[Infowarrior] - DHS HSIN hacked

Richard Forno rforno at infowarrior.org
Sun May 17 18:14:43 UTC 2009 

Information-sharing platform hacked

    * By Ben Bain
    * May 13, 2009

http://fcw.com/articles/2009/05/13/web-dhs-hsin-intrusion-hack.aspx

Homeland Security Information Network suffers intrusions

The Homeland Security Department’s platform for sharing sensitive but  
unclassified data with state and local authorities was hacked  
recently, a DHS official has confirmed.

The intrusion into the Homeland Security Information Network (HSIN)  
was confirmed to Federal Computer Week by Harry McDavid, the chief  
information officer for DHS’ Office of Operations Coordination and  
Planning. McDavid said the U.S. Computer Emergency Readiness Team  
reported an intrusion into the system in late March. The initial hack  
was brief and limited, and it was followed by a more extensive hack in  
early April, McDavid said.

The hacker or hackers gained access to the data by getting into the  
HSIN account of a federal employee or contractor, McDavid said. The  
bulk of the data obtained was federal, but some state information was  
also accessed, he added, and the organizations that owned the data and  
Congress were notified of the intrusion.

The files that were accessed contained administrative data such as  
telephone numbers and e-mail addresses of state and federal employees.  
However, an investigation into the incidents has found that no Social  
Security numbers, driver's license numbers or financial data were  
obtained, McDavid said.

Because HSIN is a sensitive but unclassified network “no information  
can be posted on HSIN that would cause anything more than minor damage  
to the homeland security mission,” he said, adding that none of the  
accessed files dealt with the operations of either federal or state  
agencies that use HSIN.

McDavid said he did not know of other successful hacks into the  
platform. He called the tactics used to gain access to the user  
account “very sophisticated.” However, he said the amount of data  
accessed was relatively minor and that officials have been able to map  
exactly what files were accessed.

“We immediately put in place a package of mitigation actions,” he  
said. “One of those actions was to install two-factor identification  
on certain accounts that would preclude this identical type of  
intrusion from occurring again.”

Ongoing work to upgrade HSIN has allowed DHS to quickly deploy new  
security measures to prevent similar intrusions from occurring,  
McDavid said. DHS awarded a contract worth as much as $62 million in  
May 2008 to upgrade HSIN to the HSIN Next Gen platform. Officials say  
HSIN Next Gen will better meet users’ needs and improve security.

McDavid said DHS’ investigation into the incident found that no latent  
malicious code or applications were left behind. In addition, he said  
that although an authorized account was used to gain access to the  
system, no HSIN users had been found to be at fault and officials are  
working on a report about the hack for Homeland Security Secretary  
Janet Napolitano. The report is expected to be completed this summer,  
he said.

More information about the Infowarrior mailing list