The US Secret Service is looking into a data breach which took place at a government technology contractor in Virginia recently.
The breach took place after access to one of the contractor’s IT systems was put up for sale on the dark web, KrebsOnSecurity reports.
According to the contractor, the access was put on sale to test systems that do not have direct links to its “government partner networks.”
In August of this year, a hacker belonging to a popular Russian-language online crime network offered to sell access to the internal framework of a US government IT contractor with links to over twenty US government bodies, including elements of the military.
The cyber-criminal boasted of how he had email correspondence and credentials at his disposal, which are needed to get into databases of client agencies. The hacker put an opening auction price up of six bitcoins ($60,000, or £48595.50).
A series of screenshots uploaded to an illicit web forum served as evidence of the unauthorised access, and revealed a number of web addresses associated with systems at the US Department of Transportation, the National Institutes of Health (NIH) and US Citizenship and Immigration Services (USCIS), a component of the US Department of Homeland Security which takes care of North America’s naturalisation and immigration processes.
Further domains and web addresses included in the screenshots linked to Miracle Systems LLC, an IT contractor which explains on its site that it supports over twenty federal agencies.
Speaking to KrebsOnSecurity, Miracle Systems CEO, Sandesh Sharda explained how the auction offered credentials and databases managed by his firm, and that a US Secret Services agent had been in his company’s offices as the issue was being investigated.
Sharda insisted that the data revealed in the screenshots were “years old” and mapped only to test internal systems which were never connected to any government agency clients.
“The Secret Service came to us and said they’re looking into the issue. But it was all old stuff [that was] in our own internal test environment, and it is no longer valid,” Sharda said.
Neither the Department of Homeland Security nor the Department of Transportation has responded to KrebsOnSecurity’s requests for comments, while a spokesperson for the NIH explained that the body had looked into the incident to find that no compromise had taken place.
As is the case for all agencies of the Federal Government, the NIH is constantly under threat of cyber-attack. The NIH has a comprehensive security program that is continuously monitoring and responding to security events, and cyber-related incidents are reported to the Department of Homeland Security through the HHS Computer Security Incident Response Center,” NIH spokesperson Julius Patterson said.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.