Homeland Security Running Hundreds of Sensitive, Top Secret Databases Vulnerable to Attacks

TN Note: Reckless handling of data by the supposed “experts” has been exposed, but hardly remedied. Data leaks (ie, hackers) are not the primary concern of technocrats, because no matter what is small portion leaked, they reason that they still have the original entire data which can only be analyzed by themselves.

The Department of Homeland Security is running hundreds of sensitive and top secret databases without the proper authorization, leaving the agency unsure if it can “protect sensitive information” from cyber attacks.

An audit released publicly Thursday by the inspector general found multiple areas of weaknesses within the agency’s information security programs.

Specifically, the department is operating 136 “sensitive but unclassified,” “Secret,” and “Top Secret” systems with “expired authorities to operate.”

“As of June 2015, DHS had 17 systems classified as ‘Secret’ or ‘Top Secret’ operating without [authorities to operate] ATOs,” the inspector general said. “Without ATOs, DHS cannot ensure that its systems are properly secured to protect sensitive information stored and processed in them.”

Leading the agencies operating unsecured databases was the Coast Guard with 26, followed by the Federal Emergency Management Agency with 25, and Customs and Border Protection with 14.

The Department of Homeland Security headquarters is operating 11, and the Transportation Security Administration is running 10 sensitive or secret systems with expired authorizations.

The audit also found that security patches were missing for computers, Internet browsers, and databases, and weak passwords left the agency’s information security vulnerable.

“We found additional vulnerabilities regarding Adobe Acrobat, Adobe Reader, and Oracle Java software on the Windows 7 workstations,” the inspector general said. “If exploited, these vulnerabilities could allow unauthorized access to DHS data.”

The review, which was mandated by the Federal Information Security Modernization Act of 2014, found that internal websites were also susceptible to “clickjacking” attacks and “cross-site and cross-frame vulnerabilities.”

“Cross-site and cross-frame scripting vulnerabilities allow attackers to inject malicious code into otherwise benign websites,” the inspector general said. “A clickjacking attack deceives a victim into interacting with specific elements of a target website without user knowledge, executing privileged functionality on the victim’s behalf.”

Read full story here…

Related Articles That You Might Like

Leave a Reply

1 Comment on "Homeland Security Running Hundreds of Sensitive, Top Secret Databases Vulnerable to Attacks"

newest oldest most voted
Notify of
Follow Technocracy.News?

The only Authoritative source for

Exposing Technocracy

Stories curated daily from around the world

Subscribe and get the digest!

No SPAM! We will not share your email with any 3rd party.

Thank You for Subscribing!


If you don't receive a confirmation email within a few

minutes, please check  your spam/junk folder.

Wath for a confirmation email.