- Mike Pence says a triple crown winning racehorse bit him 4 Years Ago
- Disney CEO Bob Iger leaves Apple board amid streaming wars Today 12:01 PM
- Influencer Destiny Marquez faces backlash for berating Forever 21 employee Today 10:32 AM
- Chelsea Handler tackles system racism in ‘Hello Privilege. It’s Me, Chelsea’ Today 9:18 AM
- Gun control proposal: Trump, lawmakers considering background check-conducting app Today 9:05 AM
- How to stream Browns vs. Jets on Monday Night Football Today 7:00 AM
- What are anons? Today 6:30 AM
- How to stream Eagles vs. Falcons on Sunday Night Football Today 6:00 AM
- How to stream ‘Power’ season 6, episode 4 Today 5:00 AM
- How to stream WWE’s Clash of Champions 2019 Saturday 8:00 PM
- How ‘F*ck off Scotland’ became a Scottish rallying cry amid Brexit madness Saturday 6:28 PM
- A Missouri officer resigned after his Islamophobic Facebook posts surfaced Saturday 5:08 PM
- Adding ‘Triggered’ to stock photos of white men creates Netflix comedy special thumbnails Saturday 3:10 PM
- New restaurant in New York has a seriously unfortunate name: ‘Qanoon’ Saturday 1:38 PM
- These are the 10 best ‘Star Wars’ ships Saturday 12:41 PM
U.S. Department of Homeland Security websites are open doors to hackers, audit finds
The agency tasked with protecting the U.S. government from hackers is vulnerable to hackers.
The Department of Homeland Security—the agency charged with protecting the U.S. government from hackers—can be hacked.
Critical vulnerabilities exist on internal Homeland Security agency websites allowing attackers to gain access to sensitive data from both the U.S. Secret Service (USSS) and U.S. Immigration and Customs Enforcement (ICE) agencies, according to an audit by the department’s Inspector General.
Homeland Security uses private internal websites that allow agents to share information, track cases, and report investigation statistics.
ICE in particular was found to have numerous security problems that opened the agency up to cyberattacks.
ICE’s computer system do not implement a significant portion of Homeland Security’s required security standards, and the agency does not use a vulnerability scanner on its websites, which left the agency unaware of the handful of issues found in a Inspector General’s report published earlier this month.
The Secret Service only recently acquired such a scanner, but, even so, their websites and systems were considerably more secure, according to the audit.
The full list of website vulnerabilities was not made public, but a handful of examples included unprotected files containing sensitive data, SQL injections, cross-frame scripting, and reflected cross-site scripting.
The weaknesses allow attackers to impersonate Homeland Security agents to fool the department’s systems or to impersonate Homeland Security’s systems in order to fool the agents.
“Without remediating the vulnerabilities identified, sensitive cyber mission data may be compromised,” the Inspector General’s report explained.
Given the severity of the vulnerabilities, Homeland Security emphatically agreed with the recommendations of the report. It’ll take nearly three months to fix all the issues, however, with a deadline of Nov. 30, 2015.
The Inspector General’s September 2015 audit was prompted by a January 2015 Senate report that concluded that Homeland Security was “struggling to execute its responsibilities for cybersecurity, and its strategy and programs are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat.”
The OPM attackers weren’t discovered until they were accidentally found out four months later.
Illustration by Max Fleishman
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.