The US Defense Information Systems Agency (DISA) disclosed that between May and July of 2019, one of its systems sustained a “data breach” that may have compromised personal data. According to Fifth Domain, DISA wrote affected personnel (who may number up to two-hundred-thousand) that their names and Social Security Numbers may have been compromised. Which systems were breached is unclear, as is whether the incident was an attack or a data exposure.
Reuters emphasizes that DISA provides telecommunications services to the White House and other high-level US Government organizations. That’s true but possibly misleading, as DISA does far more than that. It’s a combat support agency whose mission is to “conduct DODIN [Department of Defense Information Network] operations for the joint warfighter.” Most Service Members, Defense employees, and contractors touch DISA networks.
Other countries have joined the US, the UK, and Georgia in condemning what they call a large-scale GRU defacement attack against Georgian websites last October, Fifth Domain and others report. Naming and shaming are thought part of a broader effort to reinforce international norms of conduct in cyberspace.
The Atlantic looks at Russian influence operations directed against the 2020 US elections and concludes that the Americans themselves are doing a good job of creating divisive content all on their own, and that the Russians seem to have moved from creation to curation.
TechCrunch reports that KidsGuard, an app designed to monitor what children (also spouses, employees, etc.) do with their phones, exfiltrates data to a leaky Alibaba bucket.