Sorry!! The article you are trying to read is not available now.

Report: Federal Employees Increasingly "Duped" by Hackers

Print comment Post Comments
A Government Accountability Office report [PDF] released today has found that "network security incidents at federal agencies have soared 650 percent during the past half-decade, jeopardizing the confidentiality and integrity of sensitive government information," according to Aliya Sternstein of

Sternstein points out that "during the past five years, the number of reported events has grown from 5,503 in 2006 to 41,776 in 2010."

"The main reason agency computers are vulnerable to contamination is departments have failed to implement security controls," explains Sternstein. "Agencies do not always adequately train personnel responsible for system security, regularly monitor safeguards, successfully fix vulnerabilities or resolve incidents in a timely fashion."

Sternstein points out that "a recent audit that found IRS has neglected to block employees from using databases they aren't required to access for their jobs."

"As a result, financial and taxpayer information remain unnecessarily vulnerable to insider threats and at increased risk of unauthorized disclosure, modification, or destruction," the report states.

One federal employee was "duped by a targeted email into visiting a malicious website," where he was drawn in "on the pretense that he had won a new car in a lottery he supposedly entered by answering some simple questions about his pets. Later, he found that several credit cards had been opened in his name and large amounts of pet supplies had been ordered without his knowledge," the GAO report says.

Writes Tony Romm of Politico:

The GAO report raised the specter of future incidents as well, noting that a “well known hacker group ... is planning a cyber protest on a federal agency, using mobile phones and massive crowds of suppers as well as online supporters.” The goal, according to GAO, is to “slow or stop traffic in and out of the agency and delay operations.”

Yet GAO found there remain “weaknesses … in all major categories of controls,” or the sorts of efforts that prevent against security threats. For example, all 24 agencies were cited for poor “access controls.” That broad category of controls includes user identification systems, as well as physical security to protect IT facilities from threats.

Without improvements in those areas, GAO offered a grim conclusion.

“As long as agencies have not fully and effectively implemented their information security programs, including addressing the hundreds of recommendations that we and inspectors general have made, federal systems will remain at increased risk of attack or compromise,” the report found.

Still planning on e-filing this April?

POSITION:  No positions in stocks mentioned.