Archetyp Links

A hacker gained access to the Federal Emergency Management Agency’s computer networks for several months earlier this year and stole information about FEMA and US Customs and Border Protection employees, according to an overview of the incident. The Department of Homeland Security notified FEMA on July 7 that a hacker had gained access to its network through Citrix Systems Inc.’s remote desktop software using compromised credentials, according to the summary, which was reviewed by Bloomberg News. The intruder breached FEMA’s Region 6, which includes Arkansas, Louisiana, New Mexico, Oklahoma and Texas, and the data was stolen from servers in the same region, according to the document. The identity of the hacker wasn’t disclosed. The handling of the breach prompted Homeland Security Secretary Kristi Noem to fire two dozen FEMA employees, including multiple IT executives, according to a person familiar with the incident. Representatives for FEMA, DHS and CBP didn’t immediately respond to requests for comment, nor did a spokesperson for Citrix. Details of the overview were previously reported by Nextgov/FCW. On July 14, the hacker moved through FEMA’s networks and installed virtual private network software in an attempt to remotely break into a database, according to the overview. The hacker was successful in gaining access to Microsoft Corp.’s Active Directory, which is used by information technology administrators to manage access control. From there, the intruder stole information about employees at FEMA and Customs and Border Protection, another component of DHS. FEMA disconnected the Citrix remote access tool for Region 6 on July 16 and forced employees to use multifactor authentication, according to the summary. The hacker was present in the network from June 22 until Aug. 5, the investigation found. In an Aug. 29 statement detailing the firings, Noem said, “FEMA’s career IT leadership failed on every level,” and she listed numerous examples of what she called “incompetence,” including an “agencywide lack of multifactor authentication.” The fired officials haven’t responded to requests for comment. Noem said in the statement that “this problem was caught before any American citizens were directly impacted,” and “no sensitive data was extracted from any DHS networks.” DHS’s internal investigation later found that federal employee identity data had been successfully stolen, according to the overview.