Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Logins for US Navy, NASA's JPL among US gov logins sold on deepweb

Just US$2132 gets you half a dozen live Navy.mil accounts

Hackers are claiming to have accounts at major United States government agencies for sale, including NASA, the Navy, and the Department of Veteran Affairs.

The unverified cache found by Infoarmor chief intelligence officer Andrew Komarov includes 33,000 records tied to the US Government, plus research and educational organisations and universities.

Agencies on the list include the US General Services Administration, National Parks Service, and the Federal Aviation Administration. One government data listing visited by The Register promised alleged access to six unnamed accounts for subdomains of the US Navy including 3.5 bitcoins (US$2132).

They are also selling alleged access to five accounts across subdomains for NASA's Jet Propulsion Lab for three bitcoins (US$1827).

Another three logins to servers of the US Centres of Disease Control and Prevention over FTP and SFTP were being flogged for half a Bitcoin (US$300).

Komarov says the data was likely stolen from the National Institute of Building Sciences.

"After a thorough analysis, it was determined that most of this data was accessed from the hacked National Institute of Building Sciences website," Komarov says [PDF].

"It contains numerous members from the research, educational, government and military community."

One of the sellers, known as "poporet", is selling a revamped trojan that targets US bureaucrats and could be behind the rash of purported Government data dumps.

The remote access trojans known as GovRAT has been overhauled and is being sold for a relatively cheap price of up to US$6000 for source code, and US$1000 for basic components.

"The dynamics of growth show an extreme interest in hi-tech, scientific and federal sectors, Komarov says.

The trend is also very visible regarding defence and military employees".

GovRAT has also been upgraded with various anti-analysis and anti-security techniques. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like