{
	"id": "51b64848-35b6-44f5-a267-fe30c58085d2",
	"created_at": "2026-04-06T00:10:15.662847Z",
	"updated_at": "2026-04-10T13:11:29.071401Z",
	"deleted_at": null,
	"sha1_hash": "2dd4f3c999f47c2b6a742d2c648a0831d5e292f9",
	"title": "Secret Service Investigates Breach at U.S. Govt IT Contractor",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 438067,
	"plain_text": "Secret Service Investigates Breach at U.S. Govt IT Contractor\r\nPublished: 2019-09-09 · Archived: 2026-04-05 14:07:21 UTC\r\nThe U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw\r\naccess to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The\r\ncontractor claims the access being auctioned off was to old test systems that do not have direct connections to its\r\ngovernment partner networks.\r\nIn mid-August, a member of a popular Russian-language cybercrime forum offered to sell access to the internal\r\nnetwork of a U.S. government IT contractor that does business with more than 20 federal agencies, including\r\nseveral branches of the military. The seller bragged that he had access to email correspondence and credentials\r\nneeded to view databases of the client agencies, and set the opening price at six bitcoins (~USD $60,000).\r\nhttps://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/\r\nPage 1 of 3\n\nA review of the screenshots posted to the cybercrime forum as evidence of the unauthorized access revealed\r\nseveral Internet addresses tied to systems at the U.S. Department of Transportation, the National Institutes of\r\nHealth (NIH), and U.S. Citizenship and Immigration Services (USCIS), a component of the U.S. Department\r\nof Homeland Security that manages the nation’s naturalization and immigration system.\r\nOther domains and Internet addresses included in those screenshots pointed to Miracle Systems LLC, an\r\nArlington, Va. based IT contractor that states on its site that it serves 20+ federal agencies as a prime contractor,\r\nincluding the aforementioned agencies.\r\nIn an interview with KrebsOnSecurity, Miracle Systems CEO Sandesh Sharda confirmed that the auction\r\nconcerned credentials and databases were managed by his company, and that an investigating agent from the\r\nSecret Service was in his firm’s offices at that very moment looking into the matter.\r\nBut he maintained that the purloined data shown in the screenshots was years-old and mapped only to internal test\r\nsystems that were never connected to its government agency clients.\r\n“The Secret Service came to us and said they’re looking into the issue,” Sharda said. “But it was all old stuff [that\r\nwas] in our own internal test environment, and it is no longer valid.”\r\nStill, Sharda did acknowledge information shared by Wisconsin-based security firm Hold Security, which alerted\r\nKrebsOnSecurity to this incident, indicating that at least eight of its internal systems had been compromised on\r\nthree separate occasions between November 2018 and July 2019 by Emotet, a malware strain usually distributed\r\nvia malware-laced email attachments that typically is used to deploy other malicious software.\r\nThe Department of Homeland Security did not respond to requests for comment, nor did the Department of\r\nTransportation. A spokesperson for the NIH said the agency had investigated the activity and found it was not\r\ncompromised by the incident.\r\n“As is the case for all agencies of the Federal Government, the NIH is constantly under threat of cyber-attack,”\r\nNIH spokesperson Julius Patterson said. “The NIH has a comprehensive security program that is continuously\r\nmonitoring and responding to security events, and cyber-related incidents are reported to the Department of\r\nHomeland Security through the HHS Computer Security Incident Response Center.”\r\nhttps://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/\r\nPage 2 of 3\n\nOne of several screenshots offered by the dark web seller as proof of access to a federal IT contractor later\r\nidentified as Arlington, Va. based Miracle Systems. Image: Hold Security.\r\nThe dust-up involving Miracle Systems comes amid much hand-wringing among U.S. federal agencies about how\r\nbest to beef up and ensure security at a slew of private companies that manage federal IT contracts and handle\r\ngovernment data.\r\nFor years, federal agencies had few options to hold private contractors to the same security standards to which\r\nthey must adhere — beyond perhaps restricting how federal dollars are spent. But recent updates to federal\r\nacquisition regulations allow agencies to extend those same rules to vendors, enforce specific security\r\nrequirements, and even kill contracts that are found to be in violation of specific security clauses.\r\nIn July, DHS’s Customs and Border Patrol (CPB) suspended all federal contracts with Perceptics, a contractor\r\nwhich sells license-plate scanners and other border control equipment, after data collected by the company was\r\nmade available for download on the dark web. The CPB later said the breach was the result of a federal contractor\r\ncopying data on its corporate network, which was subsequently compromised.\r\nFor its part, the Department of Defense recently issued long-awaited cybersecurity standards for contractors who\r\nwork with the Pentagon’s sensitive data.\r\n“This problem is not necessarily a tier-one supply level,” DOD Chief Information Officer Dana Deasy told the\r\nSenate Armed Services Committee earlier this year. “It’s down when you get to the tier-three and the tier-four”\r\nsubcontractors.\r\nSource: https://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/\r\nhttps://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/"
	],
	"report_names": [
		"secret-service-investigates-breach-at-u-s-govt-it-contractor"
	],
	"threat_actors": [],
	"ts_created_at": 1775434215,
	"ts_updated_at": 1775826689,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2dd4f3c999f47c2b6a742d2c648a0831d5e292f9.pdf",
		"text": "https://archive.orkl.eu/2dd4f3c999f47c2b6a742d2c648a0831d5e292f9.txt",
		"img": "https://archive.orkl.eu/2dd4f3c999f47c2b6a742d2c648a0831d5e292f9.jpg"
	}
}