Skip to main content

PENTAGON ADMINTS THAT PERSONAL DATA OF OVER 30,000 EMPLOYEES LEAKED THROUGH CONTRACTOR


Pentagon Admints That Personal Data Of Over 30,000 Employees Leaked Through Contractor
The US Department of Defense is dealing with a breach of its travel records that exposed at least 30,000 military and civilian personnel, according to a Pentagon spokesman on the October 12th. The breach resulted in some of their personal information and payment card data being compromised.
“On Oct. 4, the Department of Defense identified a breach of personally identifiable information of DoD personnel that requires congressional notification,” Lt. Col. Joseph Buccino said.
“The department is continuing to gather additional information about the incident, which involves the potential compromise of personally identifiable information of DoD personnel maintained by a single commercial vendor that provided travel management services to the department,” he says. “This vendor was performing a small percentage of the overall travel management services of DOD.”
The vendor will not be identified due to security reasons, according to Buccino. However, the department “has taken steps to have the vendor cease performance under its contracts.”
The disclosure of the breach comes, following a federal report on October 9th. It concluded that military weapons programs are vulnerable to cyberattacks and the Pentagon has been slow to protect the systems. As reported by AP, the US Government Accountability Office in its October 9th report said the Pentagon has worked to ensure its networks are secure, but only recently began to focus more on its weapons systems security. The audit, conducted between September 2017 and October 2018, found that there are “mounting challenges in protecting its weapons systems from increasingly sophisticated cyber threats.”
The bigger-picture problem, however, is a poor approach to password security, according to the report.
“Multiple weapon systems used commercial or open source software, but did not change the default password when the software was installed, which allowed test teams to look up the password on the Internet and gain administrator privileges for that software,” the report says. “Multiple test teams reported using free, publicly available information or software downloaded from the internet to avoid or defeat weapon system security controls.”
This breach also is similar to a number of other breaches that have hit federal government agencies, exposing health data, personal information, and social security numbers in recent years.
One of the larger recent breaches involved a fitness tracking app called Strava, which gave away locations of secret US army bases in November 2017. The fitness tracking company revealed sensitive information about the location and staffing of military bases and spy outposts around the world.
Strava unknowingly released a data visualization map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others. The map was released in November 2017. Several days after it was released, military analysts noticed that the map is also detailed enough that it potentially gives away extremely sensitive information about a subset of Strava users: military personnel on active service.
Nathan Ruser, an analyst with the Institute for United Conflict Analysts said that the heatmap “looks very pretty,” but is bad for security operations. “US Bases are clearly identifiable and mappable.”
“In Syria, known coalition (i.e. US) bases light up the night,” writes analyst Tobias Schneider. “Some light markers over known Russian positions, no notable colouring for Iranian bases … A lot of people are going to have to sit through lectures come Monday morning.”
Even earlier, in 2015 a massive hack of the federal office of Personnel Management compromised personal information of more than 21 million current, former and prospective federal employees, including those in the Pentagon. The incident was blamed on China, however there was no evidence. Also that year, hackers breached into the email system used by the Joint Chiefs of Staff, affecting several thousand military and civilian workers.
The Department of Defense has repeatedly and consistently claimed that its networks and systems come under attack thousands of times every single day.

Comments

Popular posts from this blog

Why States Still Use Barrel Bombs

Smoke ascends after a Syrian military helicopter allegedly dropped a barrel bomb over the city of Daraya on Jan. 31.(FADI DIRANI/AFP/Getty Images) Summary Barrel bombs are not especially effective weapons. They are often poorly constructed; they fail to detonate more often than other devices constructed for a similar purpose; and their lack of precision means they can have a disproportionate effect on civilian populations. However, combatants continue to use barrel bombs in conflicts, including in recent and ongoing conflicts in Africa and the Middle East, and they are ideally suited to the requirements of resource-poor states. Analysis Barrel bombs are improvised devices that contain explosive filling and shrapnel packed into a container, often in a cylindrical shape such as a barrel. The devices continue to be dropped on towns all over Syria . Indeed, there have been several documented cases of their use in Iraq over the past months, and residents of the city of Mosul, which was re...

Russia Looks East for New Oil Markets

Click to Enlarge In the final years of the Soviet Union, Soviet leader Mikhail Gorbachev began orienting his foreign policy toward Asia in response to a rising Japan. Putin has also piloted a much-touted pivot to Asia, coinciding with renewed U.S. interest in the area. A good expression of intent was Russia's hosting of the Asia-Pacific Economic Cooperation summit in 2012 in Vladivostok, near Russia's borders with China and North Korea. Although its efforts in Asia have been limited by more direct interests in Russia's periphery and in Europe, Moscow recently has been able to look more to the east. Part of this renewed interest involves finding new export markets for Russian hydrocarbons. Russia's economy relies on energy exports, particularly crude oil and natural gas exported via pipeline to the West. However, Western Europe is diversifying its energy sources as new supplies come online out of a desire to reduce its dependence on Russian energy supplies . This has ...

LONDON POLICE INDIRECTLY ENCOURAGE CRIMINALS TO ATTACK RUSSIAN DIPLOMATIC PROPERTY

ILLUSTRATIVE IMAGE A few days ago an unknown perpetrator trespassed on the territory of the Russian Trade Delegation in London, causing damage to the property and the vehicles belonging to the trade delegation , Russian Foreign Ministry Spokeswoman Maria Zakharova said during the September 12 press briefing. The diplomat revealed the response by the London police was discouraging. Police told that the case does not have any prospects and is likely to be closed. This was made despite the fact that the British law enforcement was provided with video surveillance tapes and detailed information shedding light on the incident. By this byehavior, British law inforcements indirectly encourage criminals to continue attacks on Russian diplomatic property in the UK. Zakharova’s statement on “Trespassing on the Russian Trade Mission premises in London” ( source ): During our briefings, we have repeatedly discussed compliance with the Vienna Convention on Diplomatic Relations, sp...