recommended reading

DHS Notifies Companies, Offers Intel About Ongoing Hacks

Mark J. Terrill/AP file photo

The Homeland Security Department is distributing details about hacks to critical infrastructure operators in response to continuing cyber assaults that, according to people familiar with the cases, involve recent breaches at Apple, Microsoft and other technology firms.

The intelligence sharing also fulfills part of a Feb. 12 cybersecurity executive order, DHS officials told Nextgov. The policy required agencies to exchange information on threats to private computers running critical U.S. assets and asked businesses to do the same.

"Various cyber actors have engaged in malicious activity against U.S. government and private sector entities. The apparent objective of this activity has been the theft of intellectual property, trade secrets, and other sensitive business information," a DHS bulletin issued on Friday states.

The bulletin notifies energy suppliers, hospitals and other sectors vital to society that confidential guidance is available on “ongoing malicious cyber activity against U.S. government and private sector entities.” To receive the sensitive information, the companies or their Internet service providers must use "secure channels," according to the alert. As Nextgov reported on Friday, the government is building a restricted communications system for cyber tips patterned after the network facilitating the See Something, Say Something counterterrorism campaign. 

A former federal official familiar with the ongoing investigations said the activities referenced in the notice include recent infections of corporate computers at technology companies. The hackers exploited an Oracle Java software vulnerability on computers to inject malicious software. TwitterFacebook and Apple this month disclosed intrusions, reportedly perpetrated when their employees visited an infected software developer website that then passed on the malware to their machines. On Friday, Microsoft confirmed its corporate systems also had suffered similar compromises. Some experts suspect Chinese hackers are behind the malware campaign, while others now are fingering Eastern Europeans. 

Earlier in the week, computer forensics firm Mandiant released an unprecedented public report with evidence connecting a Chinese military unit to more than a hundred network infiltrations at companies in mainly English-speaking countries. 

The Pentagon and DHS since 2011 have experimented with disseminating classified threat information from the Defense Department's National Security Agency to military contractors. This month’s executive order allows the rest of the U.S. critical sectors to see the NSA intelligence. The level of sensitivity of Friday’s data is unknown.

The information offered includes computer network addresses, website extensions and malicious software "indicators," or the unique hallmarks of a specific virus, according to the bulletin. Department officials added that the threat indicators will help government and commercial network operators "take action to mitigate adverse impacts from this activity and protect their sensitive information."

Late Sunday night, a DHS official said in a statement, “Consistent with the recently signed executive order,” the release of the “bulletin by the Department of Homeland Security, in collaboration with the FBI, is an important part of our broader effort to provide critical infrastructure entities with the information they need to protect their networks from malicious cyber activity.”

The official added, “The administration is committed to protecting the nation’s security and economy, maintaining competitiveness and stopping criminal activity within cyberspace, and this whole of government effort is an important step toward that goal.”

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.