recommended reading

Deltek Breach Raises Questions About Widespread Hacking

scyther5/Shutterstock.com

Details surrounding a recent network breach at the business research and software firm Deltek remain uncertain after the company confirmed the incident exposed sensitive data on tens of thousands of employees of federal contractors.

On March 13, Deltek discovered an intruder had broken into a federal market analysis database called GovWin IQ, the company said. Deltek officials said the attacker accessed the login information for about 80,000 users and the credit card data for up to 25,000 of those individuals. The breach was first reported by Federal News Radio.

"This incident is connected to two large investigations and prosecutions in the District of NJ and the Eastern District of Virginia that involved many other parties and thousands of websites beyond just GovWin IQ,” Patrick Smith, Deltek’s senior vice president for marketing, said in an email. He was referring to U.S. Attorney offices in New Jersey and Virginia, where the firm is based. 

Smith added that an arrest has been made. He referred questions about the suspect's identity and about case names to the FBI. But the FBI would not confirm an arrest or links to other incidents. 

Deltek’s depiction of the situation sounds a lot like a large probe into the activities of alleged British hacker Lauri Love.

The two U.S. Attorney offices are prosecuting Love for breaching thousands of computer systems in the United States and elsewhere, including numerous federal networks. Love is believed to be affiliated with Anonymous, a hacktivist collective. British authorities arrested him in connection with another investigation in October, officials in the New Jersey U.S. Attorney's Office said at the time.

When asked last week whether the Deltek incident was tied to New Jersey's case, U.S. Attorney spokeswoman Rebekah Carmichael said in an email, "There is nothing in the public record in this case that would address the question." She added the investigation is still ongoing.

An October 2013 affidavit filed in Virginia supporting an arrest warrant against Love alleges he broke into the departments of Energy and Health and Human Services, as well as the U.S. Sentencing Commission and the FBI's Regional Computer Forensics Laboratory. The U.S. attorney's office there declined to comment on whether Deltek also was among those affected.  

Public court documents state the U.S. hacks happened between 2012 and 2013. Deltek learned it had been attacked in 2014 but did not indicate when the hack actually occurred. 

New Jersey U.S. Attorney officials announced in October 2013 an indictment against Love for infiltrating systems at the Army, U.S. Missile Defense Agency, NASA and Energy, among other offenses. A May 2013 criminal complaint also mentions an infiltration at the Federal Reserve.

The unsealed court documents do not list private sector victims that sound similar to Deltek. 

A former Deltek employee said it is believed the incident happened in tandem with a series of strikes on government agencies and financial institutions. Private investigators at Mandiant, CrowdStrike and the SANS Internet Storm Center said they could not confirm the widespread hacking described by Deltek. 

Company officials did not disclose the method the attacker used to corrupt GovWin. Court records show Love entered databases through weaknesses in widely-used Adobe ColdFusion software, "SQL injection" attacks, and malicious software. 

(Image via scyther5/Shutterstock.com)

Threatwatch Alert

Credential-stealing malware / User accounts compromised / Software vulnerability

Android Malware Infects More than 1M Phones, Adds 13,000 Devices a Day

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download

When you download a report, your information may be shared with the underwriters of that document.