Cybersecurity contractor warns of virus on own network

slicedmitesSécurité

16 févr. 2014 (il y a 3 années et 5 mois)

55 vue(s)


Original URL: http://www.theregister.co.uk/2009/02/04/sra_virus_infection/
Cybersecurity contractor warns of virus on own network
When this server's a-rockin'...
By Dan Goodin in San Francisco
Posted in Security, 4th February 2009 00:52 GMT
Free research: Application platforms, the state of play
SRA International, a government contractor that provides cybersecurity and privacy services, has
warned its employees their personal information may have been stolen after hackers planted a virus on
its computer network.
The malware was installed on the same network that stored employees' personal data including
names, addresses, dates of birth, health information and social security numbers, according to a letter
(PDF) (
http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-164577.pdf
) filed with Maryland's Office of
Attorney General. Information might also include personal employee details included in security
position questionnaires.
Company investigators don't know whether the information has been intercepted but decided it was
appropriate to warn employees of the possibility, the letter said. The firm has offered the services of a
credit monitoring company to mitigate the chances of identity theft. The breach was reported earlier by
IDG News.
The letter didn't say how the virus made its way into a presumably secure network.
"We have shared our findings with our anti-virus vendor and they have updated their virus definitions to
detect the virus files we identified," the letter stated. "While we have no specific information, we believe
that the security issue may affect more than just SRA."
The letter went on to admonish employees that news of the breach "is company proprietary and should
not be discussed externally."
SRA had close to 6,500 employees as of June 30, according to the company's annual shareholder
report (PDF) (
http://library.corporate-ir.net/library/13/131/131092/items/307888/SRA_2k8AR.pdf
). The same document
went on to praise its computer security savvy.
"In 2008, SRA strengthened its information assurance practice in identifying data risks and preventing
security breaches by fully integrating its leading cyber security analytics, forensics, information
operations, network exploitation, privacy and identity management capabilities," it said. ®
Related stories
Rogue contractor admits Oz gov hack attacks
(26 January 2009)
http://www.theregister.co.uk/2009/01/26/rogue_contractor_nt_gov_hacking/
Is the UK.gov IT gravy train heading for the buffers?
(12 January 2009)
http://www.theregister.co.uk/2009/01/12/it_contract_review/
Detect & Block Hackers
on your network. Event log analysis made
easy. Download free trial!
www.
g
fi.com/eventsmana
g
er
NERC cybersecurity
Bow Networks' CrossBow secures remote
IED maintenance access
www.bownetworks.com
Free PHP Security Scanner
Check your PHP scripts for vulnerabilities
with Acunetix WVS.
www.acunetix.com/free-edition/

Page 1 of 2Cybersecurity contractor warns of virus on own network [printe
r
-friendly] • The Regis...
07/02/2009http://www.there
g
ister.co.uk/2009/02/04/sra
_
virus
_
infection/print.html
US Army gets eco-conscious, preps mega solar plant
(7 October 2008)
http://www.theregister.co.uk/2008/10/07/us_army_energy_savings_program/
Phreakers seize government phone system
(21 August 2008)
http://www.theregister.co.uk/2008/08/21/dhs_phonesystem_hacked/
MoJ admits data breaches affecting 45,000
(18 August 2008)
http://www.theregister.co.uk/2008/08/18/moj_data_breaches/
© Copyright 1998–2009
Page 2 of 2Cybersecurity contractor warns of virus on own network [printe
r
-friendly] • The Regis...
07/02/2009http://www.there
g
ister.co.uk/2009/02/04/sra
_
virus
_
infection/print.html