Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pentagon Reveals Cyber Breach of Travel Records (apnews.com)

Posted by msmash on from the data-breach dept.

The Pentagon on Friday said there has been a cyber breach of Defense Department travel records that compromised the personal information and credit card data of U.S. military and civilian personnel. From a report: According to a U.S. official familiar with the matter, the breach could have affected as many as 30,000 workers, but that number may grow as the investigation continues. The breach could have happened some months ago but was only recently discovered. The official, who spoke on condition of anonymity because the breach is under investigation, said that no classified information was compromised. According to a Pentagon statement, a department cyber team informed leaders about the breach on Oct. 4. Lt. Col. Joseph Buccino, a Pentagon spokesman, said the department is still gathering information on the size and scope of the hack and who did it. "It's important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population" of Defense Department personnel, said Buccino.

36 comments

  1. Just imagine... by Anonymous Coward · · Score: 0

    ...if they had back door encryption keys that gave them access to all our accounts, online transactions, personal information...

    and then this breach happened, giving all that to criminals.

    1. Re:Just imagine... by Anonymous Coward · · Score: 0

      Why would they have that?

      Key escrow posits that the keys are held and secured by the device manufacturers, not the government. In addition, any legitimate security architecture uses offline CAs

    2. Re:Just imagine... by Anonymous Coward · · Score: 0

      'Murica! Fuck yeah!

    3. Re:Just imagine... by HarrySquatter · · Score: 1

      Because the device manufacturers are any better at security? Good joke... Good joke...

      It's not like we've heard about numerous data breaches of private companies or anything because of lax security practices. Nah, they're all impregnable and spend the most amount of money possible on security that they can.

    4. Re:Just imagine... by Anonymous Coward · · Score: 0

      They would do that because it is easy, and valuable, and they have no disincentives.

      It works like this:

      1) keys are escrowed by the manufacturers.
      2) as part of some investigation, the government seeks blanket warrants for thousands of keys.
      3) maybe they catch the guy, maybe they don't.
      4) all those keys....the government just doesn't bother to delete them. Keeps them in their database somewhere. Promises not to abuse them, but any use they make of them from then on is completely off any records.

      Ta-da!

    5. Re:Just imagine... by Anonymous Coward · · Score: 0

      The keys are only useful if you have physical possession of the device. They unlock the flash drive at bootup. They are not useful at all for remote attacks on your device, your communications, or your cloud services. Someone doesn't understand key escrow.

      If the government already has physical access to your device, you're already in a world of hurt.

    6. Re:Just imagine... by Anonymous Coward · · Score: 0

      Or just as likely: said company suffers a data breach and criminals exfiltrate the escrowed keys and now can break the encryption on hundreds of millions of devices and services with impunity.

    7. Re:Just imagine... by Anonymous Coward · · Score: 0

      If the government already has physical access to your device, you're already in a world of hurt.

      Not really. With sufficiently advanced cryptography amd the use of strong passwords, even with physical access the government will be spending years trying to break into your phone.

    8. Re:Just imagine... by Anonymous Coward · · Score: 0

      Yes, with physical access and a black bag warrant, they can install a hardware keylogger inline and wait for it to grab your PIN. Then when they return, they will unlock your device at will.

      That won't work of course if you're already dead or in custody, but then again, at that point you're in a world of hurt, as I said.

      Physical access to your phone, your computer, your server, etc, is basically game over in almost all cases.

  2. AC Reveals First Post on Slashdot by Anonymous Coward · · Score: 0

    French toast, my little snowflakes

    1. Re:AC Reveals First Post on Slashdot by Anonymous Coward · · Score: 0

      Don't quit yer day job.

  3. A leaky S3 bucket? by Anonymous Coward · · Score: 0

    Brace yourselves for JEDI-size breaches!

    1. Re:A leaky S3 bucket? by Anonymous Coward · · Score: 0

      JEDI isn't connected ot the internet.

  4. No Notification by Anonymous Coward · · Score: 0

    As a traveler registered in their system, I have received no notification of this breach. Not exactly a happy camper at this point. On the down-side, both my Passport numbers are recorded in the system, my emergency contacts list, and my frequent flyer numbers. On the up-side, the only credit card stored in the system is my Government Credit Card.

    1. Re: No Notification by Anonymous Coward · · Score: 0

      If your are a Federal employee/military person, only your official/diplomatic passport numbers should be in that system. Using a regular (i.e. tourist) passport is only permissible in *very* few cases and it is unlikely you would be using DTS/GovTrip in those cases.

      If your organization has had you performing official travel with a non-official passport and you aren't one of the exceptions (probably not) they are putting you in legal jeopardy and they are in non-compliance with the regulations.

  5. It wuz haxx0rz! by Anonymous Coward · · Score: 0

    Even though sitting on mountains of data inevitably leads to breaches.

    They'll still claim "a hack" when it was really just criminal negligence, as it always is.

  6. let the Right one in by PopeRatzo · · Score: 1, Interesting

    It's almost as if bad guys have become emboldened to attack the US. I wonder why that could be?

    --
    You are welcome on my lawn.
    1. Re:let the Right one in by Anonymous Coward · · Score: 0

      It's almost as if bad guys have become emboldened to attack the US. I wonder why that could be?

      The cyber terrorists are using cyber attacks on your cyber networks. It's all about cyber control, that's why US Cyber Command must develop the cyber code to win the cyber war.
      Really, they're just looking for cyber sex.
      Cyber!

    2. Re:let the Right one in by Anonymous Coward · · Score: 0

      It's almost as if bad guys have become emboldened to attack the US. I wonder why that could be?

      We appreciate your continued assistance in keeping the people divided, Comrade Ratzovich.

  7. The paragon of security by mr_shifty · · Score: 4, Insightful

    .... but this is the same government that says we should have backdoors on all civilian encryption schemes and they'd keep those perfectly safe. Right. I'm sure nothing bad could happen from that.

    --
    And the circle of life continues to spin, occasionally wobbling on its axis thanks to the weighty presence of dumb.
    1. Re:The paragon of security by gtall · · Score: 2, Funny

      I am sorry to inform you that there are many branches of the U.S. Government.

    2. Re:The paragon of security by whh3 · · Score: 1

      I think that you spelled it wrong. It's breaches, not branches.

      --
      remove nospam. to email!
  8. Addendum: BIGGEST CRIMINALS of all... apk by Anonymous Coward · · Score: 0

    See subject & https://www.infowars.com/trump... who (though I dislike quoting this person) come as friends but are the WORST most INSIDIOUS DEMON https://www.breitbart.com/nati...

    * Now, if you "follow the money" (being taken out of your hands by NUMEROUS FORMS of "wealth transfer")?

    WE ALL KNOW WHAT GROUP RUNS THEM - get rid of THEM too (but we've tried to no avail as VAMPIRES DO NOT FEED ON OTHER VAMPIRES).

    APK

    P.S.=> This'll ALL change & HOPEFULLY Trump makes good on getting RID of the ANYTHING BUT FEDERAL ILLEGAL RESERVE CENTRAL BANKS (we've done our BEST economically MINUS them, & they were put in place by a MINORITY of GOV'T. (illegal & done while rest of gov't. was on vacation during Wilson's tenure) + ILLEGAL by Article I, Section 8 of the U.S. Constitution the U.S. Congress is the one that is supposed to have the authority to âoecoin Money, regulate the Value thereof, and of foreign Coin, and fix the Standard of Weights and Measuresâ. So why is the Federal Reserve doing it? KICK THEIR ASSES OUT! Lincoln avoided them via the "greenback" & iirc? Things were righted almost instantly - Jackson did nearly the same, same result - history & its RESULTS speaks FOR ITSELF... apk

  9. Cyber! by Anonymous Coward · · Score: 0

    HaHa!
    cyber cyber cyber
    So gay!!!!

  10. Nothing burger by Anonymous Coward · · Score: 0

    False story from liberal media. Again. And then liberal wonder why most regular americans like us consider media 100% enemy of this nation.

  11. Benifit or curse by Anonymous Coward · · Score: 0

    So, in toto, does the internet bring more benefits than problems?

  12. Re:The paragon of FEDERAL PRISON TRUMP TRAITORS by Anonymous Coward · · Score: 0

    Despite the best efforts of the Traitor administration to drown itself in a prison bathtub... spoiler alert, it's actually a combination toilet-sink... Mueller will see you now.

  13. Re:Trumptard would never let that happen though! by Anonymous Coward · · Score: 0

    See you in FEDERAL PRISON, lol! Bring your son FAGGOT JUNIOR LOL

  14. Aruging with an Idiot by Anonymous Coward · · Score: 0

    You're arguing with an idiot. They truly believe that their iPhone is secure, because it's made in China, sanctified by the benevolence of the Ghost of Steve Jobs, and that only evil governments ever have a reason to get "private" data.

  15. "Cyber Breach" by Anonymous Coward · · Score: 0

    Just in case you forgot you were dealing with a government agency.

    They called it a "Cyber Breach". I don't think I need to say more.

  16. God Damn It by Greyfox · · Score: 1
    Well I guess it's nice of them to collect all that data in one place for the hackers. No need to segregate data or anything because, you know, their computers are completely 100% unhackable :/

    You watch, there will be absolutely no consequences to whomever was in charge of that shit.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  17. Yawn by Hallux-F-Sinister · · Score: 1

    Another day, another news item about someone's security getting breached. I'm beginning to wonder if we don't all need to just break out the old zip-zap machines, the good ol' knuckle-busters of old, and get rid of all this electronic bullshit, and go back to the fucking 1970s. I miss my C64... sure it was slow as shit and using a 2400 baud modem sucked, but we didn't know different.

    Hell... I'm even beginning to miss bell-bottoms. I miss natural perky tits in tight little sweaters and long straight hair on girls not covered in ridiculous makeup and tattoos... all our great rock and jazz and soul musicians were still alive... and today they're mostly all dead, all the great bands have broken up, all our shit's getting broken into, the world's going to fucking pieces... anyone got a time machine handy? Set course for 1969 and engage. (I'll need a year or two to re-acclimate first.)

    (For a list of grievances, we could just play back the second half of "We Didn't Start the Fire," really.) -sigh-

    --
    Our reign has gone on long enough. Indeed. Summon the meteors.
    1. Re:Yawn by Anonymous Coward · · Score: 0

      Wanna ride the ship down again? - common don't waste the time machine... (ok, I'll get off your lawn now)