Security Experts:

DHS Contractor Targeted in Apparent State-Sponsored Attack

US Investigations Services (USIS), a Department of Homeland Security (DHS) contractor that conducts background checks for the agency, has been the target of a cyberattack that appears to have been launched by a state-sponsored entity.

Officials told The Washington Post that the scope of the intrusion has not been determined, but the personal details of some DHS employees might have been compromised in the breach. For the time being, there's no evidence that employees outside the agency are impacted. While the incident is being investigated, the DHS has suspended all work with the company, officials said.

CyberattackIn a statement published on its website on Wednesday, USIS said the cyberattack was aimed at its corporate network and it was discovered by the company's internal IT security team.

"We immediately informed federal law enforcement, the Office of Personnel Management (OPM) and other relevant federal agencies. We are working closely with federal law enforcement authorities and have retained an independent computer forensics investigations firm to determine the precise nature and extent of any unlawful entry into our network," USIS stated. "Experts who have reviewed the facts gathered to-date believe it has all the markings of a state-sponsored attack."

The Washington Post learned that the DHS sends employee data in an encrypted form to USIS, but it's unclear if it remains encrypted. USIS, which vetted former NSA contractor Edward Snowden, hasn't provided any technical details on the incident, but claims to be working with OPM, the DHS and federal law enforcement authorities on improving its security efforts.

"We are working collaboratively with OPM and DHS to resolve this matter quickly and look forward to resuming service on all our contracts with them as soon as possible. We will support the authorities in the investigation and any prosecution of those determined to be responsible for this criminal attack," USIS said.

Threat actors, often linked to China, have been named responsible for numerous attacks against United States government organizations over the past years. However, not all serious incidents involving government systems are blamed on Chinese and other state-sponsored groups. A British man has been accused of stealing sensitive information from the networks of several organizations, including the Federal Reserve, the Army, NASA and the Missile Defense Agency.

The practices of USIS, which has provided security clearance background investigations and other support services for more than 95 federal agencies, have been recently brought into question by the United States government. In October 2013, the Justice Department joined a civil lawsuit alleging that the firm systematic ally failed to adequately conduct security clearance investigations.

The Justice Department has accused the company of failing to properly conduct 665,000 background investigations between March 2008 and September 2012 in an effort to increase revenue and profit.

Last month, US senators sent a letter to the DHS questioning the decision to award a $190 million contract by the US Citizen and Immigration Services to USIS while knowing of the Department of Justice accusations.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.