U.S. Department of Homeland Security hacked

9 February 2016

I was really shocked when I read the LIFARS post ‘Hacker Allegedly Dumps Data of 9,000 DHS Employees’ at 5:30 this morning.

It is very remarkable how easy it was for the attacker to get access to the DHS network:

“So I called up, told them I was new and I didn’t understand how to get past [the portal],” the hacker told the outlet. “They asked if I had a token code, I said no, they said that’s fine—just use our one.”

From this it’s apparent that the help desk hasn’t got enough training in the procedure for verification of a caller’s identity. In addition the passing-on of the token code is a massive violation of the security procedures.

Take care! And train the help desk staff…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s