Who Hacked South Carolina’s Revenue Department?

EASTERN EUROPEAN CRIME SYNDICATE SAID TO BE BEHIND PALMETTO STATE DATA HEIST Members of an Eastern European crime syndicate – one with alleged ties to the Russian government – were responsible for an unprecedented security breach that took place at the S.C. Department of Revenue (SCDOR) in August and September…


Members of an Eastern European crime syndicate – one with alleged ties to the Russian government – were responsible for an unprecedented security breach that took place at the S.C. Department of Revenue (SCDOR) in August and September of this year, sources familiar with the investigation tell FITS.  In fact law enforcement agencies on two continents are reportedly in the process of trying to “repurchase” the data that was stolen – part of a broader international sting operation targeting this criminal enterprise.

Last week S.C. Gov. Nikki Haley belatedly informed the public that 3.6 million Social Security numbers and nearly 400,000 credit card numbers had been stolen from SCDOR by an anonymous hacker.  Individual tax returns may have also been stolen.

In disclosing the breach, Haley said that she wanted the individual responsible “brutalized” and “slammed against the wall.”

While Haley was putting on her show, though, officials in her administration were telling legislative leaders and other state officials that a global effort led by Interpol and the U.S. Department of Justice was “trying to buy the list back.”

“We made the last payment,” one Haley advisor told a top lawmaker less than 24 hours before the governor held her infamous press conference.

The Haley aide told the lawmaker that the blackmail payments were part of a “global law enforcement sting” and that “no South Carolina tax dollars” were being used for the purpose of repurchasing the list.  The legislative leader declined to identify the name of the Haley staffer he spoke with – even after being granted anonymity to speak freely.

Sophisticated Russian-based hacking operations have been targeting state and local government systems with increasing frequency in recent months.  These stealth attacks generally target weak databases by infecting them with malicious computer code – downloading reams of data which is then sold to the highest bidder.

Hackers are getting better at launching these database-driven attacks, but according to our sources South Carolina should have been much better prepared.

The Palmetto State has received millions of dollars in cyber security grants from the U.S. Department of Homeland Security (USDHS) in recent years.  Not only that, the state reportedly paid “a boatload of money” to Carnegie Mellon’s internationally recognized Computer Emergency Response Team (CERT) to train state employees on new cyber security measures.

The governor’s administration – which experienced another major security breach back in April – has been widely criticized for its poor data integrity as well as the length of time it took for officials to become aware of the problem.  Haley’s administration has also come under fire for waiting sixteen days to inform the public about the breach – which was reportedly initiated on August 27.

According to our sources, Haley’s administration knew about the true nature of the security breach for “several weeks” prior to disclosing it to the public.  In fact the governor’s office appears to have explicitly instructed other state agencies to keep the true nature of the breach under wraps during that time period.

Mark Keel – chief of the S.C. State Law Enforcement Division (SLED) – has stated previously that Haley’s administration wanted to wait until a specific set of “benchmarks” had been reached in the investigation before they went public with the news that a breach had occurred.

Keel – who never disclosed what those “benchmarks” were – did not respond to a request for comment regarding this story.


Related posts


S.C. Attorney General Leads Parental Rights Coalition

Erin Parrott

South Carolina Attorney General Addresses Title IX Changes


It’s Getting Hot In South Carolina

Will Folks


keepingemhonest October 28, 2012 at 7:10 pm

1. The announcement to the public has all the appearances of a Friday afternoon bad news dump so it would get lost in the weekend events. It could have/should have been released earlier in the week.

2. If you read the DOR Timeline of events, you will see that one of their and Haley’s first actions was to lawyer up with Nelson Mullins. Clearly the actions of people agency with nothing to worry about (NOT!)

3. Anybody notice how the STATE newspaper has almost zero coverage of this in their Sunday paper, which gets the largest circulation. What does Haley on them to get them to kill the story? And between the Frankenstorm and national elections, almost zero mention in National media so the rest of the nation doesn’t get any clue of the incompetence of their rising star.

4. I’m still betting on the hacker being in India using passwords learned from “there was no password, the password was my high school” you know who.

Frank Pytel October 29, 2012 at 5:37 am

You’re absolutely correct. This is a Friday afternoon, after the markets close, dump. But they clearly fear that this has far reaching implications, which it does.

All of the major markets are closed today, and expect to be closed Tuesday according to the WSJ. Now why would NASDAQ, an entirely 100% electronically trading system (as I understand it) need to close because of a hurricane? A hurricane that is expected to make landfall sometime well after the markets have closed, nearly 80 miles south of manhattan?

By early Tuesday (3 am ish) they are expecting gusts to max at 40mph. And the eye of the storm is projected to be some 100 miles south east of manhattan.

Yeah, she had a benchmark allright. Someone has been studying Oshitheadism for a good long time now.

Have a Great Day!! :)

Frank Pytel

Sam October 28, 2012 at 7:35 pm

WLTX seems to have additional info.

Someday the Palmetto State voters will learn that a sophisticated 23 billion dollar enterprise cannot be run by a group of twenty somethings and a governor at a fundraising event.

Many “events” that cost the taxpayer money happen all the time. This one just got in the papers.

Pigeon dodo on the dome October 28, 2012 at 7:51 pm

Good GOD! An incompetent, lying, self serving fool is President of the US and his incompetent, lying, self serving fool female twin is Governor od South Carolina!
We are truly screwed!

TontoBubbaGoldstein October 29, 2012 at 12:11 am

“Raghead” Jakie, zat you?

insider October 28, 2012 at 7:54 pm

Wonder how much she earned from selling the data?

Booyah October 28, 2012 at 8:06 pm

There were humans DIRECTLY in charge of this data.

Who are they and what did they do or not do?

It doesn’t take a “syndicate” to hack a server, but that looks better than “we got pwned because we were stupid”.

Oh great October 28, 2012 at 8:09 pm

So you just made your last payment to the Russian mob for data that can be easily replicated, then announced that it was from Interpol who is trying to take them out. Yeah, I bet that will work out okay…NYET!

Frank Pytel October 29, 2012 at 5:02 am

Yeah, but we don’t negotiate with terrorists…Right?

Have a Great Day!! :)

Frank Pytel

Carpe Jugulum October 28, 2012 at 8:15 pm

Right on Keepingthemhonest! All the gibberish about “benchmarks” is just that-gibberish. How stupid do they think we are? The hackers that stole a mind boggling amount of information from DOR had probably already split it up, repackaged it and sold it all over the planet before somebody in the Gov’s office had come up with the term “benchmarks.” I really can’t wait to hear what the benchmarks were and how they determined that they had been met.

Let’s just face it; while DOR was playing with themselves every taxpayer in the state was potentially taken to the cleaners. Mark my words, nobody is going to pay the freight on this but the people who paid their taxes. Keel and the DOR leadership will simply bend over front ways and keep their jobs. Don’t worry, they’ve already got calluses.

Which brings up the question; where was the SLED Fusion Center while all this was going on? What happened to all the SLED and Homeland Security cooperation and joint operations? Isn’t that place supposed to be the “nerve center” of counter terrorism in S.C.? Another expensive and embarrassing cluster. No wonder that bunch of goofs wound up buying a bunch of machine guns they couldn’t use.

Heads should roll, but they won’t.

Smirks October 28, 2012 at 8:51 pm

The way Haley talks about it she acts as if they only have an envelope filled with papers. It is a digital file that has likely been stored in several locations, if a copy hasn’t already been sold. Even worse is that a failed sting could piss these fuckers off enough to drop info via pastebin with some of the SSNs, effectively making thousands of SSNs public info. If you are one of the unlucky ones there, sorry, you are SCREWED.

Anyone who honestly thinks we can “buy back” this info is an absolute moron of the first degree. They are gone. Enjoy your “free” year of identity protection, but it is still coming out of your pocket and you’ll likely have to keep it up at your own expense after the first year just to be safe.

Just amazing. I bet the real reason Haley wants them slammed against the wall is because (1) it hurts her political image and (2) the hackers didn’t pay her anything for the privilege of fucking us.

First Name October 28, 2012 at 9:12 pm

I have already hired an attorney and will be filing a very large lawsuit against the state. They have publicly admitted and accepted fault. Game, Set, Match.

insider October 28, 2012 at 9:15 pm


SEAMUS October 29, 2012 at 7:39 am

Surely this will become a very large class action lawsuit. Where do we sign up?

Large lawsuit? October 29, 2012 at 10:19 am

So I have to ask, how big is this lawsuit? Over 100 pages? Have fun spending your share of $600,000 with the other 3.6 million folks and the class attorneys.

? October 29, 2012 at 10:56 am

lmao @ “large”

I was thinking the same thing.

I find the irony of taxpayers(maybe? or maybe tax eaters) shaking their fist in fury at the incompetent gov’t pretty funny…because even if they win a judgement the taxpayers are the one footing the bill for the damage caused.

lol…it’s like slapping yourself in the face because your brother did something stupid.

I wish I had a nickel for every chump that threatened to take someone to court for a big “payday” or to show them “who’s right”. If half these people realized how dysfunctional the “Justus” system is they would get on with their lives.

Mad October 28, 2012 at 10:42 pm

How does the lexington ring play into this?

its time October 29, 2012 at 8:27 am

Yall wanted “less governemnt”…and you got it.

Any lawsuits filed should include the teaparty and the “send me my rebate” crowd which believes that you can cut your way into prosperity (for the favored few).

Oh well, only a matter of time and this will somehow be blamed on state employees. They will be the only ones “nailed to the wall” when Tom Davis, Merril and Haley (among others) get done casting blame from themselves and their actions in crippling state government.

Smirks October 29, 2012 at 11:33 am

I actually want to know whose fault it was. It could be incompetent or lazy employees, but it could also be crappy management decisions or other problems within how the agency is run. This needs an investigation, but getting a legitimate one done is probably not ever going to happen. As I mentioned before, it will likely come down to hiring a few more managers to “oversee” securing everything, and of course those people will likely hire a bunch of do-nothing consultants or fall prey to vendors trying to hock expensive shit that either sucks, can be handled by cheaper stuff, or requires extensive training for current employees (and no new expert employees that have extensive backgrounds in the industry).

Cut a few managers’ pay and hire some experts. Get some funding so they can buy what they need to secure the data. Unfortunately, the cat is already out of the bag regarding our SSNs, but we can at least prevent future attacks.

I don’t see how they could look at the Medicaid leak and not think that sensitive information could be compromised in other agencies, namely the one agency that holds sensitive information for the vast majority of citizens in this state.

Frank Pytel October 30, 2012 at 3:58 am

I think it was alot of both smirks. A hell of a lot.

Have a Great Day!! :)

Frank Pytel

OhMeOhMy October 30, 2012 at 8:53 pm

A very good point Smirks. What chance is there that these cyber criminals were attracted to SC based on that very Medicaid leak?!

FedUp October 29, 2012 at 8:48 am

Not even the Whore of Babylon could screw 3.6 million people at the same time… Hayley’s reputation is now complete. (She can retire…

Astonished October 29, 2012 at 9:12 am

Is anyone else feeling like we’ve been “slammed again the wall and brutalized” ?????

south mauldin October 29, 2012 at 11:50 am

Does she even think before she opens her mouth? If I were the First Loser, I would tell her to put a sock in it.

they call me Mr. Sinister October 29, 2012 at 10:58 am

“I have already hired an attorney and will be filing a very large lawsuit against the state.” I have to call BULLSHIT on this; first no attorney in this state would touch a suit against SC this early in a still developing situation. Further,any civil suit you might try to file would be squashed by the courts until criminal prosecution by the Feds and the state.

“They have publicly admitted and accepted fault.” Comments like this carry very little weight in a suit. Any suit that you filed trying to use this as a admission of guilt would be tossed in that you have to prove the extent of the acceptance of fault and then that they had control/authority to accept or be responsible.

But if you have hired an attorney and are attempting to file a suit go ahead, just remember that there is a tremendous difference between filing,winning and being able to collect.

Alan Two Bars Wilson October 29, 2012 at 12:42 pm

Look heah, I have hired us Nelson Mullins, which is currently suing the State in two other cases, so they can’t sue us for this at least.

We got nothin’ to worry about, except what we will be paying them will make what got stole look like bolled peanuts.

Butch and Kevvy are lawyering up too, in case any of this gets on Nikki’s blue dress.

In the mean time, everbody cancel their credit cards and get a new social.

Fuckin’ commies. We are gonna slam them to the wall and brutalize them just like we do everybody who breaks the law in SC, except of course Speaka Harrell and Guvna Haley.

Grumpy Cookie October 29, 2012 at 3:32 pm

Is Haley aware that her helpline isn’t greeting us with “It’s a Great Day in SC!”?

hhuuhh?? October 29, 2012 at 4:04 pm

During the Hodges Administration, the head of the Department of Corrections was fired when prison truestees were found to be having sex in the (temporary) Governor’s Mansion.

The head of the Department of Revenue (per the website) has been on the job for nearly two years and with all the talk in the world about cyber security and cyber attacks, we have no information he ever discussed security with his director of IT or asked what other states’ revenue departments do to secure their information.

Now which is more important: trustees having sex or what the numbers indicate is every tax filer and their dependents in the state having their Social Security number stolen?

P.S., the cabinet system was supposed to bring accountability to the Office of the Governor and their appointees. Yeah, when pigs fly.


Leave a Comment