- What are all these ‘Game of Thrones’ fans supposed to do now? 4 Years Ago
- The new ‘Cats’ trailer is here to make you want to claw your eyes out Thursday 7:59 PM
- Bella Thorne claims Tana Mongeau ‘broke girl code’ in a series of messy tweets Thursday 7:00 PM
- Redditors keep this data engineer’s plants alive for him Thursday 5:20 PM
- Professor writes article defending ‘Asian romantic preference’—and no one is here for it Thursday 4:57 PM
- Ditch Pornhub and support adult content creators instead Thursday 4:46 PM
- Fans grieve Kyoto Animation Studio fire with #PrayforKyoAni Thursday 4:18 PM
- Netflix’s ‘Secret Obsession’ isn’t just terrible—it’s boring as hell Thursday 3:30 PM
- Instagram expands experiment of hiding likes to 6 more countries Thursday 3:20 PM
- Man asks woman to stop speaking Spanish on a plane—and bystanders start speaking Spanish Thursday 12:55 PM
- Schumer calls on FBI, FTC to investigate FaceApp Thursday 12:41 PM
- Netflix loses subscribers—but hopes some tentpole shows can save it Thursday 12:10 PM
- Man utterly roasted for saying women can’t ask for equality in revealing clothing Thursday 12:07 PM
- Instagram struggles to remove photos of Bianca Devins’ dead body Thursday 11:14 AM
- ‘Storm Area 51’ creator says its gotten so big he’s worried about the FBI Thursday 10:49 AM
U.S. Department of Homeland Security websites are open doors to hackers, audit finds
The agency tasked with protecting the U.S. government from hackers is vulnerable to hackers.
The Department of Homeland Security—the agency charged with protecting the U.S. government from hackers—can be hacked.
Critical vulnerabilities exist on internal Homeland Security agency websites allowing attackers to gain access to sensitive data from both the U.S. Secret Service (USSS) and U.S. Immigration and Customs Enforcement (ICE) agencies, according to an audit by the department’s Inspector General.
Homeland Security uses private internal websites that allow agents to share information, track cases, and report investigation statistics.
ICE in particular was found to have numerous security problems that opened the agency up to cyberattacks.
ICE’s computer system do not implement a significant portion of Homeland Security’s required security standards, and the agency does not use a vulnerability scanner on its websites, which left the agency unaware of the handful of issues found in a Inspector General’s report published earlier this month.
The Secret Service only recently acquired such a scanner, but, even so, their websites and systems were considerably more secure, according to the audit.
The full list of website vulnerabilities was not made public, but a handful of examples included unprotected files containing sensitive data, SQL injections, cross-frame scripting, and reflected cross-site scripting.
The weaknesses allow attackers to impersonate Homeland Security agents to fool the department’s systems or to impersonate Homeland Security’s systems in order to fool the agents.
“Without remediating the vulnerabilities identified, sensitive cyber mission data may be compromised,” the Inspector General’s report explained.
Given the severity of the vulnerabilities, Homeland Security emphatically agreed with the recommendations of the report. It’ll take nearly three months to fix all the issues, however, with a deadline of Nov. 30, 2015.
The Inspector General’s September 2015 audit was prompted by a January 2015 Senate report that concluded that Homeland Security was “struggling to execute its responsibilities for cybersecurity, and its strategy and programs are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat.”
The OPM attackers weren’t discovered until they were accidentally found out four months later.
Illustration by Max Fleishman
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.