Undetected Attacks

Without any signs, it took months before the government’s leading security contractor, USIS, even began detecting any threat to their computer networks from Chinese hackers, according to government officials and others involved in the FBI investigation. Despite their recent announcement of the security breach, it is unclear exactly how long officials had been aware of the attack before revealing any information to not only the public, but its employees as well. As a result, at least 25,000 employees at the Homeland Security Department fell victim to their private records being released, which cost the company hundreds of millions of dollars in lost government contracts. Not only are investigators trying to determine the perpetrators of an attack of this magnitude, but they are also investigating why computer detection alarms inside the company failed to detect any unusual activity and whether or not the federal agencies that hired the company should have monitored its practices more carefully. Details of the attack were similar to past cyber-attacks executed by hackers traced back to China, in which the hackers were able to penetrate computers at the Office of Personnel Management, a federal agency who had contracted with USIS and is responsible for overseeing most background investigations of government workers. As a result, USIS was forced to lay off all of its 2,500 employees after the company received $320 million for investigative and support services, leaving those affected to wonder what, if anything, could have been done to prevent such an immense breach from happening in the first place. As stated by Alan Paller, head of SANS, a cybersecurity training school, and former co-chair of DHS, “The information gathered in the security clearance process is a treasure chest for cyber hackers. If the contractors and the agencies that hire them can’t safeguard their material, the whole system becomes unreliable. Because of the government’s heavy reliance on contractors, the possibility that national security background investigations may contain vulnerabilities to cyber-espionage, threatens the integrity of the verification system used to review more than 5 million government workers and contract employees. Despite the lack of details known about the specifics of the investigation, government officials predict that the computer system was likely penetrated for months before the government was officially notified in June. Cybersecurity experts say attacks on large corporations can occur up to 18 months before they are even discovered and are usually detected by outside security specialists. Former USIS workers claimed that reports containing sensitive financial and personal data that should have been permanently removed from employees’ laptops, were sometimes stored or even duplicated. A spokesperson for USIS stated that despite the controversy caused by the company’s decision to keep silent about the breach, companies often withhold such information from the public for both security and management reasons. When it comes to keeping you and your information protected, get connected with Taino Consulting Group and find out how we can help. http://www.theblaze.com/stories/2014/11/04/cyberattack-on-top-u-s-govt-security-contractor-went-unnoticed-for-months/