5 Government Breaches That Show We Have a Serious Cyber Security Problem

Written by Paul Cook

Google “Cyber Security” and you’ll likely find plenty of stories about Russia, Donald Trump, and the election. While Cyber Security became a hot topic during the election due to Hillary Clinton’s use of a private email server during her time at the State Department, the US Federal Government has had a major security problem for quite some time, and very few media outlets seem to be talking about it.

Here are 5 examples of why this problem isn’t new:

OPM Hack

In 2015, the US Federal Government had their biggest Cyber Security catastrophe to date. The Office of Personnel Management data breach (OPM) was the result of a “Social Engineering” hack where they were able to gather credentials from a Third-Party provider. This led to the hackers obtaining backdoor access to the OPM Network, via a Malware package. The number of stolen records, which included fingerprints and Social Security numbers from anyone who had a federal background check in recent years, increased from an initial number of 4 million to 21.5 million. While the head of the OPM, Katherine Archuleta, eventually stepped down, she was extremely resistant to it at first citing a desire to finish the great work she had started up to that point.

IRS Hack(s)

Earlier this year, the IRS was hacked and approximately 700,000 social security numbers and other various bits of personal information was stolen. According to CBS News, “Hackers used the “Get Transcript” program, which allows you to check your tax history online. The IRS began the online program two years ago, allowing taxpayers to request their tax history over the Internet, in addition to the post office. But following a nine-month investigation by the Treasury inspector general for tax administration, the IRS says its online service has put hundreds of thousands of more taxpayers at risk of identify theft, reports CBS News correspondent Jan Crawford.” It is also noteworthy that the IRS was also hacked in May of 2015 and in August of the same year, an IRS employee lost a flash drive containing personal information for 12,000 school employees in Katy Texas. The IRS is not new to the “weak Cyber Security” federal show.

DHS/FBI Twitter Dump

In February, a hacker was able to compromise the email of a Department of Justice employee and gained access to gigs and gigs of DOJ data. He tweeted 20,000 FBI and 9,000 DHS employee’s personal information, including job titles, phone numbers and names. The most disturbing part of this story is how he got access to the information. He wouldn’t disclose how he compromised the email credentials, however once he had them he tried logging into a DOJ web portal, but he called the proper Help Desk, who helped him gain access to the network because he claimed he was a “new employee”. The hacker said he had access to over 1TB of DOJ Data, including Military Emails and Credit Card numbers, however he only leaked the employee details.

NASA Hack

Also in 2016, a NASA Drone was breached by Anonsec via a Brute force attack on a SSH Password (Which was left to the default password) that had root access to three separate network storage devices. According to SCMagazine, “About 150 GB of the data included logs from the Global Hawk drone program and information on more than 2,400 NASA staff, including their names and email addresses. The hacking group has contended that it was in NASA’s systems for months.” NASA has denied that their systems were compromised despite the evidence of the contrary.

DNC Email Breach

This summer, shortly before the Democratic National Convention a number of stolen emails, from John Podesta’s account, were leaked to the public which exposed numerous misdeeds by top ranking democratic politicians. While the perpetrators of this hack have been highly debated, most evidence points to hackers affiliated with the Russian government. How they gained access to the emails is embarrassing for the DNC, more specifically, John Podesta’s office. According to the New York Times, “In the run-up to the election, the US Democratic National Committee (DNC) received numerous phishing emails. One of them was also sent to John Podesta, the chairman of Hillary Clinton’s campaign. An aide, Charles Delavan, spotted the message sent to Podesta’s private account. It asked Podesta to change his password. Delavan realised the email was a phishing attack and forwarded it to a computer technician. However, he made a typo, writing: “This is a legitimate email.” He added: “John needs to change his password immediately.” After changing his password, the hackers were able to access over 60,000 emails and gave them to Wikileaks who released them in October.
The problem here is simple; The media and public keep asking “Who” is doing the hacking, instead of asking “Why do government agencies and officials keep getting hacked?” While finding out who commits these sort of crimes is important, we must not ignore the fact that we have a major problem and if we don’t address it soon, we’ll have a lot bigger issues than some stolen emails.