Attacks/Breaches
1/22/2014
05:05 PM
50%
50%

DHS Warns Contractors About Breach Of Its Web Portal

More than 100 organizations got some bad news from DHS recently when it was revealed that hundreds of documents had been accessed without authorization

The U.S. Department of Homeland Security has sent warning letters to roughly 114 organizations whose data was exposed when hundreds of documents were accessed without authorization.

The move came after the department's Science and Technology Directorate was notified of the breach by a company that manages its external Small Business Innovation Research (SBIR)/Long Range Broad Agency (LRBAA) Web portal. Some 520 documents -- including whitepapers, decision notification letters, and documents regarding contract awards -- were accessed in the incident.

Sixteen of the organizations had bank information in the documents. All of the affected organizations were notified by the Science and Technology Directorate (S&T). According to a copy of the letter posted by security blogger Brian Krebs, the breach is believed to have occurred in the past four months.

"Notably, the letter does not assert that any security protocols, such as password protection or encryption, were circumvented to access the information," says Aaron Titus, chief privacy officer and general counsel at Identity Finder. "It's not even clear that the access was malicious."

"In my experience, breaches like this are often the result of a failure of basic sensitive data management practices," he says. "It's entirely possible that this information was accidentally left on a public server for four months without password or encryption protection."

None of the documents were classified, according to DHS. The agency did not offer any information about how exactly the data was accessed, stating only that the documents were downloaded from the portal by people outside of DHS. The incident remains under investigation.

"Since discovery of this incident, Science and Technology Directorate (S&T) has worked with the operator of this external Web portal to identify and resolve the security vulnerability, and all appropriate measures have been taken," a DHS S&T spokesperson tells Dark Reading. "All of the affected documents have been thoroughly reviewed to determine if there was a loss of sensitive personally identifiable information, proprietary or business-sensitive information, security information, export control sensitive information, and all potentially affected parties were notified before any nefarious activity could take place.

"S&T takes its responsibility to safeguard personal information seriously and is working with appropriate law enforcement partners on the ongoing investigation to determine the cause of the incident and the identities of the perpetrators,. It is important to note that none of S&T's internal systems were accessed or compromised."

Last year, DHS warned employees and former employees that their data may have been compromised after a vulnerability was discovered in software used by a DHS vendor to process personnel security investigations. The software was used to gather and store sensitive personally identifiable information (PII) for background organizations.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marcus Jackson
50%
50%
Marcus Jackson,
User Rank: Apprentice
6/8/2014 | 3:07:16 AM
Surveillance State
I am an avid Infoormation Week reader and I think this article highlights the systemic problems in our government. Homeland Security is an oxymoron for these people. We are are supposed to trust them to keep our Homeland safe and they can't even keep their own data safe. Or is it really more sisnster that that, do they engineer these "breaches" to overwhelm the average US citizen into believing the wolf is at the door to justify the surveillance state that Edward Snowden is trying to warn us about. Here

http://s1375.photobucket.com/user/mj04317/library/DHS

are some more of the documents that came can be attributed to this "breach". It looks like this LRBAA program is nothing more that a black operation/slush fund (probably a joint operation between DHS and CIA) to develop tracking tools to monitor what people access on the internet and build profiles on them. The emails even talk about collaborating with the Russians. No doubt an effort by the Shdow Government to gain more power. People need to wake up and become aware before the day comes that they wake up as slaves. Eternal vigilance is the price of liberty.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0750
Published: 2015-05-22
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786.

CVE-2012-1978
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admi...

CVE-2015-0741
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

CVE-2015-0742
Published: 2015-05-21
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registrati...

CVE-2015-0746
Published: 2015-05-21
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.