BreachExchange mailing list archives
Hackers forced State Department to replace 30, 000 employee credentials in 2014
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 26 Feb 2015 19:18:46 -0700
http://www.washingtonexaminer.com/hackers-forced-state-department-to-replace-30000-employee-credentials-in-2014/article/2560740 Log-in credentials for an estimated 30,000 State Department employees had to be replaced after unidentified hackers breached the agency's unclassified communications network last November. The incident raised questions on the severity of the breach, which State Department spokesperson Jen Psaki downplayed by pointing to the “thousands of attacks” that pepper the agency’s systems every day. “The reason why there’s been a focus, I think, on this particular incident is because of the extent and how broad it was,” Psaki said at a Feb. 20 media briefing. “And obviously, we took steps to combat that, but it’s something that we work on every day.” A State Department official who declined to be named told the Washington Examiner cybersecurity “best practices” dictated the agency replace 30,000 secure log-in devices known as "fobs" after the network intrusion. The fobs display a randomly-generated code that changes periodically, usually every 30 to 60 seconds. A user first authenticates themselves on the key fob with a personal identification number, followed by the current code displayed on the device. Employees must plug the fob’s random code into the network to gain access. The official said it took several days to change about half of the fobs, while the other half were updated immediately. Replacing the devices could have cost the agency millions of dollars and kept employees from accessing the network remotely for an extended period of time, NextGov reported. The State Department is among multiple federal agencies to face cyberattacks in recent months. The Pentagon, IRS, Department of Energy and the Environmental Protection Agency were some of the federal agencies that suffered digital breaches in 2014, according to the Heritage Foundation. White House and postal service hacks also drew attention to the widespread issue of cybersecurity last fall.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Hackers forced State Department to replace 30, 000 employee credentials in 2014 Audrey McNeil (Mar 05)