U.S. Veterans Affairs Dept. repeatedly targeted by foreign hackers
Posted on 06 June 2013.
Conflicting claims were heard at Tuesday's hearing of the House Veteransí Affairs oversight and investigations subcommittee, leaving open the question on whether the Veterans Affairs Department has been repeatedly breached and information from its networks stolen.


The Washington Post reports that the department's former chief information security officer Jerry Davis, who left the position in February 2013, testified that the Veterans Affairs Department 's computer networks have been targeted for the last three years - and still are - and that there were multiple successful compromises (and some unsuccessful) at the hands of at least eight foreign-sponsored organizations.

Davies said that information such as Social Security numbers and dates of birth have definitely been accessed, and some of it encrypted and exfiltrated from the compromised computers.

Representative Mike Coffman, chairman of the subcommittee, shared that "the entire veteran database in VA, containing personally identifiable information on roughly 20 million veterans, is not encrypted, and evidence suggests that it has repeatedly been compromised since 2010 by foreign actors, including in China and possibly in Russia.Ē

On the other hand, Stephen Warren, who is acting assistant secretary for information and technology at the VAD, said that he was aware of only one compromise, adding that there were additional hack attempts by more than one foreign entity.

According to him, not all of these attacks were by state-sponsored entities - some were organized and executed by cyber crime syndicates looking for information they could sell or use themselves to perform identity and credit card theft.

What is sure is that internal investigators have, sadly, found over 4,000 weaknesses and vulnerabilities within the department's networks that are still waiting to be resolved and patched.

My suggestion? Start with encrypting sensitive data.









Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //