Government security breach by Anonymous – scope unknown

November 17, 2013 at 12:00 AM EDT
Joseph Menn of Reuters reports on the story he helped break about how activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information. Menn says the campaign began almost a year ago and its scope is not yet known.

HARI SREENIVASAN:  A story by Reuters details how hackers from the group known as Anonymous broke into multiple U.S.  government agency computers and stole sensitive information And may still have access.  For more, we’re joined now from San Francisco by Joseph Menn, He authored the piece.

First of all, how significant is this hack?

JOSEPH MENN:  Well, it’s obviously very significant. They don’t – there are multiple U.S. agencies, including various bits of the U.S. army. There’s the Department of Health and Human Services, and at the Department of Energy alone, we got ahold of an email Internally that says that they got access to personal details on 100,000 people and others and bank account information on 120,000 employees.

HARI SREENIVASAN:   So the idea that they still have a backdoor open, how do they do this?

JOSEPH MENN:   They got into a previously unknown flaw in a piece of software called Cold Fusion, which is used to run websites made by Adobe. That was back as far ago as December of last year.  And they put in a back door for future access, so even after Adobe fixed the problem, they were still able to have access. And the Feds don’t know how far else they got, but they clearly have ongoing access, and at least in some places, they were pretty worried about it.

HARI SREENIVASAN:   So what’s the real damage Done here?

JOSEPH MENN:   Well, so far, the same group Broke into the U.S. Sentencing Commission and posted a video that was condemning – calling for reforms of anti-hacking laws. It’s about what they see as unjust sentences for hackers. But we really don’t know what else they’re going to do with It.

They have all of this Information; they can use it for identity theft, can impersonate Army personnel and get access to classified information that way. They don’t really know the scope of the problem, but it’s pretty big.

HARI SREENIVASAN:   And when they don’t know the scope of it, what is the FBI likely to do? What, in the memos that you’ve seen, what are their next steps?

JOSEPH MENN:   Well, one of the things they’ve done is warn computer administrators at various federal agencies to look for specific signatures is, what they call, indicators of compromise. So they’re going through, they’re looking; they’re trying to find the hackers’ tracks. They might be able to find them all, they might not. In the meantime, they’re continuing a criminal Investigation. There’s been one person indicted In the United Kingdom and he’s awaiting extradition. There are other conspirators they’re looking for.

HARI SREENIVASAN:   Is there concern about the safety of information inside these agencies today?

JOSEPH MENN:  Yeah, absolutely, there’s huge concern about it.

HARI SREENIVASAN:   All right, Joseph Menn from Reuters joining us from San Francisco, thank you so much.