gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76774 Posts in 13500 Topics by 1651 Members - Latest Member: insider4ever March 28, 2024, 02:42:48 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  US Dept Of Energy Left The Doors Open For Attackers
gfx
gfxgfx
 

Author Topic: US Dept Of Energy Left The Doors Open For Attackers  (Read 650 times)

0 Members and 1 Guest are viewing this topic.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
US Dept Of Energy Left The Doors Open For Attackers
« on: December 18, 2013, 08:24:10 am »
Further details have emerged regarding the cyber espionage attacks against many federal agencies in the US widely reported some months ago.

http://arstechnica.com/security/2013/12/how-hackers-made-minced-meat-of-department-of-energy-networks/

Quote
A Department of Energy network breach earlier this year that allowed hackers to download sensitive personal information for 104,000 people was the result of a decade-old patchwork of systems, some that hadn't installed critical security updates in years, according to a federal watchdog.

July's successful hack on the department's Employee Data Repository database was at least the third one to occur since 2011, DOE Inspector General Gregory H. Friedman wrote in a recently published review of the breach. The hack resulted in the exfiltration of more than 104,000 individuals' personally identifiable information (PII), including their social security numbers, bank account data, dates and places of birth, user names, and answers to security questions. The department expects to incur costs of $3.7 million setting up credit monitoring and in lost productivity. That figure doesn't include the costs of fixing the vulnerable systems.

As usual the solution is mind numbingly simple but it seems beyond the reach of most big organisations in the US and many other countries, don't connect such systems to the public internet, there is no need for any of these systems to be public facing. Having static leased lines that go from A to B would require a lot more effort to intercept and running appropriate software any attempts to "cut" into the lines would be detected, it stands to reason that you would no longer have to complain about cyber attackers if your infrastructure is not accessible to them or anyone else.

What has to happen before folks get a clue  :/

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  US Dept Of Energy Left The Doors Open For Attackers
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.018 seconds with 21 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!