Defense Contractor Breach and National Security

The Department of Defense has been trying for ten years now to shore up the security of defense contractors but still has not gotten new regulations passed. Here is one example of why they are needed. Desparately.

The breach against defense contractor Acuity, Inc. happened last month. The data was being sold for only $3,000 (in Monero). Now it is free.

The dark web hacker/broker, IntelBroker, says the data is a “national security documents leak” involving “Five Eyes Intelligence Group” information. The leaked data is now publicly accessible and contains full names, emails, office numbers, cell numbers, classified information and communications between the Five Eyes, 14 Eyes and the US’s allies.

The U.S. government previously denied the breach, but that was likely just a smokescreen.

The report is that the hacker used the GitHub token bug to access Acuity’s access tokens and steal the information. The data stolen also includes Customs and ICE data.

IntelBroker also claims to have hacked the State Department and the NSA. They are also behind the recent Home Depot breach, the leak of 2.5 million private plane owner records from LAX and a lot of other breaches.

If they are being so brazen about their work, I would suggest that they watch over their shoulder for a hit team. It is not clear where they are located, but I would suspect they are in a country that will protect them like Russia or China.

In the meantime, a bunch of folks in Washington are also at risk for social engineering and if the claim about classified data being involved, then the problem could be even bigger.

So, while the defense contractors fight to avoid improving their security, the hackers are stealing sensitive defense information and giving it away for free. Not a good situation any way you look at it. Credit: HackRead

by