The local, state and federal governments collect massive
amounts of data from its citizens. There are massive data centers whose only
function is to hold the data. While these secure the data, there are numerous attacks
daily, ranging from the simple scans to the far more advanced. One of these states
is Oklahoma, who had a notable issue. The Oklahoma Department of Securities is
tasked with protecting investors.
Issue
This year a research team (The UpGuard Data Breach Research
Team) detected a server, which was insecure. This occurred on December 7, 2018.
The server happened to have millions of files open to the public. The server
was registered to the Oklahoma Office of Management and Enterprise Services
(OMES). This was however actually owned by the Oklahoma Department of
Securities. The server contained 3TB and millions of files fully, openly
accessible. This was open possibly since at least November 2018 through the
detection date.
Data
The data was located on a rsync service that was not secured.
Rsync is generally used to synchronize files across systems. A person’s data
can be very sensitive and provide information to unauthorized parties the
person does not want provided. The data, in this case, involved a list of persons
with a specific ailment, FBI investigation details, and other PII. This also
had credentials and social security numbers for over 10K brokers in one of the
databases. The credentials could have been used for remote access to the
Oklahoma Department of Securities workstations. The earlier records noted were
from 1986.
Remediation
As noted, the server with cybersecurity issues was detected
on December 7, 2018. The owner was notified on December 8, 2018. Fortunately
for the person whose data was on the system, the public access was removed
immediately. They are working with a forensic team in conducting an
investigation. The government was very responsive and responsible for taking
care of this. They did not wait for an extended period of time to act on the issue.
Lessons Learned
This is a rather unusual set of circumstances, nearly a trifecta.
The issues compounded on each other. The servers were openly accessible by
anyone, the data on the server was not encrypted, and it appears they had not
been using TLS keys and certificates. In the very least the data at rest should
have been encrypted and TLS enabled. There are basic and uncomplicated measures
to ensure there are no issues. It is curious how this was configured incorrectly
and passed their internal checks. Allegedly the breach occurred while a firewall
was being stalled. While a good standard operating procedure, it should not
have taken at least a week to implement. This issue emphasizes the need for
timely work and proper configurations for systems.
Resources
Denwalt, D. (2019, January 17). Oklahoma government agency
left millions of files unsecured, including sensitive data, cybersecurity team
finds. Retrieved from https://www.tulsaworld.com/news/state-and-regional/oklahoma-government-agency-left-millions-of-files-unsecured-including-sensitive/
Dissent. (2019, January 16). Massive Oklahoma government
data leak exposes 7 years of fbi investigations. Retrieved from https://www.databreaches.net/massive-oklahoma-government-data-leak-exposes-7-years-of-fbi-investigations/
Mikelionis, L. (2019, January 17). FBI records, emails,
social security numbers exposed in massive data leak, security experts say.
Retrieved from https://www.foxnews.com/tech/oklahoma-government-data-leak-exposed-fbi-investigations-emails-dating-back-17-years-social-security-numbers
O’Donnell, L. (2019, January 16). Millions of Oklahoma gov
files exposed by wide-open server. Retrieved from https://threatpost.com/oklahoma-gov-data-leak/140936
Osborne, C. (2019, January 17). Oklahoma government data
leak exposes fbi investigation records, millions of department files. Retrieved
from https://www.zdnet.com/article/oklahoma-gov-data-leak-exposes-millions-of-department-files-fbi-investigation
The Associated Press. (2019, January 17). Firm: Oklahoma
securities agency’s computer files breached. Retrieved from https://www.thestate.com/news/business/national-business/article224681545.html
No comments:
Post a Comment