The Pentagon is investigating a cyber incident after the records of 30,000 U.S military and civilian workers were compromised by threat actors in a breach of the US Department of Defense (DoD) systems.
According to Pentagon statements to the Associated Press (AP) an internal cyber-security team discovered the breach on October 4.
They found that the personal information and credit card details stored in travel records of DoD workers had been stolen.
Speaking to AP, Pentagon spokesman Lt. Col. Joseph Buccino commented: “The department is continuing to assess the risk of harm and will ensure notifications are made to affected personnel.”
The weak link within their systems appears to have involved a third party vendor, although due to the on-going investigation and security concerns the Pentagon has declined to name the vendor. They commented through Lt. Col. Buccino that it: “Has taken steps to have the vendor cease performance under its contracts.”
DoD Cyber-Security Concerns
It’s a bad month for DoD cybersecurity teams, with it earlier reported by the US Government Accountability Office that advanced weapon systems were been developed by the DoD that contained major cybersecurity vulnerabilities.
The report found that: “In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing.”
Another test team discovered that it could emulated a denial of service attack by rebooting the systems, which resulted in the system not being able to carry out its stated mission for a period of time.
When viewing the incident: “41 Operators reported that they did not suspect a cyber attack because unexplained crashes were normal for the system.”
The Pentagon breach follows reports that the UK’s Ministry of Defence was itself exposed to 37 cybersecurity incidents last year.
In heavily redacted reports obtained by Sky News it was alleged that critical security information was located in vulnerable systems that could be accessed by foreign states’ surveillance or threat actors.
The MoD commented to Sky News that to disclose any further information other than that the breaches exist would: “Provide potential adversaries with valuable intelligence on MoD’s and our industry partners’ ability to identify incidents and react to trends.”
“Disclosure of the information would be likely to increase the risk of a cyber-attack against IT capability, computer networks and communication devices.”
It was also reported that some peripheral devices had not been scanned as part of cybersecurity due diligence and yet were found to be connected to systems containing classified information.