The Intelligence and National Security Alliance (INSA), a not-for-profit security policy group comprised of some of the nation's leading intelligence and security experts, announced that their website had been hacked last week.
Stolen membership details and emails were published on the website Cryptome, known for its affiliation with the hacktivist collective Anonymous according to The Daily Beast. The leaked data reveals potentially sensitive information about senior intelligence officials from the NSA, CIA, the FBI, and numerous intelligence contractors.
“INSA is just another Washington trade association, one of a thousand. But the personal information on the membership list could be extraordinarily useful for hackers who want to get access to more sensitive networks. With the personal emails of these government and industry officials, a hacker could use this information to deliver very personalized and very convincing scams on some of the intelligence world’s leading lights,” said Noah Shachtman, a cybersecurity expert the Brookings Institution.
The INSA breach highlights the state of rampant insecurity on the majority of public facing networks and the susceptibility of sensitive information on those systems to being pilfered by rogue actors.
"When this happens to an organization which is an association made up of your brightest and most competent intelligence and national security professionals and no one is surprised, it tells you we have a cybercrime epidemic. It’s not just a few isolated incidents, it’s happening all the time," INSA President Ellen McCarthy said to The Daily Beast.
2011 has seen a string of breaches at some of the leading defense and security contractors, including EMC's RSA, Northrop, L3, and Lockheed - as well as at several of the nation's most important nuclear and defense research facilities such as the Oak Ridge and Pacific Northwest National Laboratories.
“The people who are supposed to be most sophisticated about network security are constantly getting owned. It used to be that if you wanted to steal secrets from the U.S. government, you would have to go to the Pentagon or Langley, Va. But now, because so much of what our military and intelligence agencies do is actually in private contractor hands, one of the easiest ways to get sensitive information is to break into these corporate and association networks," said Shachtman.
Jut prior to the report website hack at INSA, the policy group had released a new report titled Cyber Intelligence: Setting the Landscape for an Emerging Discipline.
The report is meant to spur more debate and discussion on what will become a dominant field within the security realm, that of Cyber Intelligence. Exactly what parameters the term "cyber intelligence" covers is what the researchers at INSA are seeking to establish.
The report states that the development of the Cyber Intelligence field will require outlining a particular skillset that encompasses many of the tenets of IT security, but which also includes a more proactive threat management strategy than currently exists within the reactive security industry.
The entire INSA report is available in PDF here: https://images.magnetmail.net/images/clients/INSA/attach/INSA_CYBER_INTELLIGENCE_2011.pdf