BelchSpeak

I can't believe that came from your mouth!

CyberYou're Fired!

Ag Dept. Screws DC Employees

The Department of Agriculture gleefully announced that they think they could have maybe been hacked or something like that. Social Security Numbers and other personally identifiable info was snagged, maybe, by attackers.

From the AP here:

WASHINGTON – A hacker broke into the Agriculture Department’s computer system and may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors, the department said Wednesday.

Agriculture Secretary Mike Johanns said the department will provide free credit monitoring for one year to anyone who might have been affected.

The break-in happened during the first weekend in June, the department said. Technology staff learned of the breach on June 5 and told Johanns the following day but believed personal information was protected by security software, the department said.

However, on further analysis, staff concluded that data on current or former employees might have been accessed and informed Johanns on Wednesday, according to the department.

The department said it notified law enforcement agencies. Its inspector general is investigating the break-in.

This story disturbs me for several reasons. First, this sounds like it was data for security badges. What is this data doing on a network that is accessible on a public network? Also, there is no information in the story that points to anyone at Ag knowing for sure that the data was compromised. This means that not only is the data on a public network, the Ag department is not monitoring this network with any degree of skill that could really tell if the data was hacked or not.

Also, as a bit of backstory, the Ag department is one of the most geographically dispersed federal agencies behind the Postal Service. Wherever there are farms, there are Ag department offices, and each office has their own systems and networks, and none of them are centrally managed to ensure that they are patched. In addition, these remote networks are often allowed back to central or regional hubs via remote control software and mashups of VPN software. The story doesnt offer any glimpses of how the hack was perpetrated, but it is very likely that it happened from a remote network that had elevated access.

What are the odds that Federal Agencies are crying about social security numbers being stolen just so they can get an increase in their federal budget for IT systems? Finally, like all federal agencies, the Agriculture Department has its own Inspector’s General Office. All IG’s carry handguns. I just find it humorous that an Ag worker, essentially a farmer-bureaucrat, has a handgun.

Dr. Jones

Do not talk about fight club. Oops.

Leave a Reply

Your email address will not be published. Required fields are marked *