The Secret Service is investigating a breach at Virginia-based government technology contractor Miracle Systems that saw access to several of its systems put up for sale in the cybercrime underground. The contractor claims that the access being auctioned off was to old test systems with no access to government networks.
In August, a member of a popular Russian-language cybercrime forum offered to sell access to the internal network of a U.S. government IT contractor that does business with more than 20 federal agencies, including several branches of the military. The seller bragged that he had access to email correspondence and credentials needed to view databases of the client agencies, and set the opening price at six bitcoins (about $60,000).
Miracle Systems CEO Sandesh Sharda confirmed that the auction concerned credentials and databases managed by his company, but maintained that the data shown in the screenshots was years-old and mapped only to internal test systems that were never connected to its government agency clients.