home Software Applications How serious is Cybercrime in the US?

How serious is Cybercrime in the US?

May 3, 2015

This post is also available in: עברית (Hebrew)

I know what you did last year on the beach…

Cyber crime in the U.S is getting more sophisticated.

Newly released documents show how hackers infiltrated servers used by US Investigations Services (USIS), a federal contractor which conducts background checks for DHS.

In a House Oversight and Government Reform Committee hearing last week, Representative Elijah Cummings (D-Maryland) said more than 27,000 personnel seeking security clearances likely were affected by the USIS breach. Similar hacks also affected servers at the Office of Personnel Management (OPM), which holds information on security clearance investigations.

Both USIS and OPM were hacked around March 2014, and while the security controls in place at OPM’s networks shielded employee information, the networks at USIS were not as secured.

At USIS, hackers have deployed spyware designed to capture screenshots when a background check window was open, according to Stroz Friedberg, a digital forensics firm. “The attacker installed screen-scrapping malware on systems and specifically configured that malware to grab screenshots only when background investigations-related applications were being displayed on the screen,” Stroz Friedberg Managing Director Bret Padres wrote in a September 2014 letter to USIS’s attorneys.

The use of spyware that executed only under specific conditions implies that hackers did not want to raise alarms, said Richard Barger, chief intelligence officer at ThreatConnect and a former Army intelligence analyst. “Many of those background check systems are very highly audited.”

According to HomeLand Security News wire, once hackers have a list of employees who possess government security clearances, they can exploit other aspects of those employees’ lives for malicious gain. Last fall, a database belonging to Anthem was breached, but the company has said it found no indication that diagnosis or treatment information was compromised. Knowledge of an individual’s security clearance level and medical information can be used by foreign nations to recruit human assets.

Although details of the USIS hack suggest a nation-state involvement, other well-funded, private entities could have had a reason to want the biographies of individuals with security clearances. Experts told i-HLS that “Folks who do classified, cleared work, they are all hurting for people.” Every one of them is trying to get the next cleared cyber genius. They are all competing, and it is very “cutthroat.”