Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
United States Government Security

US Treasury Department Breached by 'Hackers Backed By Foreign Government' (usnews.com) 64

Reuters reports that "a sophisticated hacking group" backed by "a foreign government" has stolen information from America's Treasury Department, and also from "a U.S. agency responsible for deciding policy around the internet and telecommunications." There is concern within the U.S. intelligence community that the hackers who targeted the Treasury Department and the Commerce Department's National Telecommunications and Information Administration used a similar tool to break into other government agencies, according to three people briefed on the matter.

The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.

This discussion has been archived. No new comments can be posted.

US Treasury Department Breached by 'Hackers Backed By Foreign Government'

Comments Filter:
  • I feel so secure right now.
    • Re:Sigh. (Score:5, Insightful)

      by ShanghaiBill ( 739463 ) on Sunday December 13, 2020 @04:37PM (#60826802)

      We need to change our mentality.

      Instead of "US Treasury Breached by Hackers" the headline should be "Incompetent Bureaucrats Fail to Secure Server".

      The problem is not "bad guys" who should be feared, but "dumb guys" who should be fired.

      • Did you actually RTFA or is this just a knee-jerk assumption that all government agencies must be incompetent? Here is a outtake from the full article:

        The cyber spies are believed to have gotten in by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick - often referred to as a "supply chain attack" - works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.

        Hackers broke into the NTIA's office software, Microsoft's Office 365. Staff emails at the agency were monitored by the hackers for months, sources said.

        The hackers are "highly sophisticated" and have been able to trick the Microsoft platform's authentication controls, according to a person familiar with the incident, who spoke on condition of anonymity because they were not allowed to speak to the press.

        SolarWinds says on its website that its customers include most of America's Fortune 500 companies, the top 10 U.S. telecommunications providers, all five branches of the U.S. military, the State Department, the National Security Agency, and the Office of President of the United States.

        Reading between the lines, it looks like the hack compromised Outlook 365, which is used by many companies outside the aforementioned government agencies. "Monday may be a bad day for lots of security teams," tweeted Dmitri Alperovitch, a cybersecurity expert and founder of the Silverado Policy Accelerator think tank.

        ---

    • Re:Sigh. (Score:4, Interesting)

      by arglebargle_xiv ( 2212710 ) on Sunday December 13, 2020 @08:03PM (#60827380)
      Trump's boss is worried that the president will no longer brief him on classified US information and so he's making sure that he retains access via alternative methods.
  • to the same standards they hold their vendors and contractors(well some) to.
    I loved this!
    may have "used a similar tool to break into other government agencies"

    One thing we all know. No one meaningful will ever be held accountable so this will keep happening again and again.
    Hey we can't divert money to the real needs after all there are unrelated gears to grease.
  • America's security continues on a downward trend. The more that we outsource, the easier it is for Russia, CHina and Iran to nail us.
    • America's security continues on a downward trend. The more that we outsource, the easier it is for Russia, CHina and Iran to nail us.

      You are quite deluded if you think a new executive administration is somehow going to fix things.

      • by Anonymous Coward

        You are quite deluded if you think a new executive administration is somehow going to fix things.

        Are you kidding me? Biden has proven himself very adept at fixing things. You can bet that as soon as he takes office, you won't be hearing anything at all about these gov't blunders any more.

  • Treasury Dept.? Yup. Act of war.
    • by HiThere ( 15173 )

      Now reliably prove who did it. Claims aren't proof.

    • by Tablizer ( 95088 )

      I suspect the biggest benefit to such info is in "renting" spies and espionage acts from those who owe lots of taxes or are in other financial trouble. Those with money problems have proven eager recruits.

  • Trump the buffoon failed to run these agencies properly. Of course things like this can happen. He did nothing to prevent hacking. Fitting if the election got hacked too, it was his own fault. He came to office saying he could easily fix all of Americaâ(TM)s problems. Instead he fixed nothing. Violent crime is up. Remember before his election he CLAIMED he would bring law and order and reduce crime. Instead none of that happened, crime increased. Now all we get is excuses that he is merely the presiden

    • by whoever57 ( 658626 ) on Sunday December 13, 2020 @04:03PM (#60826694) Journal

      Fitting if the election got hacked too, it was his own fault

      Which election hardware is more likely to be effectively hacked: A machine that merely counts paper ballots, or a machine that directly records votes ("DRE")? Remember that Georgia did a full manual recount.

      Since there all the states that use DRE voting systems voted for Trump, it's much more likely that any possible voting machine hack was done to swing votes in Trump's favor.

      • Electronic voting where there is no paper ballot printed and easily verified by the voter should be a criminal offense with extensive prison terms for all involved in orchestrating their use. Hell, even purely paper ballots that are simply machine counted for rough totals with manual sampling to check it is barely acceptable. I’d be for pulling all federal funding from states who try to push that BS in their citizens and see how fast we get paper ballots back.
    • As if the leader of an organization that employs about 2M people excluding contractors has any influence on something like this.
  • Why are so many things on the internet that don't need to be? Why hasn't anyone figured out that sometimes it's better to have to go the actual physical systems? I realize that it's so much more convenient to be able to access things from your phone through an app, but there are some things that are just better off being a pain to access.
    • Why are so many things on the internet that don't need to be? Why hasn't anyone figured out that sometimes it's better to have to go the actual physical systems? I realize that it's so much more convenient to be able to access things from your phone through an app, but there are some things that are just better off being a pain to access.

      Convenience is the opposite of security. Unfortunately, convenience usually wins.

      • Why in the world would they be using anything other that their own servers. This is the fricking government, they are supposed to archive all email communications, not just higher up's. This somehow seems to be some sort of diversion. I really have had a hard time believing anything this year. Our government using any outside control, email, storage, offsite processing just blows me away.

        So, do you think this is an intended miss step? The way 2020 is, it seems like it was intended.

        When I was young, I never

        • When I was young, I never thought I would see 2020. Almost wish it was so.

          When I was young I thought the same about 2000. I still can't believe that was 20 years ago.

          Democracy under attack by our OWN president, and supported by so many.

          Democracy and the Constitution have been under attack for a lot longer than the last four years. "The War on Drugs", "Assault Weapons Ban", The Patriot Act", "The ACA", Iraq, Iran, Afghanistan, just about everything the CIA did prior to 1990, Japanese internment camps, etc.

          Sadly both parties have been shitting all over our rights and the Constitution for decades now.

          I truly hope Biden grows some balls and goes after every person in the senate that is supporting the truly sedition supporting bastard's.

          Yeah, not going to happen. We're just trading on

          • Comment removed based on user account deletion
  • The hack was so problematic that they called a *meeting*? Wow, that *is* serious.

    • If the hack potentially involves every Fortune 500 company and government agency that uses FireEye to update Office 365, don't you think that justifies calling an emergency meeting?
  • There is so much pressure to make authentication "easy" "convenient" that security comes in as an after thought and as a mere expense, cost, without any tangible benefits. How can you estimate the value of a breach averted by enhanced security before it happens? The bean counters take the view, The breach should not happen, its your job as IT security, we pay you salary dont we? Make sure breaches dont happen.

    But when the security managers propose two factor authentication, sandboxed accounts and multipl

  • They will fix everything with their usual competence. /s

  • MS Office 365 (Score:5, Informative)

    by bobby ( 109046 ) on Sunday December 13, 2020 @04:39PM (#60826814)

    Sorry everyone, I broke the rules and glanced at TFA, which tells us it's MS Office 365 that's been hacked into. Whoever it is has had tons of access to emails and documents for many months (that they're admitting to).

    • This is great time to realize what a great idea it was to move everything into the cloud. Cloud: because saving a few cents only costs dollars!

      • by bobby ( 109046 )

        It was my hunch that the cloud aspect of 365 was the weak spot. Do you know if that's where they got in?

        Sorry for the cynicism, but as usual, the articles I've found are scant on technical details. Not sure if they're just trying to minimize exposing weak spots, or what. I'm pretty sure the weaknesses are well known in the black hat community, and maybe they don't want to lose MS advertising $ by giving out more detail about yet another MS vulnerability.

  • by 140Mandak262Jamuna ( 970587 ) on Sunday December 13, 2020 @04:40PM (#60826818) Journal
    Email is like, so last millennium. All the treasury dept. discussions are done through tweets. Their top honcho just said, _"we don't have time for long documents. So boring. If you can't say what you want to say in 280 characters, get lost, there are other people waiting to take your job. If 280 chars are enough for the POTUS it should be enough for you deputy second assistant sub under secretary!".

Avoid strange women and temporary variables.

Working...