They asked if I had a token code, I said no, they said that's fine - just use our one."
The hackers claims to have downloaded 200 gigabytes of data, which have not been released yet.
(Score: 4, Insightful) by opinionated_science on Wednesday February 10 2016, @06:19PM
what is worrying about the lack of security for the govt, is that ultimately we all pay for it...certainly financially, but also with the induced panic that erodes our civil liberties.
(Score: 0) by Anonymous Coward on Wednesday February 10 2016, @08:25PM
what is worrying about the lack of security for the govt, is that ultimately we all pay for it...certainly financially, but also with the induced panic that erodes our civil liberties.
Oh, come on. I *like* AppArmor and SELinux. Hopefully we get more taxpayer-funded spyware injected into our systems, courtesy of RedHat and their ilk.
(Score: 0, Flamebait) by Dunbal on Wednesday February 10 2016, @08:26PM
Don't worry Barry O is going to throw more money at the problem and see if that plugs the holes.
(Score: 5, Interesting) by Adamsjas on Wednesday February 10 2016, @06:23PM
If you call in, and get handed the keys, does it count as a hack?
The word hacker seems to suggest more skill than he probably had.
Calling to ask for a password and staying on the line long enough to get it suggests more balls than skill.
(Score: 0) by Anonymous Coward on Wednesday February 10 2016, @10:09PM
If you call in, and get handed the keys, does it count as a hack?
It's actually Social Engineering but we can't call them "social engineers" because engineers get their panties in a bunch if anyone gets called an engineer without some sort of accreditation and accountability.
I hereby more that we refer to these non-engineer Social Engineers as "Smoother Talkers" or perhaps even "Rico Hacké".
(Score: 2) by Hyperturtle on Wednesday February 10 2016, @10:36PM
The good social engineers can pass, at least in the short term, as a qualified genuine engineer.
The art of spycraft etc... engineer's don't get excited about that term social engineering. They'd get excited if they were socially engineered in an area regarding their specialty, though.
People do not like it when they are called out on being duped; being social engineered is just as it sounds and you don't need to be smart to understand what the gist is.
If they call it hacking it sounds more serious and few(er) people seem foolish in the media.
(Score: 3, Funny) by Alfred on Wednesday February 10 2016, @06:23PM
(Score: 2, Redundant) by bob_super on Wednesday February 10 2016, @06:55PM
I was told that the military's req system is the same for everything. Technically, ordering your own Ford-class nuclear aircraft carrier is just a typo away from a box of toothpaste.
Approval? "that's fine, just use our one"
(Score: 4, Informative) by VLM on Wednesday February 10 2016, @07:22PM
I was told that the military's req system is the same for everything.
Blatantly false. You can never cross supply classes so you can't order toilet paper and get a ships anchor delivered.
https://en.wikipedia.org/wiki/Classes_of_supply [wikipedia.org]
I was a sysadmin at a class V site. "Controlled" or "Sensitive" stuff like we worked with was double checked by officers, so by definition mistakes were never made (LOL). However on a fairly regular basis the mechanics would order the wrong NSN and instead of getting a humvee radiator hose instead they'd get a big box of M1A1 oil filters or some other ridiculous thing. Ah a digit here or there whats the difference as long as its in stock and the same class of product. Especially funny was mislabeled crates and "the manual says it should fit, but ...".
Inside classes, there the serial numbered controlled stuff, the controlled stuff, the serial numbered capital goods, capital goods, and expendables. Nobody cared about expendables as long as you didn't run out of them, that's for sure.
My best guess about legendary stories of getting ship anchors delivered is a major higher level screw up like simply sending the wrong loaded flatbed to the wrong address and the reception clerk privates at both sides pencil whipping the delivery instead of actually inspecting, because, "privates".
(Score: 2) by Dunbal on Wednesday February 10 2016, @08:28PM
OK so in theory I could order a minuteman III missile instead of a grenade? Yeah yeah I know, it's useless without the launcher which is in a different supply class...
(Score: 2) by VLM on Wednesday February 10 2016, @09:23PM
MLRS pods sure, plenty of them. Don't forget your crane to go with the launcher.
I had a long reply I lost, but in summary orders were mostly hand human routed, so you'd have to convince a zillion humans along the way to somehow show up at the wrong door for that product.
Also from memory we could only issue some serial number items by serial number, so someone at HQ had to rat out the serial number we have in stock before we could issue that specific item to someone who asked for it by number. If it cost more than a new car, it was probably serial number accounted. Could issue NSN-whatever and lot number-whatever model-whatever M16A2 ball ammo in bulk all day long, but the "fun" stuff is all serial number accounted. Given the paperwork agony it was to issue a single AT4 rocket, I can only laugh at ideas to track each civilian ammo individually, that would be unimaginable.
Commo with HQ to verify and authenticate was a big deal and all I remember of my cross training in commo was ham radio didn't help with this bizarre NSA one time pad authentication code book. HQ sent us a huge and complicated whitelist (see why they liked computers?) and if you wanted something outside it, it was totally possible but took awhile. This made our "clients" very grouchy and unhappy after an hour or two, heard some legendary stories about arguments. "If you won't issue tank ammo to me, I'm sending in my tanks to take it from you" never heard the full story but since it never made the news it must have turned out OK.
Ammo supply points don't accept returns gracefully. There's no other way to put it.
(Score: 1, Insightful) by Anonymous Coward on Wednesday February 10 2016, @09:35PM
I can only laugh at ideas to track each civilian ammo individually, that would be unimaginable.
Not to mention that if I'm a criminal I will probably steal the ammo, not buy it. Or I'll buy it from a guy who stole it and doesn't exactly keep records. So how does a serial number help here, exactly? It's as if people refuse to think. There simply is no point building a complicated multi-step tracking and surveillance bureaucracy that is immediately subverted at step 1.
(Score: 2) by bob_super on Wednesday February 10 2016, @09:18PM
Learning new stuff is fun, on SoylentNews!
(Score: 2) by VLM on Wednesday February 10 2016, @07:06PM
That was exactly the field I worked in a quarter century ago, although I was more of a sysadmin than a data entry clerk.
Sometimes I wonder how its done now a days and if all you need is a securID to order a delivery of MLRS pods or crates of rockets to someones house. Or just an email account. Or SMS. "hey its me plz put 10 pallets of ur rounds 4 r 155 on r flatbed k thx bye" I mean, what could possibly go wrong when replacing a paper system of whitelisted officer signatures with modern commo tech?
Regular supply was run much looser and right out of the fictional depiction of wheeling and dealing supply sgts. I was mere grunt labor on some transactions that were probably questionable. Not being controlled materials you probably really can pick up pallets of MREs or toilet paper if you just have the guts to bluff thru a phone call.
(Score: 3, Insightful) by bzipitidoo on Wednesday February 10 2016, @09:28PM
25 years ago? Yes, been a long standing criticism of the military that they are wasteful and inept. But one major purpose of many wars _is_ waste, whatever other reasons are given. Kill off the excess population, then the survivors will have enough to eat. In that context, winning is unimportant, a bloody stalemate is perfect. Any successful conquest is just a bonus. Why were barbarians constantly attacking Rome? They weren't idiots, they knew the Romans had vastly superior military might and most of them were going to die. Nor did they have a collective death wish. I don't know, but I suspect that whenever they attacked, their backs were to the wall, and dying on Roman swords seemed better than doing nothing and starving. There was always the possibility that the Romans could lose.
Of course the leaders can't come out and tell the soldiers that they're cannon fodder. So there's also an element of deception through omission built in to military organizations. Soldiers are trained to obey and strongly discouraged from asking questions and thinking. The justification is of course that this is necessary for an army to function, that in life and death situations there isn't time for thinking, only action.
Knowing that demystifies some of the seeming strangeness of military operation. Right way, wrong way, Army way.
(Score: 2) by bob_super on Wednesday February 10 2016, @10:07PM
As long as your SMS specifies which end of the missile/bullets gets to the destination first, that's a good way to unify logistics and tactics.
(Score: 5, Funny) by bob_super on Wednesday February 10 2016, @06:26PM
Pick the worst part
- The gov would have over 200GB of data on barely 29k employees
- The single sign-on allows to download 200GB without raising alarms
- You can call in and get access, but for all the NSA crap they still haven't arrested a guy who made a physical call at a known time
- "publish via twitter" 9k records
- That I'm jealous of hackers who have ISPs letting them download 200GB
(Score: 3, Informative) by SanityCheck on Wednesday February 10 2016, @06:29PM
- That I'm jealous of hackers who have ISPs letting them download 200GB
Hahahaha must have been based outside US :P
(Score: 3, Insightful) by VLM on Wednesday February 10 2016, @06:32PM
How about the worst part being this SN story is six stories apart from a story about some senile old fool in government proposing that banning end-to-end encryption is a good idea?
(Score: 2) by frojack on Wednesday February 10 2016, @07:12PM
Let me help you out
-The 200gigs is not necessarily related JUST to the 29k employees
-200gig is not that much, this laptop has more.
-Call in is just about the only worry-some part here if you ask me.
-Publish URL via twitter has been possible forever
-I download 200g all the time, just not usually in one chunk. Nobody said he downloaded it all at once either. If he was on something like a university campus, no one would notice. Drop in the bucket.
No, you are mistaken. I've always had this sig.
(Score: 2) by maxwell demon on Wednesday February 10 2016, @07:18PM
I didn't know that Twitter was already created at the Big Bang. :-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by frojack on Wednesday February 10 2016, @07:41PM
You aren't seeing the current twitter, simply the several billion year old version of the universal twitter that has finally reached earth.
No, you are mistaken. I've always had this sig.
(Score: 4, Funny) by Dunbal on Wednesday February 10 2016, @08:32PM
And twitter's ever falling stock price is proof of Hubble expansion of the universe.
(Score: 2) by bob_super on Wednesday February 10 2016, @09:22PM
I want my twitter to be 6000 years old, and ultra-wide lenses on cell phones so that T-Rex can take selfies with humans.
(Score: 5, Interesting) by Anonymous Coward on Wednesday February 10 2016, @06:27PM
So, let me get this straight. When one CIA guy's AOL email is compromised via social engineering, it's a travesty and we must push forth Combating Online Infringement and Counterfeits Act (which coincidentally was up for vote at the time).
However when thousands of employee's records are released publicly to all hacktivists and terrorists alike, it's no big deal, stop concerning yourself with it. Nothing to see here, folks!
Basically: Any time the government or their corrupt mainstream news puppets says anything, the opposite is more likely true.
Sadly, people in France are learning this the hard way. [youtube.com] Some older retired media folk in Germany are admitting the true state of affairs. [youtube.com] What will it take for the American people to wake up?
(Score: 2) by DeathMonkey on Wednesday February 10 2016, @07:34PM
So, let me get this straight. When one CIA guy's AOL email is compromised via social engineering, it's a travesty and we must push forth Combating Online Infringement and Counterfeits Act (which coincidentally was up for vote at the time).
The only problem with this theory is that the Combatting Online Infringement and Counterfeits act was killed five years before the AOL hack.
COICA, killed Ron Wyden [wikipedia.org]
CIA hack; specifically NOT using Wired, the first hit, as a reference [theguardian.com]
(Score: 0) by Anonymous Coward on Thursday February 11 2016, @03:51AM
First video is nearly 15 minutes, I'm not waiting for that to play.
Second video is 90 seconds, but googling his name its all over breitbart and dailyheil so I'm not one to trust the translation in the video and have to wonder about the context.
(Score: 0) by Anonymous Coward on Thursday February 11 2016, @10:10PM
One of the stories quotes the attacker as saying "I HAD access to it, I couldn't take all of the 1TB." He only took 200 GB. Currently, anyone who has $55 can get a 1 TB flash drive. Sensible restrictions on the purchase of mass storage devices could prevent hackers from obtaining large amounts of storage. This will keep them from fully stealing the data to which they gain access--they just won't have anywhere to put it. This is like the mass shooting in San Berndardino [wikipedia.org], where 2 shooters were only able to kill 14 people, because in California magazines holding more than 10 bullets are illegal.
It's impossible to stop these sorts of attacks, but we can at least limit the damage done.