20K FBI, 9K DHS Staff Dumped in Social Engineering Hack

By   ISBuzz Team
Writer , Information Security Buzz | Feb 10, 2016 05:30 pm PST

A hacker plans to dump the apparent names, job titles, email addresses and phone numbers of over 20,000 FBI employees, 9,000 Department of Homeland Security (DHS) employees, and 200GB of files according to Motherboard. Pro-Palestinian comments on the hack, along with DHS employee info, were posted on Twitter according to Motherboard. Zoltán Györkő, CEO, Balabit have the following comments on it.

[su_note note_color=”#ffffcc” text_color=”#00000″]Zoltán Györkő, CEO, Balabit :

“The data breach of detailed contact information on 20,000 FBI and approximately 10,000+ DHS staff is another example that the use of insider using social engineering tactics is now much easier for hackers than writing zero-day exploits.

“Access control tools and password management systems are necessary, but these can only protect companies’ sensitive assets while hackers are outside of the network. Once a hacker manages to break into the system with even low-level access, they can easily escalate their rights and gain privileged or root access in the corporate network. Once that happens, the enemy is inside and poses much higher risk as they seem to be one of us.

Hijacked accounts (when a legal username and password is misused) can only be detected through discovery of differences in the user’s behavior, for example login time and location, speed of typing, and used commands. User Behavior Analytics tools that provide baseline profiling about real employees, that are unique like fingerprints, can easily detect the abnormal behavior of your user accounts and alert the security team or block user activities until further notice.”[/su_note]

[su_box title=”About BalaBit” style=”noise” box_color=”#336588″]BalabitBalabit  – headquartered in Luxembourg – is a leading provider of contextual security technologies with the mission of preventing data breaches without constraining business. Balabit operates globally through a network of local offices across the United States and Europe together with partners.

Balabit’s Contextual Security Intelligence™ Suite protects organizations in real-time from threats posed by the misuse of high risk and privileged accounts. Solutions include reliable system and application Log Management with context enriched data ingestion, Privileged User Monitoring and User Behaviour Analytics. Together they can identify unusual user activities and provide deep visibility into potential threats. Working in conjunction with existing control-based strategies Balabit enables a flexible and people-centric approach to improve security without adding additional barriers to business practices.

Founded in 2000 Balabit has a proven track record including 23 Fortune 100 customers amongst over 1,000,000 corporate users worldwide.[/su_box]

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x