How Hacker Pulled Off South Carolina Cyberattack

Kyle Murphy

COLUMBIA, SC - Last August, an international hacker cracked into state computers and gained access to 3.8 million tax returns by sending a malicious email to workers at the South Carolina Department of Revenue. This gave the hacker access to personal information including Social Security numbers and bank account information. According to details in a report released on Tuesday, experts say that this was the biggest cyberattack ever against a state government.

NBC News reports that Gov. Nikki Haley released a report by a computer security firm called Mandiant, which was hired to investigate the data breach. Gov. Haley said, “We were a cocktail for an attack,”referring to the necessary ingredients for cyber assault.

Gov. Haley has accepted the resignation of her Department of Revenue director, Jim Etter, and has stated that state officials “could have done more” to protect the personal data of state residents.

Tom Davis, a state senator and former chief of state to Gov. Mark Sanford said:

“I’ve gotten more phone calls and emails about this than anything else in the last four years. There’s a great degree of anger and frustration over what happened. This is information you’ve got to give the government; if you don’t, they put you in jail. There’s a real sense of betrayal."

A "phishing" scheme is a common tactic used by cyber criminals.

On August 13, the hacker sent multiple South Carolina Department of Revenue employees an email that had an embedded link containing malware or a computer virus. It only needed one of the employees to click on the link, in order for the malware to be activated. Once activated, the malware allowed the hacker to steal the employee’s user name and password.

Two weeks after sending the email, the attacker logged onto the remote-access service for Department of Revenue computers, using the credentials of an employee who had clicked on the August 13 email. According to the report, the invader then "leveraged the user’s access rights to access other Department of Revenue systems and databases with the user’s credentials."

The attacker then spent several weeks doing “reconnaissance activities” before copying large amounts of data and transferring them onto zip files that were moved onto the internet. The breach was not discovered until October 10 when the Secret Service notified state officials that it had uncovered information that data on three state residents had been stolen.

Since being informed of the situation, Gov. Haley and other state officials have scrambled to react as the magnitude of the attack has become increasingly apparent. In addition to 3.8 million tax returns, including the Social Security numbers of 1.9 million children and other dependents, the hacker got access to data on 699,900 business tax returns and 3.3 million bank accounts.

The vicious cyberattack has exposed vulnerabilities that experts say will cause state governments across the country to re-examine their cyber-defenses. South Carolina had encrypted credit card numbers according to industry standards, but it never had the Social Security numbers encrypted.

Some cyber experts say that there is now evidence of the data being marketed on Internet black market sites that peddle personal information on millions of Americans.

Gov. Haley on Tuesday blamed the federal government for not requiring Social Security numbers to be encrypted. She also has written a letter to the IRS Commissioner Steven Miller. The letter urges him “to strongly encourage the Internal Revenue Service to require all states to have stronger security measures for handling federal tax information, particularly encryption of tax information that is stored or ‘at rest.’”