[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Hacker Breached NOAA Satellite Data from Contractor's PC
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2014-07-29 9:18:02
Message-ID: alpine.DEB.2.02.1407290917490.28616 () infosecnews ! org
[Download RAW message or body]

http://www.nextgov.com/cybersecurity/2014/07/hacker-breached-noaa-satellite-data-contractors-pc/89771/

By Aliya Sternstein
Nextgov.com
July 28, 2014

National Oceanic and Atmospheric Administration satellite data was stolen 
from a contractor's personal computer last year, but the agency could not 
investigate the incident because the employee refused to turn over the PC, 
according to a new inspector general report.

This is but one of the "significant security deficiencies" that pose a 
threat to NOAA's critical missions, the report states.

Other weaknesses include unauthorized smartphone use on key systems and 
thousands of software vulnerabilities.

The July 15 report made public on Friday concentrates on 
information-technology security problems at NOAA's National Environmental 
Satellite, Data, and Information Service. NOAA is part of the Commerce 
Department.

During the 2013 incident, "an attacker exfiltrated data from a NESDIS 
system to a suspicious external IP address via the remote connection 
established with a personal computer," wrote Allen Crawley, Commerce's 
assistant IG for systems acquisition and IT security, referring to a dodgy 
computer address.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/

[prev in list] [next in list] [prev in thread] [next in thread]