#privacy: U.S Secret Service investigates breach at federal IT contractor

Clegg

The Secret Service is conducting an investigation into a breach at a Virginia-based government technology contractor.

In a report by KrebsOnSecurity the breach resulted in several of the contractor’s systems seen put up for sale in the cybercrime underground. 

In the middle of August, within a Russian-language cybercrime forum a member had offered to sell access to the internal networks of a US government IT contractor that has business with over 20 federal agencies.The seller  was bragging about having access to email correspondence and credentials that is needed to view databases of the client agencies.

Screenshots had been posted to the forum as evidence of the unauthorised access, to which a review of the screenshots revealed several Internet addresses tied to systems at the US Citizenship and Immigration Services (USCIS), the National Institutes of Health (NIH), the US Department of Transportation and a part of the US Department of Homeland Security. 

“Other domains and Internet addresses included in those screenshots pointed to Miracle Systems LLC, an Arlington, Va. based IT contractor that states on its site that it serves 20+ federal agencies as a prime contractor, including the aforementioned agencies,” the report wrote. 

In an  interview with KrebsOnSecurity, Sandesh Sharda, CEO of Miracle Systems confirmed that the auction had contained databases and credentials that were managed by his company. Additionally he confirmed that an agent from the Secret Service was at his firm’s offices looking into the matter. 

However Sharda maintained that the data on the screenshots was years old and was never connected to its government agency clients. 

“The Secret Service came to us and said they’re looking into the issue,” Sharda said. “But it was all old stuff [that was] in our own internal test environment, and it is no longer valid.”

The report had noted that multiple systems from Hold Security had been compromised by Emotet, a malware strain, on three separate occasions between November 2018 and July 2018.

A spokesperson from the NIS said: “As is the case for all agencies of the Federal Government, the NIH is constantly under threat of cyber-attack,” 

“The NIH has a comprehensive security program that is continuously monitoring and responding to security events, and cyber-related incidents are reported to the Department of Homeland Security through the HHS Computer Security Incident Response Center.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.