*** An oversight report identified serious security weaknesses in classified systems used to house ballistic missile defense system technical information. The recently declassified report from the Department of Defense Inspector General found that technical information held by the Missile Defense Agency, including engineering drawings, algorithms, source codes and other material relating to land- air- and sea-based anti-ballistic missile capabilities were not being protected in government or contractor systems according to DOD standards.
Sources of potential vulnerabilities include a lack of multifactor authentication, physically insecure or unmonitored server racks, unencrypted data. Additionally, network vulnerabilities were "not consistently mitigated" at three of the five sites inspected by auditors.
"The increased threat of long-range missile attacks from U.S. adversaries requires the effective implementation of system security controls to help reduce the number of exploitable weaknesses that malicious actors could use to exfiltrate classified and unclassified technical information," the auditors wrote in their report, which was released with redactions on Dec. 10.
The report included a five recommendations, ranging from installing cameras to monitor physical access to server racks to the encryption of data that can be transferred to portable drives. The responsible official -- the CIO of a defense agency whose identity is redacted in the public report -- did not supply comments on the report or the recommendation. The IG is still seeking comment.
*** The FBI told the Justice Department's Office of Inspector General that an unexplained software misconfiguration was responsible for missing texts between Peter Strzok and Lisa Page, two FBI employees who were detailed to Robert Mueller's Special Counsel Office and exchanged texts disparaging then-presidential candidate Donald Trump and other political figures. Strzok was an agent; Page an attorney.
Both employees had substantial gaps in retention of work-related texts covering periods of time that include former Secretary of State Hillary Clinton's use of a private email server and the early days of the Special Counsel investigation.
House Republicans held hearings over the Strzok-Page texts in the summer of 2018, and used their content to allege that the special counsel investigation was motivated by partisan politics.
A forensic probe into a database unearthed 9,311 texts messages from Strzok's S5 and 10,760 from Page's device. The vast majority of these messages were between Strzok and Page, and the total number includes many duplicates.
According to a report released Dec. 13, the FBI began phasing out use of the Samsung S5 in 2017 precisely because the automated application used to wirelessly collect text messages from bureau-issued mobile devices was experiencing "software and other issues that prevented the data collection tool from reliably capturing" all texts.
The reason for the failure is unclear, though IT analysts told auditors that there are a range of possible explanations, such as a bug in the software affecting text message retention that wasn't patched by the vendor until March 2017, misconfiguration during the initial installation, interference caused by software updates and hardware errors.
Investigators doubt that Strzok and Page could have suppressed text messages on their own. To do so, they would need root access to their devices and administrator access, which is typically confined to a staffer working on device administration or security.
According to the report, as of November 2018 the FBI was still having issues capturing every text sent to and from the newer Samsung S7 and S9 devices.
Posted on Dec 18, 2018 at 12:51 AM