Lawmaker Demands Trump Admin Hand Over Unredacted Report On Phishing Email Attacks
A House committee asked the Interior Department Thursday to hand over an unredacted copy of a newly-released report detailing how more than 100 employees were “compromised” in a phishing email attack.
Utah Republican Rep. Rob Bishop, chairman of the House Committee on Natural Resources, sent a letter to Interior Deputy Inspector General Mary Kendall asking for “an unredacted copy of a November 7, 2016 report concerning a phishing attack” on employees’ email accounts.
The IG’s office has until Friday to respond to Bishop’s request, according to a copy of the letter obtained by The Daily Caller News Foundation. The IG’s office finished their report on the phishing attack in November, but released a short summary of their findings Wednesday — six months later.
The department began investigating phishing emails in January 2016 after “multiple OIG employees received a ‘phishing’ email from an internal DOI bureau-level employee” without his knowledge, the IG’s office reported.
Phishing emails are fraudulent emails that appear legitimate, but give hackers access to your account.
Investigators found the “successful phishing attack resulted in illegal access to the DOI network through remote logins on a least eight Gmail accounts,” according to a summary more than 1,500 DOI employees received the phishing email, resulting in approximately 100 compromised DOI employee Gmail credentials.of their report.
“When the recipients clicked a link within the email, they were presented with a webpage that appeared to be DOI’s standard log-in screen, and were prompted for their username and password,” the IG found.
“At least two recipients clicked on the link and entered their DOI Gmail (Bison Connect Email System) credentials, thereby unknowingly compromising their accounts,” they found.
After about two weeks, “more than 1,500 DOI employees received the phishing email, resulting in approximately 100 compromised DOI employee Gmail credentials.” The matter was referred to the FBI’s cyber investigative arm.
Interior’s chief information office sped up plans to “require two-factor authentication for DOI Gmail access, and completed the transition eleven days after the attack began” in the wake of the attacks, the IG reported.
“By implementing two-factor authentication, DOI ended the attack and it substantially increased the security of DOI’s Gmail system, Bison Connect,” the IG found.
Article reposted with permission from The Daily Caller. Article by Rachel Stoltzfoos.