Having Trouble Hacking Government Agencies? Just Call Their Help Desks

By Published on February 10, 2016

The hacker that dropped personal data on almost 30,000 employees from the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS), obtained the information by simply calling the agencies’ support desks.

Federal agencies such as DHS and the Department of Justice (DoJ) have implemented two-factor authentication systems to make their portals harder to enter. The authentications include smartcards, digital tokens or other secondary ID formats.

Motherboard published an article where they claim to have spoken directly to the anonymous hacker. The hacker, who had already gathered a legitimate password, said he simply called IT support and simply asked for the second authentication factor.

“So I called up, told them I was new and I didn’t understand how to get past [the portal],” the hacker told Motherboard. “They asked if I had a token code, I said no, they said that’s fine — just use our one.”

Once the hacker was logged in, it only took a few clicks to get access to documents on the local network.

The data was tweeted out by an account with a pro-Palestine message Feb. 8. DHS spokesman S.Y. Lee told Motherboard in an emailed statement that while they take the breach seriously, the leaked information was not sensitive.

“We are looking into the reports of purported disclosure of DHS employee contact information,” Lee said. “We take these reports very seriously, however there is no indication at this time that there is any breach of sensitive or personally identifiable information.”

Leo Taddeo, a former FBI special agent in charge of special operations and cyber division, told Nextgov that protocol would be for the helpline to instruct the employee to acquire the information in person, when his or her identity can be confirmed.

“I’m not sure it was in the protocol for the help desk to provide the token for access without significant further authentication,” Taddeo said.

The Obama administration’s budget proposal for 2017 released Tuesday included a request for $26 million from Congress “to enhance information security  band continuous monitoring, and for a stronger insider threat program.”

 

Follow Jacob on Twitter

Copyright 2016 Daily Caller News Foundation

Print Friendly, PDF & Email

Like the article? Share it with your friends! And use our social media pages to join or start the conversation! Find us on Facebook, Twitter, Instagram, MeWe and Gab.

Inspiration
The Scarcity Mindset
Robert Morris
More from The Stream
Connect with Us