A group backed by a foreign government cyberattacked and breached the security of the U.S. Treasury Department.
Three of the people familiar with the investigation said Russia is currently believed to be behind the attack.
Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.
Hackers broke into the NTIA’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months.
Office 365 has many vulnerabilities.
The most common vulnerability is staff who are lazy in their email and security procedures.
Another possibility is the following.
Microsoft Office 365 manages federated identities through Security Assertion Markup Language (SAML). Office 365 has vulnerabilities that would online hackers to infiltrate accounts, data, e-mail messages and files within the software’s cloud.
SAML is a standard employed by businesses and other entities to transfer authentication and authorize information. It permits a single sign-on across a number of different websites, allowing for greatly improved efficiency. Microsoft’s use of SAML version 2.0 in its Office 365 software is flawed in that it does not authenticate the element known as the NameID.
Written By Brian Wang, Nextbigfuture.com
Brian Wang is a Futurist Thought Leader and a popular Science blogger with 1 million readers per month. His blog Nextbigfuture.com is ranked #1 Science News Blog. It covers many disruptive technology and trends including Space, Robotics, Artificial Intelligence, Medicine, Anti-aging Biotechnology, and Nanotechnology.
Known for identifying cutting edge technologies, he is currently a Co-Founder of a startup and fundraiser for high potential early-stage companies. He is the Head of Research for Allocations for deep technology investments and an Angel Investor at Space Angels.
A frequent speaker at corporations, he has been a TEDx speaker, a Singularity University speaker and guest at numerous interviews for radio and podcasts. He is open to public speaking and advising engagements.
26 thoughts on “US Treasury Department Cyberattacked by Russian Hackers”
If it is top secret you put it in a vault in a room with a lock door and security guard. You store it on paper. and the paper can't leave the room.
Soviet union is still current news my man, once in awhile i still google "soviet union" in "news" for kicks i have yet to try it and see the latest article that was more then a day old. so even after 30 years every few hours people are still talking about it.
Yeah, hammer and sickle mean China now.
As tiny as your site is, it is still doing its part. What is important is not the means, but the outcome.
How these Russians keep leaving such obvious signs of their intrusion that any script kiddy could avoid with ease.
Is it really that "no network" was rejected by experts?
Or is it that all the really important stuff is locked away in a nice Faraday cage with zero cables or signals crossing the air gap, and then they have a networked thing designed to soak up the cyber attacks, and on that vulnerable system they have the social media account and the marketing department and the company Christmas party details and all the other stuff that both needs to communicate with the outside world and wouldn't kill you to get hacked.
At least the soviets had a recognisable flag. Now the Russians are just using one of the 269 indistinguishable tri-colours like everyone else who doesn't have an imagination.
Put up a modern Russian flag and people will be guessing "France? No, Luxembourg? Netherlands??? Paraguay???"
This is something that's occurred to me as well. Cyber attacks seem to be unstoppable no matter how hard we try to prevent them. Any network defense system can be penetrated it seems. It's curious that the "non networked" option isn't being looked at. I wonder if it's already been studied and rejected by the industry experts, and if so what the reasoning was.
Also, what about some type of analog system, i.e. something that is non digital, non programable and thus not hackable. I confess I know very little about IT systems so I'm totally spit balling here.
Also, why do these cyber attacks give me Battlestar Galactica deja vu…..
Disconnect crucial computers from the internet. Having a computer connected to the internet is like leaving your front door open.
We used to design missiles so that you could give them the longitude, latitude, and geoidal separation, and away they could go.
Now we need some you can give an IP address to instead.
Nice try Bot!
That's funny, because I've seen Iranian IP addresses involved in that too.
What's up with the Sovjet flag? This isn't the seventies or the eighties…
Russian hackers, sure , just like Iraq has weapons of mass destruction, Russia invaded Ukraine and China is committing genocide in China. US media has the same level of honesty as the German propaganda ministry towards the end of world war 2. A bunch of lies, half-truths, distortions to build up their narrative.
Treasury Department. Could this have included Secret Service communications? Putin would want to make sure his boy in Washington is protected, no?
Bring back Novell servers! Almost unhackable, unless you get Admin PWs, or physical access to the server room. MS Windows was never designed to be a server platform and is full of holes.
My old Atari 800 has never been hacked either. It's not on the 'net. Just saying….
Oh snap, this is much bigger than previously announced. Solarwinds, a maker of network monitoring software for big IT departments, got popped by a suspected nation state hacker, and had a malicious software class added to their build environment for their major Orion product, which is used extensively in industry. This added a backdoor to Orion, which was then sent via automatic update to users. This appears to be how FireEye got hacked recently, and also how Treasury department office365 credentials got slurped up (though the access gained there seems to have been used just to email snoop at first glance). This is major bad, as Orion is used extensively throughout US industry.
This is a logical follow-on to the NotPetya ransomware incident, where a supply chain attack on the makers of a ukrainian tax software suite sent a backdoored update to logistics companies, ultimately bringing down the shipping giant Maersk for an extended period of time (they got very lucky and recovered by an african miracle, read the CIO's after action book about it).
The Treasury department office365 incident I would still call just a hack, within it's own context as just a SSO credential theft incident, but Solarwinds getting backdoored was very close to being a real cyberattack. If they had popped off a ransomware payload that would have been fatal for a lot of companies. As it stands, this was a long game intelligence op that got exposed. The question is why?
Eh, this is just a hack, not a cyberattack per-se. There wasn't a significant reduction in capability, even if the security was compromised. When the Department of Treasury has a significant direct reduction in function, then I'd call this an attack. This is just a plain hack, and an intelligence hack at that. It'd be the same as the NSA/CIA popping some accounts on the equivalent of office365 on Yandex.
My site is tiny. There is no meaningful focusing or diverting attention from my site on any topic. China and Russia are both hacking the US. And China appears to have a far better commercial spying operation. It does not matter what secrets the Russians get if they do not have the tech companies that can take advantage of them.
In terms of the military spying, we are not in an actual shooting war so it is not like WW2 where that really mattered.
It's always the Russians, what they don't tell you is that (sometimes) the money that orders the hacking comes from "companies" that want to undermine their adversaries.
China covets Siberia.
Oh dude it's funny you say that. So for whatever reason (and I certainly can't explain it), when I see brute force attacks on a server's mail service, it's always like Russia and Bulgaria. But when there's a brute force attempt on SSH, it's ALWAYS China. Seriously, every time. Well, Chinese IPs, which means ****all, but it's weird.
The only reason you are reporting it is to divert attention from the massive Chinese data gathering activities. You wouldn't report it if it was a Chinese hack for sure.
I want to say this is a new phenomenon, but it's not. Every time I see brute force attacks on a web server's mail services, there are ALWAYS Russian IPs involved. Of course, folks use VPNs for that, so it could be teenagers in their parents' basements… but it's probably Russia.
So, my friends and I are doing jello shots right now and reading old Garfield cartoons and I read this and, for whatever reason, I LOST IT and can't stop laughing! xD
And the orange fatty goes golfing.
Comments are closed.