[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-dhs-network-was-breached-for-weeks-after-alerts-were-dismissed":10,"sections":34},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":24,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},4831,"dhs-network-was-breached-for-weeks-after-alerts-were-dismissed","DHS Network Was Breached for Weeks After Alerts Were Dismissed","Analysts twice flagged the intrusion on the HSIN information-sharing network as false positives, giving attackers roughly three weeks of undetected access.","The US Department of Homeland Security spent three weeks unknowingly hosting intruders on its primary interagency information-sharing platform.\n\nAttackers breached HSIN — the Homeland Security Information Network, which carries unclassified but sensitive data used by domestic agencies and international partners — and were flagged by automated systems twice in May 2026. Analysts dismissed both alerts as false positives. By the time a breach was formally declared on June 4, the attackers had modified server files, executed malicious code through a legitimate web-server process, stolen credential files, installed backdoors, and deleted logs to obscure their tracks. Investigators have not yet attributed the intrusion to any specific group or nation-state, and what was actually exfiltrated beyond the credential files remains unknown.\n\nThe credential theft is the detail that should worry investigators most. Stealing credentials is rarely an end in itself — it is preparation for lateral movement into systems beyond the initial foothold. HSIN handles event security planning, threat data, interagency coordination, and details on persons of interest; the breach overlapped with FIFA World Cup security operations. Senate Intelligence Committee Vice Chairman Mark Warner put it plainly: the platform's sensitivity outstrips its classification level, and exposure risks national security. That framing sits awkwardly beside DHS's own characterization of the incident as involving a \"specific, unclassified legacy information sharing environment.\"\n\nHSIN has been compromised before — a hijacked account in 2009, misconfigured access in 2023 — so the network's security record was already thin. What is new this time is the human failure layer: automated detection worked, and humans overrode it twice. DHS and CISA have both absorbed significant workforce cuts over the past year, and the gap between a triggered alert and a competent human review of that alert is exactly where understaffing shows up. The House Homeland Security Committee has already requested a briefing; expect the staffing question to feature prominently.","[\"security\",\"government\",\"dhs\",\"cybersecurity\"]","2026-07-17T19:30:00.000Z","2026-07-17T20:05:05.329Z","2026-07-17T20:05:07.596Z","published",null,[],"security",[24,26,27,28],"government","dhs","cybersecurity",[30],{"name":31,"url":32},"TechRadar","https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Fhackers-breached-dhs-after-alarms-were-twice-ruled-false-positives",0,{"sections":35},[36,41,44,49,54,59,64,69,74,79,84,89,94,99],{"name":37,"slug":38,"count":39,"latest_published_at":40},"AI","ai",2601,"2026-07-17T17:00:27.000Z",{"name":42,"slug":24,"count":43,"latest_published_at":18},"Security",315,{"name":45,"slug":46,"count":47,"latest_published_at":48},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":50,"slug":51,"count":52,"latest_published_at":53},"Policy","policy",169,"2026-07-17T19:49:53.000Z",{"name":55,"slug":56,"count":57,"latest_published_at":58},"Hardware","hardware",126,"2026-07-16T20:09:48.000Z",{"name":60,"slug":61,"count":62,"latest_published_at":63},"Consumer Tech","consumer-tech",94,"2026-07-16T16:29:46.000Z",{"name":65,"slug":66,"count":67,"latest_published_at":68},"Software","software",72,"2026-07-17T09:42:05.000Z",{"name":70,"slug":71,"count":72,"latest_published_at":73},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":75,"slug":76,"count":77,"latest_published_at":78},"Dev Tools","dev-tools",60,"2026-07-16T16:59:13.000Z",{"name":80,"slug":81,"count":82,"latest_published_at":83},"Startups","startups",42,"2026-07-16T16:30:35.000Z",{"name":85,"slug":86,"count":87,"latest_published_at":88},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":90,"slug":91,"count":92,"latest_published_at":93},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":95,"slug":96,"count":97,"latest_published_at":98},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":100,"slug":101,"count":102,"latest_published_at":103},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]