[nsp-sec] Request for Rumors about NM
Matthew.Swaar at us-cert.gov
Matthew.Swaar at us-cert.gov
Mon Jul 28 20:54:12 EDT 2008
I have a strange request for those of you that have the opportunity to
observe the miscreants.
Recently US-CERT was advised of some malicious activity taking place on
a state network in New Mexico. The short story is there's evidence that
one state government agency network may have been abused for an extended
period of time. (You can probably see some of the damage by googling
elink.hsd.state.nm.us.)
There is an ongoing LE investigation, but that's not my concern.
My concern is that there may be trust relationships that would allow
access to other NM state agency networks. All of which are their own
separate little fiefdoms, with their own issues and priorities and
operators.
If anyone who has access to such data were to observe folks bragging
about this hack, or leveraging access to hsd.state.nm.us to acquire
access to other networks, I'd love to hear about it. (Especially what
other networks.)
I'm not LE, and I don't need raw traffic. But if I could tell one state
government subagency to be EXTRA vigilant when they were checking their
network it could help. I know that some of these other state networks
will take this seriously, and some will just do a cursory check, since
it wasn't THEIR network that got hacked.
V/R,
Matt Swaar
US-CERT Analyst
More information about the nsp-security
mailing list