The breach at one of the networks of the Defense Information Systems Agency (DISA), which secures communications for President Trump and military intelligence and other government officials, affected as many as 200,000 people, exposing their personal information, including Social Security numbers.
In a Feb. 11 letter to potential victims, DISA offered few details of the breach that occurred between May and July 2019, according to a Reuters report, though a DISA spokesperson cited said they were given “information about actions that can be taken to mitigate possible negative impacts.”
Noting that the agency took “the potential compromise very seriously,” DISA Chief Risk Officer and CIO Roger Greenwell wrote that DISA had “put additional security measures in place to prevent future incidents” and is “adopting new protocols to increase protection of all PII.”
Since DISA hasn’t provided many details on the breach, “we don’t know if the Department of Defense (DoD) knew about the breach and didn’t share details, or if they only just discovered the breach,” said Chris Morales, head of security analytics at Vectra. “The thought that comes to mind immediately here is that if the DoD can be compromised, that anyone can. Every network is complex and human error is common regardless of the level of organization.”
Morales said the “information compromised seems to be non-critical to the function of the DoD (although very personal and private to the people compromised) so it may have been an external databased without the same level of controls as internal secret information.”
Ilia Kolochenko, founder and CEO of ImmuniWeb agreed that on the surface, the incident seems to be “comparatively insignificant.” But he urged an in-depth investigation “to ascertain whether other systems or devices have been impacted.”
Nation-state attackers frequently “commence their attacks by breaching the weakest link accessible from the Internet and then silently propagate to all other interconnected systems in a series of chained attacks,” Kolochenko said. “Worse, access to personal data of the agency staff greatly facilitates a wide spectrum of sophisticated spear-phishing and identity theft attacks capable to bypass virtually any modern layers of defense.”
The disclosure timeline may hold some clues as to the severity of the attack and what’s to come. It “seems to be impermissibly protracted given that the breach reportedly happened almost a year ago,” said Kolochenko. That might very well indicate “attack sophistication, and what has been reported so far may just the tip of the iceberg,” he explained.