- Gamers are blaming socialism for making the women in Mortal Kombat ‘ugly’ 4 Years Ago
- Nickelodeon is selling SpongeBob toys based on popular memes 4 Years Ago
- Alex Jones protests outside the White House by shouting the name of his website 4 Years Ago
- ‘I Think You Should Leave with Tim Robinson’ has an absurd conclusion for every scenario Today 10:52 AM
- Twitch star TF Blade banned for racial slur—but he swears he didn’t say it Today 10:43 AM
- Steve King says backlash to white nationalism comment was like what Jesus went through Today 10:23 AM
- Netflix movies are still eligible for Oscars, Academy rules Today 10:21 AM
- Sheriff’s deputy makes homophobic comments on Facebook after gay teen’s suicide Today 10:02 AM
- The Marvel movies you actually need to see before ‘Avengers: Endgame’ Today 9:10 AM
- Twitter launches new tool to combat misinformation about voting Today 8:44 AM
- These Cards Will Get You Drunk is the game with one very obvious purpose Today 8:20 AM
- Conservative guy’s Elizabeth Warren op-ed inspires ‘slap in the face’ meme Today 7:37 AM
- ‘Ask Dr. Ruth’ takes a crowd-pleasing look at her life and groundbreaking career Today 7:30 AM
- Tom Holland and Daisy Ridley’s ‘Chaos Walking’ is so bad it’s ‘unreleasable’ Today 7:01 AM
- The best Westerns on YouTube that you can watch for free Today 7:00 AM
U.S. Department of Homeland Security websites are open doors to hackers, audit finds
The agency tasked with protecting the U.S. government from hackers is vulnerable to hackers.
The Department of Homeland Security—the agency charged with protecting the U.S. government from hackers—can be hacked.
Critical vulnerabilities exist on internal Homeland Security agency websites allowing attackers to gain access to sensitive data from both the U.S. Secret Service (USSS) and U.S. Immigration and Customs Enforcement (ICE) agencies, according to an audit by the department’s Inspector General.
Homeland Security uses private internal websites that allow agents to share information, track cases, and report investigation statistics.
ICE in particular was found to have numerous security problems that opened the agency up to cyberattacks.
ICE’s computer system do not implement a significant portion of Homeland Security’s required security standards, and the agency does not use a vulnerability scanner on its websites, which left the agency unaware of the handful of issues found in a Inspector General’s report published earlier this month.
The Secret Service only recently acquired such a scanner, but, even so, their websites and systems were considerably more secure, according to the audit.
The full list of website vulnerabilities was not made public, but a handful of examples included unprotected files containing sensitive data, SQL injections, cross-frame scripting, and reflected cross-site scripting.
The weaknesses allow attackers to impersonate Homeland Security agents to fool the department’s systems or to impersonate Homeland Security’s systems in order to fool the agents.
“Without remediating the vulnerabilities identified, sensitive cyber mission data may be compromised,” the Inspector General’s report explained.
Given the severity of the vulnerabilities, Homeland Security emphatically agreed with the recommendations of the report. It’ll take nearly three months to fix all the issues, however, with a deadline of Nov. 30, 2015.
The Inspector General’s September 2015 audit was prompted by a January 2015 Senate report that concluded that Homeland Security was “struggling to execute its responsibilities for cybersecurity, and its strategy and programs are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat.”
The OPM attackers weren’t discovered until they were accidentally found out four months later.
Illustration by Max Fleishman
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.