Two weeks ago, Ars Technica reported on an “almost unprecedented” wave of Domain Name System (DNS) hijacking attacks against American companies. According to the report, both federal and private investigators into the cyber attacks were warning companies of the very large scope. The DNS attacks, in the most simplistic explanation possible, allow potentially bad actors to access companies’ and computers’ domain names, in essence taking control over the domains that people use to log into accounts. In some cases this could mean financial identity theft and in others, more serious potential access to confidential secrets, as well as the ability to harm cyber infrastructure.
While the government was alerted to this threat, we have been in the middle of a government shutdown over a wall that should never be built, to promote a fake sense of national security. That shutdown has led to the beginnings of an exodus of cyber talent from our government, as well as government IT workers standing idle in furlough.
“Government salaries and benefits for technical employees are already no match for those offered by private-sector firms,” said Justin Sherman, Cybersecurity Policy Fellow at New America, a Washington, DC, think tank. “As the shutdown continues and employees are left without pay for a longer and longer period of time, private-sector jobs are going to be more appealing to technology-focused government workers and will undoubtedly cause some to leave the government for industry work, even if just due to a temporary need for income.”
Now, Ars Technica is reporting that as of Tuesday, Jan. 25, 2019—over a month into our completely Trump and McConnell-imposed shutdown and almost two weeks after being warned in no uncertain terms of the severity of these DNS attacks—the U.S. government is being roiled by a cyber attack.
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) issued the directive on Tuesday, 12 days after security firm FireEye warned of an unprecedented wave of ongoing attacks that altered the domain name system records belonging to telecoms, ISPs, and government agencies. DNS servers act as directories that allow one computer to find other computers on the Internet. By tampering with these records, attackers can potentially intercept passwords, emails, and other sensitive communications.
Grinding the government to a halt is not a negotiating technique that’s worth anything. It’s a dangerous and irresponsible ego trip by a pathetic man.