From The Sip Trunking Experts

TMCNet:  UPDATE: SC agency staff changes lowered computer scrutiny before hacking - former employee

[January 03, 2013]

UPDATE: SC agency staff changes lowered computer scrutiny before hacking - former employee

Jan 03, 2013 (The State (Columbia - McClatchy-Tribune Information Services via COMTEX) -- A former cyber-security director at the S.C. agency hit by hackers told lawmakers Thursday that the state Department of Revenue spread responsibility for protecting computer systems to "overtaxed" employees after he departed in 2011.

Stretching oversight led to gaps that increased chances for theft, said Scott Shealy, who ran computer security at the revenue department through late 2011. Hackers stole personal financial records belonging to 6.4 million consumers and businesses in September.

"Things would have been under much more scrutiny" with the previous security team, Shealy told the state House special committee examining the hacking.

Shealy, who works at the state judicial department, also said his boss at the time, chief information officer Michael Garon, did not make security a priority.

Shealy said he left the agency because of Garon's lack of support, including not following a recommendation to encrypt data that would have made accessing the information difficult and adopt a dual password system. The hackers stole unencrypted data. Dual passwords would have thwarted the theft, an expert hired by the state said.

The department's computer security job was not posted until five months after Shealy left and was not filled until August, the agency said.

The revenue department has said Garon's departure from the agency in September was unrelated to the hacking, which was not discovered for another three weeks by the Secret Service. Efforts to reach Garon were unsuccessful.

The revenue department did not address Shealy's accusations in its response.

"As an agency we are focusing on what we can do in the future to help prevent similar occurrences," the agency said in a statement.

Hackers appeared to access the revenue department computers through a program released in a malicious email opened by an employee, according to a report from computer forensics firm Mandiant.

Meanwhile, the total cost of the massive cyber-hacking at the S.C. Department of Revenue remains unclear as lawmakers begin work on a new budget.

South Carolina has spent $20 million to offer credit monitoring, bolster security at the agency, mail notifications and hire computer consultants, outside attorney and public-relations firm.

But other state agencies, which operate their own computer systems, are expected to request their own security needs. Lawmakers and state budget officials did not have estimates on Thursday. One legislator floated a $100 million estimate during a hearing last month.

"I can see it now, every agency in the state of South Carolina is going to come with their hand out, 'We need this ... for cyber security,' " Sen. Harvey Peeler, R-Cherokee, told reporters during a legislative preview Thursday. "Whatever the price tag is that's what we need to pay. ... It's the government's responsibility." House Ways and Means chairman Brian White, R-Anderson, said lawmakers are awaiting word from a consultant that state plans to hire to assess the state's cyber-security needs.

Meanwhile, a Senate special committee investigating the hacking is looking to enroll people for credit monitoring automatically and provide longer-term credit report protection.

The state is offering year of credit-report monitoring to 3.8 million taxpayers whose personal financial information was stolen from the Department of Revenue. A second year is under consideration.

But information belonging to 1.9 million dependents also were taken, meaning infants could face identity theft risks for their lifetime, said Sen. Kevin Bryant, an Anderson Republican who chairs the hacking special committee.

"We have a 90-year-old problem," he said.

The committee also wants to enroll people automatically for credit monitoring, giving them an opportunity to opt out. More than one million victims have enrolled. Legislators are weighing proposed laws to put computer security under one director.

Lawmakers remain upset that South Carolina allowed what's considered the nation's largest-ever hacking of a state agency.

A computer consultant hired by the state to probe the hacking said the Department of Revenue could have protected the data with a dual-password system that costing an estimated $25,000. The stolen information that included Social Security numbers also was not encrypted.

"I've never found a need to call the Department of Corrections and say, 'Hey, are y'all locking the doors at night ," Bryant said. "It seems like protecting the most sensitive database in the state would be a no brainer." ___ (c)2013 The State (Columbia, S.C.) Visit The State (Columbia, S.C.) at Distributed by MCT Information Services

[ Back To SIP Trunking Home's Homepage ]

Subscribe here for your FREE
SIP TRUNKING enewslettter.

Featured Partner

Featured Whitepapers

SIP Security for the Enterprise
Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies...

Making A Broadband Purchase Decision
Businesses today have many options for broadband connectivity. Clarifying your particular business needs prior to selecting a broadband provider will ensure an optimal match of broadband service to your requirements.

Voice-Optimized Network Delivers Premier Call Experience
Customers equate call quality with business quality. Real-time communication, interpersonal interaction, and the cordial tone of a call center representative can create a positive impression of your business that no email can match.

Featured Case Studies

Business Telecom Expenses Reduced 50%
A small to medium sized company in the midwest was interested in migrating to IP Communications, but in today's economy, they were hesitant to upgrade their communication system due to their perception that the cost would outweigh the benefits.

Multi-State Company Cuts Telecom Costs 50%
A multi-site, multi-state company with extensive monthly long distance fees and toll-free charges did not have adequate broadband for Broadvox SIP Trunking requirements, nor did they have a SIP enabled telephone system.

Discover Leisure Connects Remote Users to its IP-PBX
Discover Leisure is one of the largest resellers of caravans and motor homes in the UK. With 15 branch of?ces all over the country, the company spent a great deal of money every month just on internal phone calls.

Featured eBOOKS

Internet+: The Way Toward Global Unified Communication
Connecting the telephony of the enterprise PBX or Unified Communications (UC) system using SIP trunks instead of conventional telephone lines has been very successful in recent years.

What is SIP Trunking? Edition 2
SIP trunking is becoming more of a focus for service providers. One key issue many service providers face when deploying SIP trunks is NAT, or Network Address Translation, traversal.

What is SIP Trunking? Edition 1
A vast resource for information about all things SIP - including SIP, security, VoIP, SIP trunking and Unified Communications.

Featured Videos

Broadvox VAR Testimonial VAR 1:
Part 1 of the VAR (Value Added Reseller) Partner Program Testimonials for Broadvox...

E-SBCs AS The Demarcation Point:
Ingate's Steve Johnson talks to Erik Linask about the role session border controller plays as the demarcation point at...

Demystifying DPI
How can deep packet inspection protect your SIP traffic as well as your entire network?

Featured Resources

Partner Program Overview:
Over 4,000 VARs, Master Agents, Solution Providers, and Independent IT Professionals trust Broadvox. We offer customized services and solutions to fit seamlessly into any company's business model. And when you partner with Broadvox, every member of our team stands behind you and your customers 100%...

SIP Trunk UC Summit

What's New

Presenting the New Ingate/Intertex Website:
Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

Featured Blogs

Featured Webinars

Secure SIP Trunking:
What You Need to Know

Successfully Deploying Enterprise SIP Trunking:
Tools and Techniques for Overcoming Common Roadblocks

Featured Podcasts

Getting the Most Out of Your SIP Trunks:
Ingate's Steve Johnson and TMC's Erik Linask discuss how best practices forgetting the most out of SIP Trunking services and common pitfalls to avoid.

Featured Datasheets

Ingate SIParator E-SBCs
Adopting SIP is a simple process with the Ingate SIParator, the secure enterprise session border controller (E-SBC). The SIParator makes secure SIP communications - including VoIP,SIP trunking and more - possible while working seamlessly with your existing network firewall.

Ingate Firewalls
Everyone is talking about enterprise usage of VoIP, instant messaging and other types of realtime communications including presence and conferencing.

SIP Trunk Solutions for Service Providers
The award-winning Ingate Firewall and Ingate SIParator deliver a high quality, reliable SIP trunk connection between the customer's IP-PBX and the service provider network, and solve interoperability issues to simplify deployments and support for remote diagnosis of reported issues.