Census Bureau of US Strengthens Online Security Following Security Breach

Nextgov.com reported on 28th July, 2015 stating that US Census Bureau wants to ensure that it is not phished by cybercriminals.

With reference to the increasingly common menace of phishing attack, a solicitation on 27th July, 2015 says that the Bureau is looking for contractors to "provide interactive Internet-based anti-phishing alertness training and services."

The training program is doomed to ensure that employees of the bureau are equipped with apt knowledge and skill to enable them to guard themselves against expected attacks. According to the request, the training, which is still in the investigative stage, could help to mitigate the exposure of databases of the bureau and defend its classified information from future breaches.

Very recently, hackers purportedly the hacktivist outfit, Anonymous, has breached Federal Audit Clearinghouse (FAC) of Census.

The Census Bureau said that hackers gained entry to the FAC, hosted on the harvester.census.gov, which is used to collect single audit reporting packages from local and state governments and non-profit organisations.

Census Bureau says that the FAC is hosted on an externally facing IT system which stores non-confidential data like details of individuals submitting information. The investigation on this incident is going on but the Census Bureau says that it has not found any evidence regarding breaching of other databases or personal details of people who responded to censuses and surveys has been exposed.

Securityweek.com published a report on 27th July, 2015 quoting an explanation of John H. Thompson, Director of Census Bureau, as "It seems that the database was compromised through a configuration setting which allowed the attacker to gain entry into four files posted on the site of the hacker. The hackers picked up the data illegally but as I indicated above, the Clearinghouse site does not store any confidential household or business data collected by the Census Bureau. That information remains safe, secure and on an internal network segmented apart from the external site and the affected database."

The Office of Personnel Management (OPM) confessed that hackers accessed the personal details of over 21 million employees of the federal followed shortly by this incident. While Anonymous hacktivists apparently targeted the Census Bureau, the main suspect in this OPM hack is a threat actor sponsored by the Chinese government.

» SPAMfighter News - 8/10/2015