Saturday, January 29, 2022

DoD staffer raided work SharePoint for identities to steal The Register

A US Department of Defense staffer with top-secret clearance stole the identities of dozens of people from a work SharePoint system to apply for loans totaling nearly a quarter of a million dollars.

Lee, who worked for Uncle Sam's Defense Contract Management Agency as an analyst, raided the organization's Microsoft SharePoint system for people's private data to pull off his nefarious scheme.

The IT system was home to files on DCMA staff and those in contact with the agency - including DoD employees and contractors.

Over a two-year period, starting in September 2018, Lee harvested personal information - including social security numbers, birth dates, addresses, and government employment forms - on at least 37 people, according to prosecutors.

Lee used these details to create fake IDs, which were in turn used with fabricated pay stubs, bank statements, and tax documents to apply for loans.

According to prosecutors, Lee created a Gmail account to masquerade as one of his colleagues and, using data pulled from the DCMA 360 SharePoint site, in March 2020 applied for at least eight bank accounts and loans as his victim.

Security Update 2022-001 Catalina - Five vulnerabilities, including one that can be exploited by bad apps to gain kernel-level access to the system.
 

https://www.theregister.com/2022/01/27/dod_sharepoint_apple_white_house/ 

No comments: