Interior Dept Network Compromised In ‘Phishing Attack’ Originating From Outside the US
About 100 Interior Department (DOI) employees were compromised after a phishing email attack that likely originated from outside the U.S., investigators reported.
The DOI inspector general’s office found the “successful phishing attack resulted in illegal access to the DOI network through remote logins on a least eight Gmail accounts,” according to a summary of their report.
The IG’s office released a summary of their findings six months after they completed their report on the cyber attack. The IG found that over a two week period “more than 1,500 DOI employees received the phishing email, resulting in approximately 100 compromised DOI employee Gmail credentials.”
Investigators found “the source of the attack was most likely physically located outside the United States” and notified the FBI’s National Cyber Investigative Joint Task Force so they could continue looking into the matter.
Phishing emails are fraudulent emails that appear legitimate, but give hackers access to your account.
The news comes as federal lawmakers investigate Russian attempts to influence the outcome of the 2016 election. Russian hackers were blamed for leaking thousands of emails to WikiLeaks from Hillary Clinton campaign manager John Podesta’s Gmail account.
Podesta’s emails were compromised after he opened a phishing email meant to look like an official communication from Google, and then entered in his password information.
Intelligence officials also say Russia used phishing emails to gain access to thousands of Democratic National Committee emails, which were published online. The incident led to former DNC Chairwoman Debbie Wasserman Schultz’s resignation.
Interior investigators began investigating employee’s emails in January after “multiple OIG employees received a ‘phishing’ email from an internal DOI bureau-level employee” without his knowledge, according to the report summary.
“When the recipients clicked a link within the email, they were presented with a webpage that appeared to be DOI’s standard log-in screen, and were prompted for their username and password,” the IG’s office found.
“At least two recipients clicked on the link and entered their DOI Gmail (Bison Connect Email System) credentials, thereby unknowingly compromising their accounts,” they found.
The IG’s findings spurred Interior’s chief information office to speed up plans to “require two-factor authentication for DOI Gmail access, and completed the transition eleven days after the attack began.”
“By implementing two-factor authentication, DOI ended the attack and it substantially increased the security of DOI’s Gmail system, Bison Connect,” the IG found.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact email@example.com.