The Week In Hacks

Fascination with the inner workings of the U.S. government is almost never at what anyone would call a fever pitch. There are test patterns that have better ratings than C-Span every week. Unless the United States government is not currently shut down, under armed assault or being portrayed on a show written by Aaron Sorkin — the vast majority of Americans generally seem to prefer to know as little as possible about its day-to-day workings.

In lame-duck years however, where the sitting president is a non-re-electable incumbent, this situation changes drastically and in a weird way.

The average American (and the vast majority of the news media) manage to suddenly become simultaneously much more and much less interested in the day-to-day workings of the federal government.

The federal government – future tense – is incredibly interesting to everyone. Who isn’t at least interested in what the federal government brought to you by Trump might look like? Can you still call it the White House if you plate it in gold and hang a neon Trump sign on top of it? We may soon find out.

However, the federal government – present tense, lame-duck edition – is interesting to almost no one. It’s sort of like a prestige drama that got canceled midway through its run on HBO. No matter how good, bad, groundbreaking or boring that last run of episodes is, it’s hard to really invest in following the story when you know that come the new fall season, you will never be seeing this show again.

But as it turns out, there is at least one group that is fascinated by the government just as it is today. A group so fascinated, in fact, it wants to learn everything it possibly can about the United States federal government in all of its myriad branches in all the detail it can possible capture. A group that wants to steal all that data, box it up, export it and either use it for profit or (more likely) sell it to the highest bidder.

That group is the cybercriminal — and while America’s voters have been shopping for a new leader for the past few months, they’ve been shopping across various databases for whatever data they can grab.

In 2015, the headline hacks of the State Department and the White House allegedly were by a Chinese outfit called Operation Deep Panda.

And it seems 2016 is getting off to a fun and running start, with hackers going after the Department of Justice, the Department of Homeland Security and the IRS.

So what did they manage to grab — and can anything be done to slow it down?

Well …

Round 1: The DoJ And Dept. of Homeland Security

Leading off the week in hacking were the disconcerting twin announcements from the Departments of Justice and Homeland Security that cybercriminals had made it into the system and out the door with information related to thousands of employees.

According to reports from internal officials, the bulk of the data seems to have been drawn from government directories, which *only* include employees’ email addresses, phone numbers and job titles.

More disconcerting than the fact that two departments putatively tasked with controlling and preventing cybercrime getting themselves compromised is possible, is the fact that it seems the issue was discovered because the criminals alerted the world they had stolen the data.

Tech news site Motherboard reported on Sunday that it had been approached by a hacker claiming to have gotten hands on employee information on about 20,000 people at the FBI and 9,000 at the Department of Homeland Security.

The hacker noted he is a pro-Palestinian protester and that the intention was to embarrass federal agencies into improving cybersecurity operations. He released his data yesterday afternoon.

Mission accomplished!

Officials at the Justice Department and the Department of Homeland Security said they were examining the breach, but did note that other than all that employee information, they probably didn’t lose anything valuable.

“There is no indication at this time that there is any breach of personally identifiable information,” said Peter Carr, a spokesman for the Justice Department. Marsha Catron, a Homeland Security spokeswoman, echoed that statement.

Investigators are also trying to figure out if there is a connection between this breach and an attack last fall that released the email addresses of Jeh Johnson, the Homeland Security secretary, and John O. Brennan, the CIA director. That hacker group expressed pro-Palestinian positions, as does this newest hacker.

The new breach does not appear to have resulted from an attack using an outside computer to penetrate the system. Instead, officials said, they believe that the intruder impersonated a government employee and used that information to get into other parts of the system.

Round 2 – The IRS

The attacks over at the DoJ and Homeland Security are thought by many experts to be something like exploratory expeditions; hackers are not trying for any particular piece of information so much as they are continually fishing for more information that they can plug back in to gain further access to the system.

For more directly focused cybercrime merely attuned to stealing people’s identities to make some reasonably quick money, try the IRS this week.

IRS officials have confirmed that they have identified an automated attack on its computer systems, aimed at getting information usable for boosting tax refunds. The attack leverages stolen personal data (stolen from elsewhere) to generate E-File PIN numbers.

Once those PINs are generated, identity thieves create a false filing and snap up a fraudulent refund, often long before the actual person has even attempted to file their own taxes.

So far, the IRS has identified 464,000 attempts to attain fraudulent E-File PINs. Of those, about a quarter (101,000) were successful in obtaining an E-File PIN.

No personal taxpayer data was taken, and the IRS has notified those whose personal information criminals attempted to use.

“While it appears that the IRS was able to successfully block this attempted breach this time around, it’s past time we fundamentally rethink our approach in authenticating taxpayers and processing tax returns,” Senator Orrin Hatch noted of the agency’s need to find stronger, less penetrable systems.

An IRS spokesman said identity thieves would typically need much more data than an E-File PIN to file a fraudulent return. However, he also noted that with a small infusion of some additional information — a stolen W4 form for example — an identity thief could commit fraud that would be extremely difficult for the IRS to spot. The problem is reversible, but the process is lengthy — bad news for anyone waiting on that refund for something important.

The problem with this story is that there is no easy or winning ending. Almost exactly one year ago this week, Obama hosted a Cybersecurity summit at the White House to address this exact issue in an attempt to declare himself as “the new sheriff” in the “Wild West” that is the digital frontier, according to the Associated Press.

“Just as we’re all connected like never before, we have to work together like never before, both to seize opportunities but also meet the challenges of this information age,” Obama said at the summit, according to an NPR report. “It’s one of the great paradoxes of our time that the very technologies that empower us to do great good can also be used to undermine us and inflict great harm.”

A year later, there have been over a thousand hacks of business and, as if to celebrate the anniversary of the security summit, the two U.S. agencies in charge of dealing with cybercrime got hit.

It looks like the next “new sheriff” is going to have his hands full.