The Homeland Security Department Suffered More Than 800 Successful Hack Attacks

Not just attempts, but 844 successful intrusions over the past two years, quite a scary statistic no?

They are actually having a subcommittee hearing entitled “Hacking the Homeland”.

This includes all kinds of intrusions including web site hacks, viruses, worms and other kinds of intrusion.

DHS and its constituent agencies have suffered more than 800 serious computer security incidents from 2005 through 2006, including compromised agency Web sites, unchecked computer virus and worm infections, and digital intruders that were quietly transmitting stolen data out of government networks. The panel also will examine reports of system compromises that lead to “classified data spills” within DHS.

House Homeland Security Committee Chairman Rep. Bennie Thompson (D-Miss.) said what DHS is doing on its own networks speaks so loud that its message on the importance of securing computer systems and networks is not getting across to anybody else.

They’ve spent a lot of money on security, perhaps in all the wrong places. I guess it’s time they hire people like us to tell them what to do eh?

It’s definitely a case of “Do what I say, not what I do” – a recipe for disaster.

The committee also is expected to quiz department leaders on spending such a small amount of its total information technology budget on security. According to data handed over to the committee, DHS’s chief information security officer’s budget shrank or remained stagnant over the past three years, even in the face of persistent security problems at the agency. In 2005, DHS allocated just $17.5 million for its CISO office, a figure that fell to just $15 million in FY2007.

Like several other agencies this year, DHS earned a grade of “D” on meeting federal cyber-security requirements. But many critics of that grading process say the law that the marks are based upon – the Federal Information Security Management Act (FISMA) – more accurately measures how adroitly agencies can tackle paperwork exercises, not necessarily the strength of each agency’s network and computer defenses.

I’m sure everyone is interested to hear exactly what is going on at Homeland.

This story seems to have been pulled off a number of original sources too, which I find a little odd – I had to hunt a little to find another version.

Source: Tech Target

Posted in: Hacking News

, , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

19 Responses to The Homeland Security Department Suffered More Than 800 Successful Hack Attacks

  1. Ian Kemmish August 7, 2007 at 6:51 am #

    This should not be any real surprise. DHS is intended to make people feel more secure, not to make them physically more secure. The DHS’s single most visible initiative – fingerprinting anyone who arrives in the USA through a major airport – would not have caught a single one of the 9/11 attackers.

  2. morbid August 7, 2007 at 10:14 am #

    I think that’s an homemade problem most gouvernments worldwide suffer from. Making law’s against hacker and “hacker tools”, which results in pentester can’t do their work legally anymore, this results in a decline of gouvernemnt, which leads to the fact, that they don’t work for the gov’s anymore.
    Sounds a bit odd but has happened. I recently spoke to a friend of mine who is pentester and some german gov. agencys where his clients, after publishing the new “anti hacker tool law” he stoped working for them.

  3. Nobody_Holme August 7, 2007 at 12:52 pm #

    Best advice for governments ever, leave a fairly low-security section of network open with “if you hacked this file, we’ll hire you to secure our networks” in it… or some such. also, go fix some laws.

  4. Steve Walcott August 7, 2007 at 3:05 pm #

    It’s kinda scray that the people yould would expect to be most secure as well as protect our data, are the ones with the poorest security in place.

    But the is an old addage that a shoe maker does own the worst pair of shoes.

  5. Rich Hall August 8, 2007 at 2:55 am #

    Not surprising, but frightening nonetheless. The usual government incompetence at work. I work in a building the houses a DHS office. We were working with MCI to terminate some new high circuits in the basement and were chucking to see the feeds for DHS clearly marked “Department of Homeland Security”. Now the basement of this office tower is not exactly public access, but it would not be difficult to wander down there undetected. None of the access was locked. Sure there were cameras, but if I were up to no good I’d probably arrive a little before 6AM when the one security guard usually naps at his post. I don;t know about you, but I certainly feel more secure!

  6. Sandeep Nain August 8, 2007 at 3:41 am #

    Well its not the first time when any government deptt is hacked. it has happened earlier and keep happening in future too even though they allow a huge budget for information security.

    The money spent on security (in papers) usually go to official’s bank accounts… well actually they are spending money on security but not information security but their own financial security.

    I hope they will start worrying about the info security soon enough and take measures to protect themselves from attackers

  7. TheRealDonQuixote August 8, 2007 at 11:42 pm #

    The American DHS is pure window dressing. I mean what do you expect from the same department that STILL hasn’t secured the US ports OR Airports. They sold out the Airport security jobs to private firms at the lowest bid!! It wouldn’t surprise me if they have the Geek Squad working on all their PC’s and servers.

    Sorry, I have my issues with how US security has been handled since 9/11.

  8. Sandeep Nain August 9, 2007 at 4:57 am #

    Yeah i full agree with you TRDQ. US govt’s security measures are just not reliable…
    By any chance.. have you seen the movie “The Pentagon Wars”. its a small comedy by one of the retired US Airforce Officer about the corruption inside.. a must watch…

  9. TheRealDonQuixote August 9, 2007 at 6:33 am #

    Sandeep: I haven’t seen that film yet, but I think I have heard of it. However, I have had an Airport “Rent A Cop” absentmindedly pat me down and miss that I sitll had my cell phone in my pocket!! Minimum wage is no way to pay a true security guard.

  10. Sandeep Nain August 9, 2007 at 6:49 am #

    U r right TRDQ, more sugar you put in it, sweeter its gonna become..

    u hire a reputed security agency u will get beter secuity guards and better efforts… staff members feel that they are being paid more to work better and responsibly

  11. TheRealDonQuixote August 9, 2007 at 7:09 am #

    Or use regular Armed Forces like they do in Holland!!

  12. Nobody_Holme August 9, 2007 at 12:00 pm #

    but that would be a sensible, low cost solution, and we all know how often governments take those…

  13. Sandeep Nain August 9, 2007 at 1:42 pm #

    That will definitely be a low cost solution but the problem with this solution is that it will be corruption free too.

    No tenders, No money making for decision makers…

  14. Daniel August 16, 2007 at 1:41 am #

    @Nobody and Sandeep

    sarcastic auditing of US politicians’ corruption FTW

    @the story

    I officially bang my head on my keyboard on behalf of all americans.

    jnhuim vbghyyuhn bj

    ^the result

  15. Nobody_Holme August 16, 2007 at 1:13 pm #

    not just US politicians. we have them here in the UK too. :(

  16. Sandeep Nain August 17, 2007 at 12:16 am #

    well.. this is not the problem with one country…

    i have never come across any politician in my life who was not corrupt (india/aus/nz/us). are there any tech savvy politicians??? i don’t think so…

  17. Nobody_Holme August 17, 2007 at 1:56 pm #

    There are two I know of… they’ve both lost elections recently…

  18. TheRealDonQuixote August 25, 2007 at 12:48 am #

    At least your UK politicians sound all cool cause of their posh accents.

    Meanwhile, the US commander and chief just compared the war in Iraq to the Vietnam war, like it was a good thing?!?!WTF?!?! While in the same speech, to a group of war vets no less, he mispronounced “nuclear” as “new-cue-ler” multiple times.

    FTW – G W Bush as most retarded politician in the WORLD!! EVER!!

  19. Nobody_Holme August 25, 2007 at 1:48 pm #

    *sigh* politicians in general.
    Bush is a shining example of who i really really think should be culled for the sake of the gene pool, but brown really isn’t that much better…
    And whats worse is we brits are used to the cool accents. :'(