https://hothardware.com/news/how-cheap-smart-id-card-reader-sold-amazon-became-national-security-risk
"
Earlier this month, we reported on a phishing attack that stole $23.5 million from the US Department of Defense (DoD). Thankfully, the DoD caught the cybercriminals and recovered the money, but this incident highlights the need for strong cybersecurity practices at the DoD and among its contractors. The DoD is a high value target with an extensive attack surface due to its size and complexity. A recent discovery demonstrates how cyberattacks can be indirect and come from unexpected sources. A government defense contractor relayed this discovery to Brian Krebs of KrebsOnSecurity, who published the details."
"DoD employees and contractors, along with military personal, use ID cards known as Common Access Cards (CAC) to access controlled spaces, as well as computer systems and networks. Cardholders don’t just use these cards onsite. Many employees and contractors need to access their email remotely, which requires CAC authentication. However, approved card readers aren’t standard issue devices for cardholders. As a result, government employees and contractors often turn to the internet to find compatible card readers."