by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : August 30, 2014
Flashback It is not yet known whether the reportedly massive Cyber- Vor theft of Internet users login credentials involved fed- eral websites to any signi cant degree, but the data breach at U.S. Investigations Services, a major provider of back- ground checks for the Department of Homeland Security, might have resulted in the theft of DHS employees personal information. And those are just the latest episodes. Here are some other notable cybersecurity incidents of recent years. 2014: Bungled upgrades and Chinese hackers In January, a bungled software update to the Department of Veterans Affairs eBene ts system exposed the data of at least 5,300 veterans. The incident was brought to VA s attention when numerous veterans called the help desk to report seeing another veteran s information when they logged into the system. About 10,000 veterans logged into eBene ts during the incident. The VA resolved the problem by the following day. Chinese hackers in ltrated the Of ce of Personnel Management s network in March seeking data on tens of thousands of employees who had applied for top-secret security clearance. It is still unknown whether the interna- tional hackers had any af liation with the Chinese govern- ment, but they were detected and shut out of the network. OPM and DHS assigned personnel "to assess and mitigate any risks identi ed." The networks of several smaller agencies --- including the Government Printing Of ce and the Government Accountability Of ce --- experienced a sophisticated cyberattack in March at the hands of foreign hackers who might have been working on behalf of the Chinese govern- ment. Neither GPO nor GAO are known for storing classi- ed data, and both agencies have made it known that no personally identi able information was accessed. 2013: Anonymous, Snowden and DOE personnel data The Federal Reserve s internal website was breached in Feb- ruary 2013 by the hacker group Anonymous, which published data "containing the login information, credentials, Internet protocol addresses and contact information of more than 4,000 U.S. bankers." Despite the extent to which Anonymous accessed their network, Federal Reserve of cials assured the public that no critical functions were affected by the attack. In June 2013, former National Security Agency contrac- tor Edward Snowden leaked classi ed documents to jour- nalists at the Guardian and the Washington Post. Snowden exposed countless pieces of classi ed information, includ- ing details on NSA monitoring programs such as Prism and Boundless Informant. The Energy Department experienced a data breach in July 2013 that compromised the personally identi able information of 104,179 past and current federal employ- ees. According to a memo released by the agency, "64,480 [were] personnel within our direct DOE federal and [man- agement and operating] contractor community, including spouses, dependents and former employees." The names, Social Security numbers and dates of birth of those affected were compromised. Additionally, bank account information for 2,800 employees was also accessed. 2012: NASA's lost laptops, EPA's bad attachment and SQL injection at DHS According to a report issued by NASA, a bag containing a government-issued laptop, NASA access badge and remote access token for NASA s network was stolen in March 2012, resulting in the loss of 2,400 les containing personally identi able information and two les containing "sensi- tive information related to a NASA program." In October, a password-protected laptop with unencrypted les, email addresses and personally identi able information of 10,000 Before CyberVor: A dozen key federal breaches BY JONATHAN LUTTON As 1.2 billion Internet logins are allegedly compromised, FCW revisits the most notable agency cybersecurity breaches of the past four years August 30, 2014 FCW.COM 31
September 15, 2014
August 15, 2014