Breach of background-checks database may lead to blackmail
30 April 2015
Newly released documents show how hackers infiltrated servers used by USInvestigations Services (USIS), a federal contractor which conducts background checks for DHS. In a House Oversight and Government Reform Committee hearing last week, Representative Elijah Cummings (D-Maryland) said more than 27,000 personnel seeking security clearances likely were affected by the USIS breach. Similar hacks also affected servers at the Office of Personnel Management (OPM), which holds information on security clearance investigations.
Both USIS and OPM were hacked around March 2014, and while the security controls in place at OPM’s networks shielded employee information, the networks at USIS were not as secured.
At USIS, hackers deployed spyware designed to capture screenshots when a background check window was open, according to Stroz Friedberg, a digital forensics firm. “The attacker installed screen-scrapping malware on systems and specifically configured that malware to grab screenshots only when background investigations-related applications were being displayed on the screen,” Stroz Friedberg Managing Director Bret Padres wrote in a September 2014 letter to USIS’s attorneys.
The use of spyware that executed only under specific conditions implies that hackers did not want to raise alarms, said Richard Barger, chief intelligence officer at ThreatConnect and a former Army intelligence analyst. “Many of those background check systems are very highly audited.”