Secret DHS Audit Could Prove Governmentwide Hacker Surveillance Isn't Really Governmentwide

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/cybersecurity/2015/11/secret-dhs-audit-could-prove-governmentwide-network-surveillance-isnt-really-governmentwide/124018/

By Aliya Sternstein
Nextgov.com
November 25, 2015

A secret federal audit substantiates a Senate committee's concerns about 
underuse of a governmentwide cyberthreat surveillance tool, the panel's 
chairman says.

The intrusion-prevention system, named EINSTEIN 3 Accelerated, garnered 
both ridicule and praise following a hack of 21.5 million records on 
national security employees and their relatives. The scanning tool failed 
to block the attack, on an Office of Personnel network, because it can 
only detect malicious activity that people have seen before.

At OPM, the attackers, believed to be well-resourced Chinese cyber 
sleuths, used malware that security researchers and U.S. spies had never 
witnessed.

Still, EINSTEIN came in handy, according to U.S. officials, after the OPM 
malware was identified through other monitoring tools. The Department of 
Homeland Security loaded EINSTEIN with the "indicators" of the attack 
pattern so it could scan for matching footprints on other government 
networks.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/