[ISN] Feds need to start thinking like hackers

From: InfoSec News <alerts_at_private>
Date: Wed, 1 Feb 2012 02:17:00 -0600 (CST)
http://www.nextgov.com/nextgov/ng_20120130_9449.php

By Aliya Sternstein
Nextgov
01/30/2012

Most government employees do not consider their usernames and passwords 
to be hot commodities, but that attitude began to change with a network 
attack on security contractor HBGary Federal. In early 2011, members of 
the hacker activist group Anonymous leaked an executive's email 
exchanges with FBI, Homeland Security Department and other government 
officials that contained their contact information.

"When you expose somebody's personal email messages, you're not just 
exposing their email but the email of everyone who interacted with 
them," says Mark D. Rasch, a former Justice Department computer crime 
investigator. "This is a question of national security and national 
integrity."

Increasingly, this scenario is playing out at government agencies 
worldwide. Federal protective details pack guns, government buildings 
have security guards, but online, public officials are more exposed. The 
motives for pilfering private data vary: The intruders do it for 
government secrets, social justice, street cred--even rent money. For 
some hacktivists "it's kind of extortion," says Chris K. Ridder, a San 
Francisco-based privacy and Internet law attorney. "They'll issue a list 
of demands, and if those demands aren't met they'll release embarrassing 
information."

Gregg Housh, a computer engineer affiliated with Anonymous, argues the 
HBGary dumping revealed corruption within the company and improper 
contracting practices. As for the innocent federal employees caught in 
the crossfire, "exposing the data is only showing you that your data is 
already out there" insecurely, he says. If Anons can exfiltrate emails, 
so can the professional bad guys who do this for a living, Housh adds.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn
Received on Wed Feb 01 2012 - 00:17:00 PST

This archive was generated by hypermail 2.2.0 : Wed Feb 01 2012 - 00:17:27 PST