CIA-Backed Startup Finds Government Passwords On Internet

WASHINGTON DC – A CIA-backed startup

has discovered login credentials and passwords for 47 US government agencies

littered across the Internet – leaving federal agencies potentially at risk of

cyberattack.

Recorded Future, a Boston-based data

mining firm backed by the CIA’s venture capital arm, said in a research report that credentials belonging

to 47 US government agencies have been found across 89 unique domains, CNET.Com

reported.

The public release of the report may

push government agencies to take department security more seriously. The US may

heavily invest in spying programs through the National Security Agency, but it

seems like the basics of security have yet to be grasped – and as a case,

departments unrelated to the NSA may find themselves the target of surveillance

by other parties.

Two-factor authentication is an

option offered by various online services, including Facebook, Gmail and

PayPal, to heighten individual security and provide a second layer of defense.

As passwords are far from the most secure way to protect and authenticate an

account, if credentials are stolen, two-factor authentication – such as linking

a mobile phone to your account – can be used to prevent unauthorized entry.

However, as of early 2015, 12 of the

US agencies – including the Departments of State and Energy – which have lost

credentials online, do not stipulate the use of two-factor authentication when

users access their systems. As credentials have been leaked, this leaves these

departments open to unauthorized access.

“The presence of these

credentials on the open Web leaves these agencies vulnerable to espionage,

socially engineered attacks, and tailored spear-phishing attacks against their

workforce,” Recorded Future says.

The startup used the Recorded FutureWeb Intelligence Engine, an

“analytics” engine designed to seek out “invisible links”

between content streams which talk about “the same, or related, entities

and events.” The engine scanned over 680,000 Web sources in multiple

languages, linking together contextual data and sources in order to ferry out

the credentials belonging to governmental bodies.

Many of the credentials were

discovered on paste sites including Pastebin after being stolen using

third-party services. The report states:

“In many cases, our research identified the immediate

removal of the credentials by sites such as pastebin.com. However, to Recorded

Future’s knowledge, no efforts are made to contact government agencies whose

credentials may be posted on a paste site. Further, while the information may

be removed from a paste site, it likely still circulates in private circles and

is available to the original attackers.”

The CIA did not immediately respond

to a request for comment.

CIA-Backed Startup Finds Government Passwords On Internet

CIA-Backed Startup Finds Government Passwords On Internet

Share This Story, Choose Your Platform!

About the Author: michtech

Related Posts

Travel Smart with OPPO A3: The Ultimate Companion for Long-Distance Adventures

Report: Four Tic-Tac UFOs Surface In Pacific Ocean

Blockchain Transparency Or Revolutionizing Online Casino Game Fairness Through On-Chain Audit Logs

9 Best “Give $20, Get $20” Referral Program Examples in 2025

The Growing Demand For Privacy And Accessibility In Modern Browsers

4 Side Hustles That Fit Into Any Schedule