DHS network intrusion was twice ruled a false positive before breach confirmed
Department of Homeland Security personnel twice dismissed signs of cyber intruders inside the agency’s Homeland Security Information Network as harmless activity, allowing hackers to remain undetected inside for weeks and eventually steal credential files, according to an internal incident readout viewed by Nextgov/FCW.
HSIN was breached about two months ago, Nextgov/FCW first reported in late June. The network houses sensitive, unclassified data that’s shared between federal, state, local, industry and overseas partner organizations.
Department investigators have still not determined the affiliation of the hackers, according to two people with knowledge of an ongoing probe into the incident. DHS may send staff to brief Congress on the hack in a classified setting in the coming weeks, added the people, who spoke on the condition of anonymity to communicate the department’s thinking.
Read more at NextGov/FCW