A phishing attack in January 2016 gave hackers illegal access to the Department of Interior network through remote logins on at least eight Gmail accounts, according to a report released May 24 by the Office of the Investigator General at DOI.
The OIG began its investigation in January 2016 and ended in November 2016. Because of the attack, the chief information officer’s office accelerated its existing plan to require two-factor authentication for DOI Gmail access, and completed the transition 11 days after the attack began. The increased security kept the attack from affecting more Gmail accounts.
The cyberattack began when multiple OIG employees received a phishing email from an internal DOI bureau-level employee, which was sent without their knowledge. When the recipients clicked a link in the email, they were brought to a webpage that appeared to be DOI’s standard log-in screen, and were prompted for their username and password. At least two recipients clicked on the link and entered their DOI Gmail credentials, which compromised their accounts. For the next two weeks, more than 1,500 DOI employees received the phishing email, resulting in approximately 100 compromised DOI employee Gmail credentials.
The investigation found that the source of the attack was most likely located outside the United States. The OIG turned the information over to the FBI for continued investigation through its National Cyber Investigative Joint Task Force.