1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FBI/DHS hack shows need for role-based security awareness programs

Discussion in 'CSO' started by RSS, Feb 16, 2016.

  1. RSS

    RSS New Member Member

    When a hacker released the contact information of 9,000 DHS employees, it was the result of several awareness failings. The reality is that these are failed awareness programs that are typical of industry as a whole.

    Summarizing the attack, apparently a criminal compromised the user id and password of a random Department of Justice employee, reportedly through a spearphishing attack. The credentials did not however give the attacker the connectivity required, so the attacker called most likely a Department of Justice help desk number. The help desk gave the attacker credentials to some portal and/or VPN connection. From that point, the attacker was apparently able to access the unclassified Depart of Justice network, which led to the compromise of FBI and DHS telephone directories, and 200GB of unspecified data.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page