quickview

How South Carolina Failed To Spot Hack Attack

Mathew J. Schwartz

See more from
Connect directly with : Bio  |  Contact

Attackers stole 3.3 million businesses' bank details and 1.9 million Social Security numbers, cost the state $14 million for cleanup

By Mathew J. Schwartz |  InformationWeek, November 26, 2012

Just one look: That's all it took for an attacker to compromise South Carolina state systems.

Specifically, a state Department of Revenue employee likely "unwittingly executed malware, and became compromised" after clicking on an embedded link in a salacious email, allowing an attacker to harvest the employee's username and password. So said a state-commissioned analysis from security firm Mandiant, released last week.

Two weeks after the initial malware infection, "the attacker logged into the remote access service (Citrix) using legitimate Department of Revenue user credentials," according to the report. "The attacker used the Citrix portal to log into the user's workstation and then leveraged the user's access rights to access other Department of Revenue systems and databases with the user's credentials."

...
Read full story on InformationWeek
Mathew J. Schwartz

See more from
Connect directly with : Bio  |  Contact

Related Reading

News

Commentary

Most Popular

On the Web

More On the Web»

Slideshow




InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.