Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security United States

US Federal Agencies Hacked Using Legitimate Remote Desktop Tools (techcrunch.com) 19

The U.S. government's cybersecurity agency has warned that criminal financially motivated hackers compromised federal agencies using legitimate remote desktop software. From a report: CISA said in a joint advisory with the National Security Agency on Wednesday that it had identified a "widespread cyber campaign involving the malicious use of legitimate remote monitoring and management (RMM) software" that had targeted multiple federal civilian executive branch agencies -- known as FCEBs -- a list that includes Homeland Security, the Treasury, and the Justice Department.

CISA said it first identified suspected malicious activity on two FCEB systems in October while conducting a retrospective analysis using Einstein, a government-operated intrusion detection system used for protecting federal civilian agency networks. Further analysis led to the conclusion that many other government networks were also affected.

This discussion has been archived. No new comments can be posted.

US Federal Agencies Hacked Using Legitimate Remote Desktop Tools

Comments Filter:
  • The Feds have more foreign agents using our computers than employees. And this is nothing new.

    You can google for the Chinese OPM hack about 10-15 years ago when they stole the database of all federal employees, full PII, so this shit has been going on forever and nothing new at all. That one particularly pisses me off since my data was in there.

    I don't know what CISA is really doing but it isn't keeping our government networks safe.

    • I don't know what CISA is really doing but it isn't keeping our government networks safe.

      They are probably busy infiltrating Chinese and Russian government systems since I suspect it is a lot more fun to try and infiltrate someone else's system than doing all the boring security checks and measures to secure your own.

      • That's the NSA's job along with CIA and a few others. In theory, CISA is a purely defensive organization.
        Someone has to have the full time job of defending our government systems. And actually do it.

  • Technology remains morally neutral, details at 11.

    Color me unsurprised and even less surprised by the preceding brain fart.

    Without reading all the details, I'm pert' shure it was mostly social engineering, but the headline writer wanted to pretend it is about the technology. Might be more interesting to ask if there is any "evil" technology that can't be turned to good purposes?

    On the general topic, today's read is Listening In by Susan Landau. She's arguing for strong encryption without government-approv

  • by jenningsthecat ( 1525947 ) on Thursday January 26, 2023 @03:13PM (#63243011)

    It seems to me that the breathless "oh-my-gosh-LEGITIMATE-software" angle to this story is clickbait. Yes, remote access software represents a potential vulnerability, but it's one that can be mitigated by user education and proper IT policies.

    If there really is a story here, it's the one about federal security and law enforcement agencies having such lax procedures and user education that an employee a) has the capability to expose the system to attack without a confirmatory phone call to IT support first, and b) is either too untutored or too stupid to recognize such a low-rent social engineering ploy.

    • Yeah, and instead the remote access software could be fixed. Training users in security never works. ALL people are stupid _sometimes_. Why is software vulnerable to start with? It costs too much to make it secure? Welcome to the apocalypse.
    • Article wasn't even worth reading. This could of read "idiot leaves front door unlocked and blames door knob for robbery"

  • by gurps_npc ( 621217 ) on Thursday January 26, 2023 @03:30PM (#63243061) Homepage

    Legitimate cars are used in bank robberies.
    Legitimate condoms used in rape.
    Legitimate bank accounts used for ponzi schemes.
    Legitimate kitchen knives used for stabbings.
    Legitimate aircraft used for smuggling.

    Crime is not about the tools but what criminals do with them.

  • US is a mess, even bigger
  • Einstein is Suricata. A bunch of Suricata's feed their flow data into a giant Elasticsearch cluster. 5 months after an event, a search finds a recently reported indicator of compromise ... in old data uploaded months earlier.
  • Oh great, yet another excuse management will use to ban telework.

  • Ngrok ... Anydesk ... ScreenConnect ...
    Guess what guys. If you install or allow - aka don't actively defend against something - you will be hacked by it. Especially if the entire point of the tool is to allow remote access.

  • The weakness in security was as always people - the software involved was irrelevant

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...