Close Menu
Firearms Forever
  • Home
  • Hunting
  • Guns
  • Defense
  • Videos
Trending Now

How to Get Better at PT Test Transitions from Calisthenics to Running

July 14, 2026

Iran Launches HORRIFIC Attack On U.S. Troops – Jets SCRAMBLING

July 14, 2026

Ep. 903: Stranded Whales, Cattle-Killing Wolves, and Maine Cleans Up Its Act

July 14, 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Firearms Forever
SUBSCRIBE
  • Home
  • Hunting
  • Guns
  • Defense
  • Videos
Firearms Forever
Home»Defense»DHS network intrusion was twice ruled a false positive before breach confirmed
Defense

DHS network intrusion was twice ruled a false positive before breach confirmed

Tim HuntBy Tim HuntJuly 14, 20264 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
DHS network intrusion was twice ruled a false positive before breach confirmed

Department of Homeland Security personnel twice dismissed signs of cyber intruders inside the agency’s Homeland Security Information Network as harmless activity, allowing hackers to remain undetected inside for weeks and eventually steal credential files, according to an internal incident readout viewed by Nextgov/FCW.

HSIN was breached about two months ago, Nextgov/FCW first reported in late June. The network houses sensitive, unclassified data that’s shared between federal, state, local, industry and overseas partner organizations.

Department investigators have still not determined the affiliation of the hackers, according to two people with knowledge of an ongoing probe into the incident. DHS may send staff to brief Congress on the hack in a classified setting in the coming weeks, added the people, who spoke on the condition of anonymity to communicate the department’s thinking.

Between May 15 and May 24, the infiltration was detected by analysts inside FEMA, where they observed the hackers had altered files on testing and live servers, used a legitimate web-server program to run malicious code and deleted activity logs that could have exposed their movements, according to the readout. The activity was ruled a false positive.

Between May 25 and June 3, the hackers used similar methods aiming to leave scant trace of their activity, setting off more alerts that were again dismissed as benign. On June 4, they installed hidden backdoors and stole credential data — typically employed to verify users’ identities and grant access to accounts or systems — where personnel then declared a breach was active.

It’s not clear why the intrusion was deemed benign two times over such a wide timeframe, but the incident highlights how a mistaken assessment can give hackers significantly more time to deepen their access into a target’s environment. The hack involved techniques meant to mask activity as normal, which, generally speaking, can make it very difficult for analysts to determine what is legitimate or not, one of the people said.

It’s also unclear what materials, if any, were copied from HSIN systems, though the fact that hackers targeted credential files indicates they sought out access to accounts or systems beyond what they could initially reach.

“The Department of Homeland Security is aware of a recent cyber incident involving a specific, unclassified legacy information sharing environment,” a DHS spokesperson wrote in the same statement it provided earlier this month that confirmed the hack. “We immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation. There is no indication that classified networks were impacted, and the system remains operational for our partners. As this is an ongoing investigation, we cannot provide further operational details at this time.”

Approved users lean on the network to securely access data, exchange requests with partner agencies, coordinate safety and security for planned events, respond to incidents and share information needed to protect their communities, per its website.

HSIN has been used to support ongoing World Cup games and recent America250 events, Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., said in a statement after the breach was reported. 

“The information in HSIN, while not classified, is highly sensitive, and its exposure risks national security,” he said at the time.

As the United States hosts World Cup matches nationwide, the hack could raise questions about whether the intruders gained access to security plans, interagency communications or emergency response plans for one of the world’s most visible sporting events. It’s also possible that World Cup data was not a target.

Nation-state and criminal hackers routinely target U.S. systems to gather intelligence, steal sensitive information and maintain access to government networks. In February, a suspected China-linked breach of an FBI surveillance system likely exposed the phone numbers of people the bureau was monitoring. Last fall, a widespread breach at FEMA let hackers make off with employee data from both the disaster management office and U.S. Customs and Border Protection.



Read the full article here

Share. Facebook Twitter Pinterest LinkedIn Telegram Reddit Email
Previous ArticleMassie Revives Effort to Strip NDAA’s Section 219 Combining US-Israeli Defense
Next Article Ep. 903: Stranded Whales, Cattle-Killing Wolves, and Maine Cleans Up Its Act

Related Posts

How to Get Better at PT Test Transitions from Calisthenics to Running

July 14, 2026

Massie Revives Effort to Strip NDAA’s Section 219 Combining US-Israeli Defense

July 14, 2026

AI can now power every stage of a cyberattack

July 14, 2026

US Attacks Iran and Tehran Retaliates Across the Middle East, Threatening a Return to All-Out War

July 14, 2026

25 Military Families Receive Record $200K in Scholarships from Veterans United Foundation

July 14, 2026

Ukraine and 9 Other Countries Announce a Coalition to Protect Europe From Ballistic Missiles

July 14, 2026
Don't Miss

Iran Launches HORRIFIC Attack On U.S. Troops – Jets SCRAMBLING

By David HooksteadJuly 14, 2026

Watch full video on YouTube

Ep. 903: Stranded Whales, Cattle-Killing Wolves, and Maine Cleans Up Its Act

July 14, 2026

DHS network intrusion was twice ruled a false positive before breach confirmed

July 14, 2026

Massie Revives Effort to Strip NDAA’s Section 219 Combining US-Israeli Defense

July 14, 2026

Subscribe to Updates

Get the latest firearms news and updates directly to your inbox.

  • Home
  • Privacy Policy
  • Terms of use
  • Contact
© 2026 Firearms Forever. All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.