Pentagon's tech agency reveals potential breach involving personal data

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
The agency that secures the U.S. military’s IT infrastructure across the globe says sensitive personal data, including Social Security numbers, hosted on its network may have been compromised in a breach between May and July 2019.
The Defense Information Systems Agency notified potential victims of the breach in a letter this month, saying it had tightened protocols for protecting personally identification information (PII) because of the incident.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,456
You would think the U.S. military would have a tight ring on its security what's wrong with this issue???
It's several factors. The attackers have become much better and sophisticated and more reports flows in about network infiltration and attacks on telecom operators/carriers etc. Places where deep access exist and very hard to get rid off, if even found. Along with too many successful ransom attacks and also payed demands automatic creates a climate that thrives more of the so called bad actors, not less. Sharks drawn to blood so to speak. That also have and will hit parts of the US military.

Old, obsolete hardware and software is also a part of the equation. One sad story IMO is the SS7 protocol issue and that's global and also affects normal citizens.
Sophisticated hackers have long exploited flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world. Those who exploit SS7 can potentially track phones across the other side of the planet, and intercept text messages and phone calls without hacking the phone itself. This activity was typically only within reach of intelligence agencies or surveillance contractors, but now Motherboard has confirmed that this capability is much more widely available in the hands of financially-driven cybercriminal groups, who are using it to empty bank accounts.
It’s the mobile vulnerability that won’t go away: Security concerns about Signaling System 7 (SS7), a set of four-decade-old telephony signaling protocols, have flared up in recent weeks after a U.S. senator reported that an unnamed mobile carrier had been breached.

Mobile security experts have long recognized vulnerabilities in the SS7 protocol, which can enable cybercriminals to gain access to smartphones’ data, locations, calls and texts.
Many mobile security experts still see avenues of attack, however. Positive Technologies, a security monitoring firm, found that a whopping 100 percent of SS7-based SMS interception attacks that took place on European and Middle Eastern mobile phone networks during 2016 and 2017 were successful.

“Virtually every network allowed eavesdropping on conversations and reading incoming text messages,” the company asserted in a March 2018 press release accompanying the report. “Use of SMS for two-factor authentication means that if a hacker is able to access a subscriber’s text messages, they can go on to compromise accounts for online banks, stores, government services and much more.”
In the end it's out of us mortals scope anyway, but follow the bread-crumbs in MTs news sections/forums if curious. :coffee:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top