Correlate

Level 15
Verified
The agency that secures the U.S. military’s IT infrastructure across the globe says sensitive personal data, including Social Security numbers, hosted on its network may have been compromised in a breach between May and July 2019.
The Defense Information Systems Agency notified potential victims of the breach in a letter this month, saying it had tightened protocols for protecting personally identification information (PII) because of the incident.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
You would think the U.S. military would have a tight ring on its security what's wrong with this issue???
It's several factors. The attackers have become much better and sophisticated and more reports flows in about network infiltration and attacks on telecom operators/carriers etc. Places where deep access exist and very hard to get rid off, if even found. Along with too many successful ransom attacks and also payed demands automatic creates a climate that thrives more of the so called bad actors, not less. Sharks drawn to blood so to speak. That also have and will hit parts of the US military.

Old, obsolete hardware and software is also a part of the equation. One sad story IMO is the SS7 protocol issue and that's global and also affects normal citizens.
Sophisticated hackers have long exploited flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world. Those who exploit SS7 can potentially track phones across the other side of the planet, and intercept text messages and phone calls without hacking the phone itself. This activity was typically only within reach of intelligence agencies or surveillance contractors, but now Motherboard has confirmed that this capability is much more widely available in the hands of financially-driven cybercriminal groups, who are using it to empty bank accounts.
It’s the mobile vulnerability that won’t go away: Security concerns about Signaling System 7 (SS7), a set of four-decade-old telephony signaling protocols, have flared up in recent weeks after a U.S. senator reported that an unnamed mobile carrier had been breached.

Mobile security experts have long recognized vulnerabilities in the SS7 protocol, which can enable cybercriminals to gain access to smartphones’ data, locations, calls and texts.
Many mobile security experts still see avenues of attack, however. Positive Technologies, a security monitoring firm, found that a whopping 100 percent of SS7-based SMS interception attacks that took place on European and Middle Eastern mobile phone networks during 2016 and 2017 were successful.

“Virtually every network allowed eavesdropping on conversations and reading incoming text messages,” the company asserted in a March 2018 press release accompanying the report. “Use of SMS for two-factor authentication means that if a hacker is able to access a subscriber’s text messages, they can go on to compromise accounts for online banks, stores, government services and much more.”
In the end it's out of us mortals scope anyway, but follow the bread-crumbs in MTs news sections/forums if curious. :coffee:
 
Top