US Census Bureau IT systems hacked, data leaked by Anonymous
Another OPM scandal, this is not
Anonymous hackers have swiped databases from servers used by the US Census Bureau, and dumped their contents online. The bureau, as you might imagine, collects information on the American population every 10 years – although the leaked data does not include citizens' census records.
The purloined bureau databases include the usernames, .gov email addresses, and office phone numbers of the organization's 4,200 staff. They also list the departments the employees work in, the internal IP addresses they last logged in from, and the names of the administrators.
A lot of this stuff was available online before the intrusion. The leaked files also include a database of usernames and hashed passwords, which appear to have been run through the MD5 or an Oracle DES algorithm.
The security breach is more embarrassing than anything else, and certainly not on the same level as the devastating US OPM infiltration earlier this month; the Anons likely found a bug in the code on a bureau web server, or a weak password, and exploited it.
Census Bureau spokesman Michael Cook told The Register today in a statement that his organization's internal systems were not affected by the intrusion, and that the compromised servers have been locked down:
The US Census Bureau is investigating an IT security incident relating to unauthorized access to non-confidential information on an external system that is not part of the Census Bureau internal network. Access to the external system has been restricted while our IT forensics team investigates.
Security and data stewardship are integral to the Census Bureau mission. We will remain vigilant in continuing to take every necessary precaution to protect all information.
According to the leaked files, Anonymous got into machines running Windows and software written in ASP.NET that were connected to an Oracle database. ®