Collaborate Disseminate
Crime doesn’t pay, even if you have the audacity to try to sell your employer its own, free software and personal data on your own colleagues. Continue reading Ex-Inspector General indicted for stealing data on 250k govt colleagues
Federal prosecutors on Friday announced charges against the former acting inspector general of the Department of Homeland Security for allegedly stealing proprietary software from the watchdog and trying to profit from it. Charles K. Edwards, who served as acting DHS inspector general from 2011 to 2013, and his former associate Murali Yamazula Venkata, are accused of aggravated identity theft, wire fraud, and conspiring to steal government property to defraud the United States. The alleged scheme took place from 2014 to 2017, after Edwards had already left DHS’s inspector general (IG) office. But the head-turning indictment accuses Edwards of coordinating with Venkata, who still worked at the IG’s office, to steal the IG’s software. Edwards and Venkata also allegedly took “sensitive government databases” containing the personal identifiably information of DHS and U.S. Postal Service employees. Edwards then allegedly used the stolen code to improve software made by his company, Delta Business Solutions, […]
The post Ex-DHS inspector general indicted for allegedly stealing government software appeared first on CyberScoop.
Continue reading Ex-DHS inspector general indicted for allegedly stealing government software
The federal government should do more to protect its most sensitive information from potentially being deleted or leaked by insiders, according to a new report from the intelligence community inspector general (ICIG). The Office of the Director of National Intelligence (ODNI) must “improve controls to efficiently and effectively manage and mitigate the risk that a trusted privileged user could inappropriately access, modify, destroy, or exfiltrate classified data,” the intelligence community inspector general, Michael Atkinson, writes in the report. The potential for trouble extends even to classified information that is restricted to a trusted few at the ODNI, the report says. The ICIG’s specific recommendations about how to address the issue, of course, are classified. The semiannual report, released Tuesday, details a number of ongoing intelligence community programs and audits meant to boost the cybersecurity of the ODNI and the intelligence community writ large, among them projects on overhauling the security clearance process and efforts […]
The post Improve controls on classified information, inspector general tells U.S. intelligence community appeared first on CyberScoop.
The FBI needs to shore up its internal processes for notifying the victims of cyberattacks, according to a U.S. Justice Department inspector general’s report published Monday. There are issues with the quality and completeness of the data stored in the FBI’s Cyber Guardian system — a tool for disseminating notifications after security breaches — reports Inspector General Michael E. Horowitz. Many FBI agents tasked with responding to cybercrimes improperly handle the work associated with indexing the victims in the bureau’s system, a problem that could make it more difficult for hacked organizations to recover, according to the report. “During this audit, we visited six FBI field offices and discussed the victim notification process with cyber squad Special Agents and supervisory Special Agents,” the report said. “In our discussions, we found that 29 of 31 field agents we interviewed do not use the ‘Victim Notification’ lead type when setting leads for victim notification. Five of […]
The post Inspector general finds deficiencies in how FBI tells companies they’ve been breached appeared first on CyberScoop.
The U.S. Federal Emergency Management Agency exposed personally identifiable data about more than 2 million disaster survivors in violation of a federal privacy law, an inspector general’s investigation has found. The negligence leaves the survivors of hurricanes Irma, Harvey, and Maria, as well as the 2017 California wildfires, at increased risk of experiencing identity theft and fraud schemes, the Department of Homeland Security’s inspector general (IG) said in a report published Friday. In “direct violation” of federal requirements, FEMA released the personal data to a contractor administering a disaster relief program that helps survivors find temporary lodging at hotels, the IG said. The report redacted the name of the contractor. “During our ongoing audit of the Federal Emergency Management Agency’s (FEMA) Transitional Sheltering Assistance program, we determined that FEMA violated the Privacy Act of 1974 and Department of Homeland Security policy,” the inspector general said in its report. Details about possible […]
The post FEMA exposed personal data on 2.3 million disaster survivors, violated privacy law, IG finds appeared first on CyberScoop.
The agency’s Office of Inspector General (OIG) found that “a significant amount of historic personal property has been lost, misplaced, or taken” due to inadequate procedures. Continue reading NASA Lost Lunar Rover Prototype and Other Priceless Artifacts to Sloppy Management, Inspector General Finds
While the Department of Homeland Security has looked to step up its use of drones to patrol the U.S.-Mexico border, lax security policies have left the collected data vulnerable to hackers and insider threats, a new audit finds. IT systems used by the Customs and Border Protection to share drone-gathered data are “at increased risk of compromise by trusted insiders and external sources” because of security shortcomings, a DHS inspector general report states. “Continuous monitoring to facilitate effective security incident handling, reporting, and remediation was lacking, while system maintenance and oversight of contractor personnel were inconsistent,” the report says. The IG investigation comes as DHS has sought more advanced drone technology to surveil border areas. In July 2016, for example, the department asked industry for proposals for small and easily deployable commercial drones. And in missions along the Texas-Mexico border over three years, a Predator B drone helped CBP personnel seize more […]
The post DHS drone data left vulnerable, audit finds appeared first on Cyberscoop.
Continue reading DHS drone data left vulnerable, audit finds
A Treasury Department watchdog says the Internal Revenue Service has made progress in improving its identity management controls for people filing their taxes online, but still has some work to do when it comes to identifying fraudulent profiles and activity. The Treasury Inspector General for Tax Administration (TIGTA), which audits the IRS, released a report Thursday appraising the agency’s implementation and improvement of authentication controls. TIGTA credited the IRS for requiring taxpayers to use two-factor authentication to log on to use the IRS’s online services. The auditor also said the IRS improved its ability to automatically to monitor activity across different systems and detect any anomalies. “Using this tool, the Cyber Fraud Analytics group identified fraudulent activity in which fraudsters improperly used data stolen from sources outside of the IRS to successfully perpetrate a small number of targeted attacks,” TIGTA said. However, the auditor added that those monitoring tools need […]
The post Watchdog: Despite progress, IRS needs to improve electronic fraud detection appeared first on Cyberscoop.
Continue reading Watchdog: Despite progress, IRS needs to improve electronic fraud detection
An internal audit of the Department of Health and Human Services’ cybersecurity posture found that four HHS divisions need to improve their security controls, according to a summary report released Tuesday. The HHS’s Office of Inspector General said that it conducted penetration testing on four of HHS’s 11 operating divisions throughout fiscal year 2016 with the help of contractor Defense Point Security. The summary did not specify which divisions were part of the audit, but said that OIG identified “configuration management and access control vulnerabilities.” The OIG hasn’t released the full report to the public, saying that some of the information is restricted. The OIG says it issued recommendations to HHS to improve security controls, but didn’t specify the recommendations. The summary also said that the HHS operating divisions have corrected or are correcting the vulnerabilities, but that the OIG hasn’t validated those corrections yet. Cybersecurity was identified as a focus area in the OIG’s 2017 report […]
The post Watchdog group calls on HHS to improve cyber defenses appeared first on Cyberscoop.
Continue reading Watchdog group calls on HHS to improve cyber defenses
The Office of Personnel Management continues to struggle with cybersecurity more than two years after the agency first publicly acknowledged they were breached due to poor security practices, according to a newly released Office of the Inspector General report. The report, which focuses on the state of systems during fiscal year 2017, concludes that while OPM has “made improvements in its Security Assessment and Authorization (Authorization) program,” inspectors were nonetheless able to find a “significant deficiency in OPM’s information security management structure.” This translated to a poor overall cybersecurity score, as defined by the National Institute of Standards and Technology, of two out of five for OPM. The score from the OIG is supposed to define the “maturity” level of an organization in relation to the security of information systems. This lackluster rating is due in large part to inaction by the agency regarding prior security recommendations referenced in other audits. “OPM is not […]
The post More than two years after historic breach, OPM continues to struggle with cybersecurity appeared first on Cyberscoop.