US DoD Department Hacked And Data Compromised

The US Defence Information Systems Agency (DISA) has confirmed it has been hacked and the personal data of 200,000 people has been compromised.

DISA describes itself as a “combat support agency” of the Pentagon. Essentially, what it does is oversee military communications including calls for US President Donald Trump, the BBC reported.

The hack came despite US precautions. In 2015 the Pentagon said it would build a massive database of system vulnerabilities in order to track threats to critical systems and remain one step ahead of hackers. It said its cyber ‘scorecard’ would assess and identify flaws in American military computer networks, weapons systems, and installations.

Pentagon hack

But DISA has confirmed to the BBC that it was a victim of a cyberattack when computer systems controlled by it were hacked.

The data exposed included names and social security numbers, and happened in the summer of 2019.

A spokesperson for the Department of Defence would not tell the BBC whether it knew who was responsible for this attack – but the spokesperson did confirm the department was constantly under threat.

“DoD networks are under attack daily and the department maintains an active posture to thwart those attacks,” the spokesperson reportedly said.

The agency said this month it had begun notifying people who had been affected but that there was “no evidence” their information has been misused.

The agency told the BBC once the breach in its computer system was discovered it investigated and took steps to fix it and prevent further hacks.

US military veteran and cyber threat analyst, Andy Piazza, tweeted a letter he received from DISA about the breach.

The Pentagon warned that future weapon platforms needed to be secured against any form of cyber intrusion.

It has also previously said that the United States military has the right to retaliate with military force against a cyberattack.

Investigation needed

One security expert said that the DISA breach on the surface looks to have been minor, but an investigation was needed to uncover if other systems were impacted.

“The details of the reported breach are pretty obscure,” said Ilia Kolochenko, founder and CEO of web security company ImmuniWeb. “At first glance, just one system hosting employee data had been breached and, if so, it seems to be a comparatively insignificant security incident of minor importance.”

“However, an in-depth investigation should be urgently conducted to ascertain whether other systems or devices have been impacted,” said Kolochenko. “Frequently, nation-state attackers commence their attacks by breaching the weakest link accessible from the Internet and then silently propagate to all other interconnected systems in a series of chained attacks.”

“Worse, access to personal data of the agency staff greatly facilitates a wide spectrum of sophisticated spear-phishing and identity theft attacks capable to bypass virtually any modern layers of defense,” Kolochenko added.

“The present disclosure timeline seems to be impermissibly protracted given that the breach reportedly happened almost a year ago,” said Kolochenko. “This may be an indicator of attack sophistication, and what has been reported so far may just the tip of the iceberg.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

15 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

16 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

17 hours ago

NHS Scotland Confirms Clinical Data Published By Ransomware Gang

NHS Dumfries and Galloway condemns ransomware gang for publishing patients clinical data after cyberattack earlier…

18 hours ago

Fewer People Using Twitter After Musk Takeover – Report

Research data suggests fewer people are using Elon Musk's X, but platform insists 250 million…

21 hours ago

Julian Assange Wins Temporary Reprieve For US Extradition Appeal

US assurances required. Julian Assange handed a slender reprieve in fight against his extradition to…

23 hours ago