- Disabled people with service dogs say Uber, Lyft drivers are denying them rides 4 Years Ago
- TikTok teen famous for greasy hair ends her 8-year reign 4 Years Ago
- Police handcuff brown man at subway station for carrying a toy gun Today 1:20 PM
- Fake clip of Sanders quoting infamous ‘hot chip’ tweet is duping people online Today 1:16 PM
- The Mars Volta’s Cedric Bixler-Zavala alleges Scientologists behind dog’s death Today 12:46 PM
- Eminem responds to critics: ‘This album was not made for the squeamish’ Today 12:42 PM
- ‘The poet, the poem’ meme takes iconic lines and turns them into art Today 12:40 PM
- People are making dark memes about the coronavirus Today 12:27 PM
- Trump camp’s ‘head on a pike’ impeachment threat hit with memes Today 11:34 AM
- What is the #FreeBritney movement, and why is Cher tweeting about it? Today 10:52 AM
- This YouTuber claims the Saudi government plotted to kidnap him on U.S. soil Today 10:30 AM
- Report: Jack Dorsey declined to host a fundraiser for Tulsi Gabbard Today 10:22 AM
- Bernie Sanders plugs Joe Rogan endorsement—and women are furious Today 10:04 AM
- Young woman using TikTok to document the end of her life says she’s dying next week Today 8:43 AM
- London’s real-time facial recognition program a ‘breathtaking assault’ on civil rights Today 8:23 AM
Report details string of major cybersecurity breaches at federal agency
‘The intruders could have gained full functional control over…[the department’s] systems.’
A report released earlier this month has revealed a significant number serious cybersecurity lapses at a major federal agency. The report, which was prepared by the Office of the Inspector General, found that, within the last few years, the computer systems of the Department of the Interior have been compromised by hackers at least 19 times. Some of these intrusions are believed to be the work of foreign intelligence services.
The report was an overview compiled by the federal government’s internal watchdog agency looking at the myriad of challenges facing the Interior Department, which is responsible for managing resources located on federal public land.
Interior Department Press Secretary Jessica Krenshaw told the Daily Dot in a statement that all of the vulnerabilities mentioned in the report have been corrected. “The department takes the privacy and security of its IT systems and data very seriously,” insisted Krenshaw. “We will continue to be an active participant in the ongoing efforts by the Federal government to improve our nation’s overall cybersecurity posture.”
The report also noted that these previously undisclosed cyberattacks “resulted in the loss of sensitive data and disruption of bureau operations.” Entitled “Inspector General’s Statement Summarizing The Major Management And Performance Challenges Facing The U.S. Department Of The Interior,” it detailed three such attacks.
The first occurred in May of 2013 and was traced back to Chinese IP addresses. The breach, which went on for four weeks before the agency was able to contain it, resulted in attackers uploading malware into the Interior Department’s systems and stealing a unknown quantity of data.
While the mechanics of this attack appear at least superficially similar to those used against the Officer of Personnel Management, which resulted in the exposure of the personal information of more than 21 million current and former federal employees, a department spokesperson told NextGov that they believe the two attacks to be unrelated.
The second attack listed in the report occurred last October. Here, a European-based IP address gained control over Interior Department public Web servers.
The third breach happened around the same time and exploited a vulnerability in the department’s publicly accessible system to gain administrator-level access to its network. Even though the full extent of the damage is unknown, the report noted that an attacker with that level of access could copy or alter sensitive files, add or delete user accounts, upload malware or other hacking tools, and modify the system logs to completely hide their tracks. “In other words,” the report’s authors explained, “the intruders could have gained full functional control over DOI systems.”
The department is responsible for administering nearly three-billion acres of public space, both on land and offshore. This property is responsible for almost one-quarter of the nation’s energy resources. The information contained in the energy production leases on this land is something that’s likely a very attractive target.
Representatives from the Office of the Inspector General did not respond to a request for comment.
The report highlighted how the threat posed by cyberattacks is indicative of a growing need for highly qualified cybersecurity professions working within the federal government. “The demand for skilled IT professionals in the private sector is extremely high, and attracting those individuals to Government service with the current Federal pay structure can be difficult,” the report explained.
These recommendations about the issues faced by the federal government in attracting top IT talent echo the findings of a recent survey conducted by the cybersecurity professional trade group International Association of Privacy Professionals. That survey found, in contrast to those in the private sector, cybersecrutiy talent working within government largely felt under-staffed, under-resourced, and demoralized in terms of their own career advancement.
“In every field, not only in privacy, a job at Apple or Google will typically be more attractive and alluring for a recent graduate than a job at the IRS,” Omer Tene, vice president of education and research at International Association of Privacy Professionals, told the Daily Dot earlier this year. “It’s important for people who head departments—whether it’s IRS or the Department of Justice or the Department of Homeland Security—to understand how important privacy is and that brand and reputation are important things for… government.”
H/T Fierce Government IT | Illustration by Max Fleishman
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.