Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Government Privacy

'Dozens of Email Accounts' Were Hacked At US Treasury (reuters.com) 24

An anonymous reader quotes a report from Reuters: Dozens of email accounts at the U.S. Treasury Department were compromised by the powerful hackers responsible for a wide-ranging espionage campaign against U.S. government agencies, the office of U.S. Senator Ron Wyden said on Monday. In a written statement, Wyden's office said that Senate Finance Committee staff were briefed that the hack of the Treasury Department appears to have been a significant one, "the full depth of which isn't known."

Wyden, the most senior Democrat on the committee, said that Microsoft notified the agency that dozens of email accounts had been compromised and that the hackers also penetrated the systems at Treasury's Departmental Offices division, which is home to its top officials. "Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen," the statement said, although it added that the Internal Revenue Service said there was no evidence the tax agency was compromised or that taxpayer data was affected. A Wyden aide said the hackers were able to access the Treasury officials' Microsoft-hosted inboxes after taking control of the cryptographic key used by Treasury's "single sign on" infrastructure -- a service used in many organizations so that employees can access a variety of services with a single username and password. The aide quoted Treasury officials as saying Mnuchin's inbox was not among those affected.
Wyden's statement contrasts Treasury Secretary Steven Mnuchin, who told CNBC earlier in the day that "the good news is there has been no damage, nor have we seen any large amounts of information displaced." He added: "I can assure you, we are completely on top of this."
This discussion has been archived. No new comments can be posted.

'Dozens of Email Accounts' Were Hacked At US Treasury

Comments Filter:
  • A bunch of certificates of indebtedness and promissory notes?

    A list of 'the best people'?

  • Who cares? (Score:4, Insightful)

    by Murdoch5 ( 1563847 ) on Tuesday December 22, 2020 @05:19PM (#60858124) Homepage
    How many times does the point of encryption have to be driven home?
    How many times does the point on running secure system have to be driven home?
    How many times does the point of not running software because it's popular have to be driven home?

    This hack demonstrated that peoples still don't care about security, and frankly there's no excuse because if the emails were encrypted, they'd be fine. Maybe this will be a wake up call, unlikely, as to why system need to be secure from the ground up, not the top down. Maybe this hack will finally demonstrate why SSO is not some magical solution from remembering password, or using password managers. Maybe this hack will finally demonstrate why email is one of the biggest security issues at any organization!
    • This hack demonstrated that peoples still don't read a god damned thing before posting.

      +1, very true indeed, I wish more people like you would read the fucking article, but it is what it is.

    • by gtall ( 79522 )

      It more likely reflects the fact that Congress and the alleged president has not mandated security for Federal Agencies by putting money behind security upgrades and holding agencies accountable for how they spent the security money.

      • Yep, but the sad truth is that any government is going to be seriously lacking in the security department. In Ontario Canada we still have rules on record that state it's more secure to fax a medical document instead of email, because email is insecure.
  • Why does government purchase and deploy products that they cannot prove work to guard what they keep telling us is secret information?

    There is no way to "trust, but verify" because you clearly cannot trust the upstream component providers. And those providers REQUIRE you sign away your rights to hold them responsible.

    • Why does government purchase and deploy products that they cannot prove work

      Software can be made more reliable and more secure, but talking about "proof" is ignorant.

      • Why does government purchase and deploy products that they cannot prove work

        Software can be made more reliable and more secure, but talking about "proof" is ignorant.

        Then never use software to guard "secret information" on non-air-gaped networks where software is used to manage every device at an administrator or root level.

    • I hear yeah here. I admin a few Redhat Servers for the gov't and we are required to install McAffee Antivirus scanning software which consumes the bulk of CPU and disk resources scanning nonstop 24/7. At one time the voluminous log output of a stig'd server created enough raw source material for it to scan that it would bring down servers being caught in a vicious circle. And I have thought that this closed-source software that runs as a privileged user is the most likely attack vector someday.

    • Because the handlers of the congressional members do not want security. They want the government to buy products from the vendors they are paid to funnel contracts to.
    • by gtall ( 79522 )

      Why do we not elect Congress Critters that know the basics of information security when their jobs are mainly information processors? Failing that, they can all go through a month of information security boot camp with a final exam. If they fail, they get to do another month with another exam, and so on, until they pass. No committee assignments until they successfully pass. And they get to do it every two years because technology changes.

  • Most people are not technical, lazy and stupid. Intelligence is rare and competence extremely rares. Much of government is infested with old, non-technical people and those of the pre-internet generations are often utter Luddites.

    • Don't compare all government workers to what you see in Congress members. The average age of a Federal Employee is 47.5, the average employment length is 13.5 years, and over 50% of them a Bachelor's Degree or higher. Profile of Federal Civilian Non-Postal Employees [opm.gov]

      Many of them are scientists working for NASA, NOAA and the EPA, CPAs working for Treasury, doctors working for the CDC, and lawyers working for DoJ. Plus, every agency has dedicated IT professionals. Not exactly the old, ignorant, pre-inter
  • Treasury Secretary Steven Mnuchin added: "I can assure you, we are completely on top of this."

    LOL sure man, we're assured. Steven Mnuchin is a politician and as such, cannot be believed. But besides that, let's see what people think about Steven:

    “Two things have become abundantly clear: (1) obtaining a clear and transparent explanation of all of his roles, positions and dealings, is close to impossible and (2) he is a massive dick.” — Peter McCormack

    • by gtall ( 79522 )

      To paraphrase Douglas Adams, Mnuchin is on top of it like a brick is above the Sargasso Sea.

  • Does that mean they were using personal email accounts, or does Microsoft host the official government accounts?
  • Comment removed based on user account deletion

You know you've landed gear-up when it takes full power to taxi.

Working...