US government security data compromised

By

The security of data held by the CIA, the FBI and the US Department of Defense was compromised earlier this year after a partner agency allowed zone transfer access of its Domain Name Services.

US government security data compromised
The security of data held by the CIA, the FBI and the US Department of Defense was compromised earlier this year after a partner agency allowed zone transfer access of its Domain Name Services.

Professor John Walker, managing director of forensics consultancy Secure-Bastion, revealed the security blunder during the International Crime Science conference in London last week.

Professor Walker had been testing DNS environments as part of his academic research.

"In one case an organisation in the US, working with some government agencies, allowed me to get into their systems to see their servers named for their clients. Their servers were called 'CIA', 'FBI' and 'DoD'," he said.

Professor Walker confirmed to reporters that these names referred to the actual US law enforcement and defence agencies.

"The DNS is a logical map of all the assets of a company. If you can take the logical map of the assets out (IP addresses, system names) you've got an awful lot of intelligence to work on," he said.

"And you can work quietly because you no longer have to go to the organisation to get the data because it's sitting on your PC."

When Professor Walker reported the security flaw, the organisation said " Thank God you've found it" and closed it down. "I didn't go down any further because I valued my liberty," he said.

"In my work I get the pleasure of seeing other people's systems. I invariably walk away not believing what I've seen. It's not that the criminals are so clever, but that we're so stupid."

The International Crime Science Conference was organised by the Centre for Security and Crime Science at University College London.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

Log In

  |  Forgot your password?