Tech security firm says government carelessness has made agency passwords available online

Array

46 Shares
password concept

Government officials are constantly talking about the need for increased digital surveillance powers to track down terrorists and hackers who could do damage to U.S. infrastructure. But according to a report from a CIA-backed cybersecurity firm, federal agencies could prevent breaches by simply strengthening login credentials for their networks.

Recorded Future, a company partially funded by the CIA’s investment wing that analysis cyber threats, recently reported that at least 12 government agencies require nothing more than a basic password to access networks containing sensitive government information.

The tech security firm reported:

Recorded Future identified the possible exposures of login credentials for 47 United States government agencies across 89 unique domains.

As of early 2015, 12 of these agencies, including the Departments of State and Energy, allowed some of their users access to computer networks with no form of two-factor authentication. The presence of these credentials on the open Web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce.

According to the Recorded Future report, the lack of security means that passwords used for logging in to networks for the Departments of Defense, Justice, Treasury and Energy, along with the CIA and the Director of National Intelligence, are scattered throughout the Web, available to any bad actors willing to look hard enough.

Personal Liberty

Personal Liberty News Desk