HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Hackers could have breach...

Sun Aug 25, 2019, 12:18 PM

Hackers could have breached U.S. bioterrorism defenses for years, records show.

Source: LA Times

The Department of Homeland Security stored sensitive data from the nationís bioterrorism defense program on an insecure website where it was vulnerable to attacks by hackers for over a decade, according to government documents reviewed by The Times.

The data included the locations of at least some BioWatch air samplers, which are installed at subway stations and other public locations in more than 30 U.S. cities and are designed to detect anthrax or other airborne biological weapons, Homeland Security officials confirmed. It also included the results of tests for possible pathogens, a list of biological agents that could be detected and response plans that would be put in place in the event of an attack.

The information ó housed on a dot-org website run by a private contractor ó has been moved behind a secure federal government firewall, and the website was shut down in May. But Homeland Security officials acknowledge they do not know whether hackers ever gained access to the data.

Internal Homeland Security emails and other documents show the issue set off a bitter clash within the department over whether keeping the information on the dot-org website posed a threat to national security. A former BioWatch security manager filed a whistleblower complaint alleging he was targeted for retaliation after criticizing the programís lax security.

Read more: https://www.latimes.com/science/sciencenow/la-sci-biowatch-20190402-story.html

6 replies, 818 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 6 replies Author Time Post
Reply Hackers could have breached U.S. bioterrorism defenses for years, records show. (Original post)
Zorro Aug 25 OP
50 Shades Of Blue Aug 25 #1
PoindexterOglethorpe Aug 25 #2
defacto7 Aug 25 #5
Owl Aug 25 #3
Igel Aug 25 #4
defacto7 Aug 25 #6

Response to Zorro (Original post)

Sun Aug 25, 2019, 12:58 PM

1. Unfuckingbelievable.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Zorro (Original post)

Sun Aug 25, 2019, 01:23 PM

2. Okay, so I'm not an IT person and know very little about

cyber security. But shouldn't the people in charge of that information AND the people in charge of the website have been just a mite more concerned about such thing?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to PoindexterOglethorpe (Reply #2)

Sun Aug 25, 2019, 02:38 PM

5. Sounds like they're not IT people and know very little about cyber security.

That's not unusual in government these days. I do have cyber security experience and it's not really that difficult. Makes one wonder.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Zorro (Original post)

Sun Aug 25, 2019, 01:36 PM

3. Why does everything have to be on a website?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Owl (Reply #3)

Sun Aug 25, 2019, 02:33 PM

4. Access.

If there are attacks on 5 different cities and everything's ubersecure, then somebody with access will have to find the data, process the data, package the data, and get it out to everybody who should have that data in the 5 cities. Good luck with that--just keeping the database of who should have access would be a nightmare, as people change jobs and are promoted.

Moreover, if there's anything interesting about the data that managers in 50 other cities should know, that agency will have to dispense the information.

Moreover, if the data were secure and secret, then there'd have to be some way of getting the data in a secure way from the monitoring equipment to the server. The monitoring equipment is exposed to the public 24/7/365. The connections are public. It's not an easy and cheap problem to solve.

So put it on a website. 100 cities want the info? Fine, 100 cities get the info, including the 5 who require it (in full) and the 50 that might have a need.

But think about it. You're a hacker, a terrorist, whatever. You can tell if your attack's worked by accessing this information--but, you know, you'd learn that soon enough. You can tell if there's been an attack if you're an enemy country. But the only risk is that the database is hacked in one of two ways: To mask an attack or to signal a false attack. Masking an attack would prevent steps being taken quickly. A false attack would be fairly quietly managed.

The OP doesn't say the website contains detailed plans, knowledge of which would help a terrorist bypass precautions. It at best says where the detectors are set up--and I'm not sure that would be a big problem unless you're transporting anthrax in a leaky container.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Owl (Reply #3)

Sun Aug 25, 2019, 02:47 PM

6. It doesn't. But if one goes that route

they had better know exactly what they're doing and expect and be prepared for the consequences. It's really unnecessary. Access is no excuse in the present environment.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread