VA Networks Besieged By Foreign Attackers, IG Says

Nicole Blake Johnson | Federal Times | June 4, 2013

Foreign attackers have repeatedly penetrated Veterans Affairs Department networks for at least the past three years, potentially gaining access to millions of unencrypted veterans records and other sensitive databases, according to House lawmakers and VA inspector general auditors.

The timeline and nature of the attacks is unclear, but VA auditors told a House subcommittee last week that, in one instance, attackers gained access to email accounts of VA senior leaders. VA doesn’t know how the attackers accessed its network or what data was stolen because the attackers encrypted VA’s data as they siphoned it out of the network, said Michael Bowman, director of the information technology and security audit division within VA’s IG office.

Bowman and his staff cited a host of security vulnerabilities that have plagued VA for the past decade, including weak computer passwords, missing software patches and inactive user accounts. [...]