The Defense Contract Management Agency (DCMA), the U.S. federal agency responsible for performing contract administration services for the Department of Defense (DoD) and other authorized federal agencies, is investigating a possible security breach within its internal systems and has turned a number of servers offline amid the investigation.
The official DCMA website has been offline for nearly two weeks and is still undergoing investigation at the time of writing this article.
A notice posted on the DCMA’s homepage before turning offline said little to nothing about an ongoing investigation, aside from noting “corrective action in progress,” and continuing on to state work is currently underway.
The note posted on the DCMA homepage reads:
Corrective Action in Progress.
The service you’re looking for is temporarily unavailable.
Work is being done to restore the service as quickly as possible.
Please hit refresh or try again soon.
Thank you for your patience.
Speaking on the ongoing investigation and long term outage, DCMA spokesman David Wray, told investigator Brian Krebs, suspicious activity was detected on the DCMA public-facing server January 28, resulting in the current and ongoing investigation.
“So far, no DCMA, DoD or Defense Industrial Base data nor any Personal Identification Information has been breached. A cyber protection team from Joint Forces Headquarters, Department of Defense Information Network, is working with DCMA to enhance network security. DCMA’s website has been intentionally taken offline while the team investigates the activity. All other network operations have proceeded as normal.”
What “suspicious activity” was spotted on internal servers remains unknown, but Wray assured that no severe personal information was taken from the servers.
According to Krebs, Wray declined to elaborate on the extent of the hack attack, however, sourced within the DCMA claim the agency has been having “major system issues, including a number of internal systems.”
“We have been told it was due to issues with unscheduled maintenance, but the regular emails from [DCMA higher-ups] seem to indicate a larger, unspoken problem,” Krebs was told by an anonymous DCMA employee.
The anonymous DCMA employee claims the problems relates to the agency’s resources that DCMA employees use to report in work and review federal contracts between external companies and the Department of Defense, extending far beyond the main website. Meaning the breach could possibly be more severe than Wray initially exposed.
While details are scarce, we will keep you updated as the story continues to develop.