Shortly after the U.S. Department of Transportation (DOT) introduced in late October that an inside audit discovered vulnerabilities inside laptop servers on the Federal Motor Carrier Safety Administration (FMCSA), the Small Business in Transportation Coalition (SBTC) issued an alert of its personal.
In a doc despatched to the Federal Bureau of Investigation (FBI) on Nov. 1, SBTC Executive Director James Lamb stated the latest USDOT Office of Inspector General’s (OIG) audit of the FMCSA’s programs ignored a number of key issues. Lamb additionally despatched a letter of concern to the U.S. Office of Special Counsel.
“On October 24, 2021, I reported ongoing day by day knowledge breaches at FMCSA to the Bureau’s New York Field Office and have been forwarding info by way of e mail to them the previous few weeks. I’m now writing to memorialize my report back to the Bureau,” Lamb wrote in his letter to the FBI.
Lamb additionally famous that, via the companies of a personal investigation agency, the SBTC decided in March 2019 that the FMCSA’s programs have been being breached via unauthorized entry of the company’s legislation enforcement officer consumer portal.
“As FMCSA is aware of, that is the one means a 3rd occasion can receive a provider’s cellphone quantity and e mail deal with in actual time minutes after FMCSA’s system points a USDOT Number,” Lamb wrote.
Lamb additional wrote that “Only the LEO (legislation enforcement officer) software affords this degree of entry, which we imagine means both these third events have registered as LEOs beneath false pretenses to accumulate unauthorized entry or they’re bribing precise LEOs to make use of their bona fide credentials.”
Lamb contends that the federal government has ignored the SBTC’s “proof we equipped from a duly licensed personal investigative agency that concluded unauthorized disclosure of (private, personal info) has certainly occurred and continues to occur. On. A. Daily. Basis. [sic]”
Lamb added: “By knowingly permitting the intrusion to go on for years, we contend the FMCSA has violated its authorized obligation to guard residents’ (private, personal info) and has negligently disseminated industry’s PII by failing to confess to and terminate the breach within the hopes this may go undetected so that they don’t need to cope with the fallout.”
FMCSA spokesman Duane DeBruyne deferred questions from The Trucker to a DOT doc outlining the inner audit. The DOT has additionally initiated an audit of the Federal Highway Administration’s (FHWA) info expertise infrastructure.
For its half, the DOT stated the inner investigation on the FMCSA discovered a number of important vulnerabilities on internet servers that operate inside that company. Those servers comprise a “mountain” of private and delicate knowledge, the DOT report famous.
“FMCSA did not detect our access or placement of malware on the network in part because it did not use required automated detection tools and malicious code protections,” the DOT report stated.
“We also gained access to 13.6 million unencrypted (personal identity) records. Had malicious hackers obtained (these records) it could have cost FMCSA up to $570 million in credit monitoring fees,” the report noted. “Furthermore, the agency does not always remediate vulnerabilities as quickly as DOT policy requires. These weaknesses put FMCSA’s network and data at risk for unauthorized access and compromise.”
The FMCSA uses 13 web-based applications to aid vehicle registration, inspections and other activities.
The DOT said it recommended 13 different points of action that FMCSA officials need to take to better secure the agency’s information.
“We consider all 13 recommendations resolved but open pending FMCSA’s completion of planned actions,” DOT officials said.
On Nov. 3, the Federal Highway Administration (FHWA) announced that it was conducting its own cybersecurity check.
Several drivers The Trucker spoke with about the issue were hesitant to comment. On The Trucker Facebook page, Robin Simmons said she recently received a letter from J.B. Hunt saying that her Social Security number and other information had been compromised.
Jeff Pearson said: “We never had that problem before computers … maybe they should go back … to the old way.”
Russ Robinson said: “So you put out the information that they are vulnerable to hackers, so the hackers can know that they are vulnerable to being hacked? When do the hackers begin hacking the hackable?”
The revealing of FMCSA’s vulnerabilities comes at a time when cyberattacks on government agencies, private entities and businesses are on the rise.
In the trucking industry, Marten Transport announced in late October that its systems had fallen victim to a cyberattack. Based on a preliminary assessment, Marten officials said they do not believe the incident will have a material impact on its business, operations or financial results.
Most Americans say they have serious concerns about cyberattacks on U.S. computer systems and view China and Russia as major threats, according to a new poll.
The poll, conducted by The Pearson Institute and The Associated Press-NORC Center for Public Affairs Research, shows that about nine in 10 Americans are at least somewhat concerned about hacking that involves their personal information, financial institutions, government agencies or certain utilities. About two-thirds say they are very or extremely concerned.
Roughly three-quarters of respondents believe the Chinese and Russian governments are major threats to the cybersecurity of the U.S. government, and at least half also see Iran — both government and non-government bodies — as threatening.
Several high-profile ransomware attacks and cyber espionage campaigns in the past year have compromised sensitive government records and led to the shutdown of the operations of energy companies, hospitals, schools and more.
The explosion in the last year of ransomware, in which cybercriminals encrypt an organization’s data and then demand payment to unscramble it, has underscored how gangs of extortionist hackers can disrupt the economy and put lives and livelihoods at risk.
One of the cyber incidents with the greatest consequences this year was a ransomware attack in May on the Colonial Pipeline, the nation’s largest fuel pipeline, which led to gas shortages along the East Coast. A few weeks later, a ransomware attack on the world’s largest meat-processing company disrupted production around the world.
Victims of ransomware attacks have ranged from key U.S. agencies and Fortune 500 companies to smaller entities such as the city of Leonardtown, Maryland, which was one of hundreds of organizations affected worldwide when software company Kaseya was hit by ransomware during the Fourth of July weekend.
“We ended up being very lucky, but it definitely opened our eyes that it could happen to anyone,” said Laschelle McKay, the town administrator. She said Leonardtown’s IT provider was able to restore the town’s network and files after several days.
The criminal syndicates that dominate the ransomware business are mostly Russian-speaking and operate with near impunity out of Russia or countries allied with Russia, according to reports from the U.S. government and other agencies. The U.S. government has also blamed Russian spies for a major breach of U.S. government agencies — an incident known as the SolarWinds hack, so named for the U.S. software company whose product was used in the hacking.
China has also been active. In July, the Biden administration formally blamed China for a massive hack of Microsoft Exchange email server software and asserted that criminal hackers associated with the Chinese government have carried out ransomware attacks and other illicit cyber operations.
“The amount of Chinese cyber actors dwarfs the rest of the globe, combined,” said Rob Joyce, the director of cybersecurity at the National Security Agency. “The elite in that group really are elite. It’s a law of large numbers.”
Both Russia and China have denied any wrongdoing.
The Associated Press contributed to this report.
https://www.thetrucker.com/trucking-news/the-nation/members-of-trucking-industry-among-those-concerned-about-fmcsa-breaches
