How South Carolina Failed To Spot Hack Attack

Attackers stole 3.3 million businesses bank details and 1.9 million social security numbers, cost the state $14 million for cleanup.

Just one look: Thats all it took for an attacker to compromise South Carolina state systems.
Specifically, a state Department of Revenue employee likely unwittingly executed malware, and became compromised after clicking on an embedded link in a salacious email, allowing an attacker to harvest the employees username and password. So said a state-commissioned
analysis from security firm Mandiant
, released last week.
Two weeks after the initial malware infection, the attacker logged into the remote access service (Citrix) using legitimate Department of Revenue user credentials, according to the report. The attacker used the Citrix portal to log into the users workstation and then leveraged the users access rights to access other Department of Revenue systems and databases with the users credentials.
Ultimately, the attacker stole 3.3 million
unencrypted bank account numbers
. Given the recent spike in
fraudulent wire-transfer attacks
, that information promises to be a goldmine. Equally worrying for consumers is the theft of copies of 3.8 million tax returns, containing social security numbers for 1.9 million children and other dependents.
[ S.C. isnt alone in failing to protect government data. See
Stolen NASA Laptop Had Unencrypted Employee Data
. ]
Whos to blame for the
data breach
? South Carolina state officials have pointed the finger at Russian attackers, while also criticizing the Internal Revenue Service for not having required the state to encrypt social security numbers. But based on a reading of Mandiants report, state officials are perhaps most to blame. On that note, last week Gov. Nikki Haley said at a news conference that South Carolina Department of Revenue director Jim Etter would resign, effective Dec. 31. Etter had reportedly
declined the offer of free breach-detection services
from the states IT department.
From a security standpoint, failing to
watch for intrusions
was an amateur error, and -- no surprise -- the state failed to catch the recent intrusion. Likewise, the state failed to spot the follow-up compromise of 44 different systems, the installation of backdoor software, multiple instances of password hashes being dumped, the running of Windows batch scripts, or the attacker executing numerous arbitrary commands against databases.
As a result, a few weeks after the first successful malware infection, the attacker was still using the stolen credentials to conduct reconnaissance on 21 different state servers, although he or she hadnt yet been able to access sensitive data. But with more work, by Sept. 12, 2012, the attacker had successfully located and begun copying 23 database backup files, containing 74.7 GB of data, to another directory. Soon, the attacker compressed the data into 15 zip files, transferred them to another server, sent the data to an external system -- outside the states control -- and deleted the zip files to help
hide the data breach
, according to Mandiants report.
The breach remained undiscovered until about a month later, on Oct. 10, when the
Secret Service informed state officials
that information on three residents appeared to have been stolen. Two days later, the state hired Mandiant to help find out what happened.
The bill for the data breach now exceeds $14 million, reported the Associated Press. Related costs include $500,000 for Mandiants efforts, $12 million for credit monitoring services from Experian, $800,000 for improved information security capabilities, $100,000 for outside legal help, $150,000 for a related public relations campaign as well as $740,000 that will likely be spent to notify the estimated 1.3 million out-of-state taxpayers who were affected by the breach.

Last News
▸ Cyberwar expert believes China responsible for Stuxnet attack. ◂ Discovered: 05/01/2025 Category: security	▸ WikiLeaks endangers classified information on firms. ◂ Discovered: 05/01/2025 Category: security	▸ Damage in McDonalds, Walgreens, Gawker hacks. ◂ Discovered: 05/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
How South Carolina Failed To Spot Hack Attack