[Infowarrior] - SAIC breached by malware

Richard Forno rforno at infowarrior.org
Fri Jan 2 16:58:40 UTC 2009 

(c/o DanO)

Malware blamed in latest SAIC breach

January 1st, 2009 by admin

http://www.databreaches.net/?p=113


Science Applications International Corporation (”SAIC”), recipient of  
a number of large government contracts, notified the New Hampshire  
Attorney General on December 9th of a security breach involving  
malware. The specific malware was not named, but was described as  
“designed to provide backdoor access.”

The breach was detected on October 28th. In its letter to an  
unspecified number of affected individuals, SAIC wrote:

     This letter is to notify you of a potential compromise of your  
personal information, including your name and social security number,  
date of birth, home address, home phone number and clearance level and  
possibly other personal information necessary to complete government  
security clearance questionnaires (e.g., SF-8SP or SF-86). We  
collected this information from you to provide it to the U.S.  
Government either to enable you to visit a government facility or to  
assist you in obtaining or updating your government clearance.

     Our Security personnel routinely receive information regarding  
malicious software from industry partners. This process led to the  
recent discovery on October 28, 2008 of malicious software designed to  
provide backdoor access on a computer used to process your security  
clearance or visit request. Unfortunately, due to the nature of this  
malicious software, it avoided our standard cyber security precautions  
which include using industry-leading software for virus and spyware  
detection, intrusion detection systems, and firewalls. To help detect  
and prevent similar attacks, we keep pace with industry best practices  
and software, we continue to work with our industry partners and we  
are implementing Trusted Desktop, which removes elevated privileges  
from users.

     We have communicated with Defense Security Information Exchange  
and the Federal Bureau of Investigation regarding this malicious  
software, and we have sought evidence regarding whether the malicious  
software was used to access your personal information. To date there  
is no indication that any of your personal data was accessed. As there  
is a potential that it could have been accessed, we recommend that you  
take precautionary measures, including the actions further detailed in  
Exhibit A attached to this letter,

If their description and explanation sounds familiar, it may be  
because SAIC had another breach almost a year ago where malware (a  
keylogger) also evaded their detection system. In that breach, it was  
mostly corporate account data at risk. The nature of the data in this  
most recent incident is of more concern due to its security  
implications.

As in the previous incident, SAIC did not offer those affected by the  
recent breach any free services for credit monitoring or repair.

More information about the Infowarrior mailing list