recommended reading

Deltek Breach Raises Questions About Widespread Hacking

scyther5/Shutterstock.com

Details surrounding a recent network breach at the business research and software firm Deltek remain uncertain after the company confirmed the incident exposed sensitive data on tens of thousands of employees of federal contractors.

On March 13, Deltek discovered an intruder had broken into a federal market analysis database called GovWin IQ, the company said. Deltek officials said the attacker accessed the login information for about 80,000 users and the credit card data for up to 25,000 of those individuals. The breach was first reported by Federal News Radio.

"This incident is connected to two large investigations and prosecutions in the District of NJ and the Eastern District of Virginia that involved many other parties and thousands of websites beyond just GovWin IQ,” Patrick Smith, Deltek’s senior vice president for marketing, said in an email. He was referring to U.S. Attorney offices in New Jersey and Virginia, where the firm is based. 

Smith added that an arrest has been made. He referred questions about the suspect's identity and about case names to the FBI. But the FBI would not confirm an arrest or links to other incidents. 

Deltek’s depiction of the situation sounds a lot like a large probe into the activities of alleged British hacker Lauri Love.

The two U.S. Attorney offices are prosecuting Love for breaching thousands of computer systems in the United States and elsewhere, including numerous federal networks. Love is believed to be affiliated with Anonymous, a hacktivist collective. British authorities arrested him in connection with another investigation in October, officials in the New Jersey U.S. Attorney's Office said at the time.

When asked last week whether the Deltek incident was tied to New Jersey's case, U.S. Attorney spokeswoman Rebekah Carmichael said in an email, "There is nothing in the public record in this case that would address the question." She added the investigation is still ongoing.

An October 2013 affidavit filed in Virginia supporting an arrest warrant against Love alleges he broke into the departments of Energy and Health and Human Services, as well as the U.S. Sentencing Commission and the FBI's Regional Computer Forensics Laboratory. The U.S. attorney's office there declined to comment on whether Deltek also was among those affected.  

Public court documents state the U.S. hacks happened between 2012 and 2013. Deltek learned it had been attacked in 2014 but did not indicate when the hack actually occurred. 

New Jersey U.S. Attorney officials announced in October 2013 an indictment against Love for infiltrating systems at the Army, U.S. Missile Defense Agency, NASA and Energy, among other offenses. A May 2013 criminal complaint also mentions an infiltration at the Federal Reserve.

The unsealed court documents do not list private sector victims that sound similar to Deltek. 

A former Deltek employee said it is believed the incident happened in tandem with a series of strikes on government agencies and financial institutions. Private investigators at Mandiant, CrowdStrike and the SANS Internet Storm Center said they could not confirm the widespread hacking described by Deltek. 

Company officials did not disclose the method the attacker used to corrupt GovWin. Court records show Love entered databases through weaknesses in widely-used Adobe ColdFusion software, "SQL injection" attacks, and malicious software. 

(Image via scyther5/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.