Establishing Digital Trust: Don't Sacrifice Security for Convenience
Members of the hacker group Anonymous recently claimed to have breached the U.S. Census Bureau and several Canadian government computers in separate attacks.
The hackers last week announced a breach of Census Bureau data, stating that the attacks had been launched to protest the Trans-Atlantic Trade and Investment Partnership (TTIP) and the Trans-Pacific Partnership (TPP).
The Census Bureau data leaked by the hackers includes employee names, usernames, email addresses and phone numbers, as well as database management usernames matched with hashed passwords, and a separate set of usernames matched with plain text passwords.
In a blog post, Census Bureau director John H. Thompson said the breach was limited to a database belonging to the Federal Audit Clearinghouse and didn't include any personally identifiable information (PII) submitted by people responding to censuses and surveys.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"It appears the database was compromised through a configuration setting that allowed the attacker to gain access to the four files posted to the hacker’s site," Thompson wrote, noting that the system was taken offline within 90 minutes of the Bureau's learning of the breach.
"We continuously scan our systems to look for vulnerabilities," Thompson added. "The Census Bureau follows every possible precaution and uses the latest IT security standards to make sure our systems remain secure. In addition, the Department of Homeland Security also runs scans regularly."
Splunk chief security evangelist Monzy Merza told eSecurity Planet by email that while the Census Bureau breach appears to be far less damaging than the recent OPM breach, the lesson to be learned from both breaches is the same. "Organizations need to understand who is accessing their networks, from where and for how long," he said.
"We do not know all the details of the Census Bureau attack or what the ultimate goal of the breach was, but it is clear that we must ensure that our government has the right budget, tools and personnel to continuously defend our networks from all adversaries," Merza added.
Separately, Anonymous hackers claimed to have breached Canadian government computers in retaliation for the shooting of James Daniel McIntyre by Candian police earlier this month.
To prove their claim, members of the hacker group provided Canada's National Post with what appeared to be Treasury Board of Canada documents marked "Secret," and stated that they will continue to release sensitive data unless the officer who shot McIntyre is arrested.
"We do have other documents and files," an Anonymous spokesperson told the Post. "We are not going to speak to quantity, date of their release, manner of their release, or their topic matter at this time. This will be an ongoing operation with expected surprise as a critical element."
Jeremy Laurin, spokesman for Public Safety Minister Steven Blaney, said the Canadian government is monitoring the situation closely. "Our government takes cyber security seriously and operates on the advice of security experts," he said.