Tech Company Finds Leaked U.S. Gov’t Logins, Passwords Online

How private and secure are the e-mail conversations involving U.S. government officials? Not very private -- or secure -- at all, according to Recorded Future, a CIA-backed tech company that used its Web Intelligence Engine to survey the landscape.

Recorded Future identified the possible exposure of login credentials for 47 United States government agencies across 89 unique domains. This data was identified through open source intelligence collection and analysis of 17 paste sites including Pastebin.com from November 2013 to November 2014. A paste site is a Web application that allows a user to store and share plain text.

At the time of the company's analysis, the Department of Energy had the widest exposure, with e-mail/password combinations for nine different domains identified on the open Web. The Department of Commerce was the second hardest hit with seven domains suffering exposures.

EUAs of early 2015, 12 of these agencies, including the Departments of State and Energy, allowed some of their users access to computer networks with no form of two-factor authentication,EU the firm reported. EUThe presence of these credentials on the open Web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce."

Criminals Move Quickly

We turned to Ken Westin, senior security analyst at advanced threat protection firm Tripwire, to get his thoughts on the news. He told us there are massive amounts of information available on the Internet from various data breaches that allow attackers to easily identify and correlate a variety of personal information.

EUPersonal e-mail addresses, social media accounts and other data may also be available as well as work e-mail and login credentials from other breaches,EU Westin said. EUPastebin searches bring up a number of compromised accounts from recent breaches, but it's likely these credentials are no longer valid. However, many threat actors monitor Pastebin...

Comments are closed.