Jump to content
Sign in to follow this  
Followers 0
Malsua

Chinese hack of OPM...also got the machine gun registry

By Malsua, in General Discussion

Recommended Posts

Kevin125    4,772

Kevin125
Posted

 

 

Everyone believed that (not me). And for far too long.

I wouldn't trust Google Docs for critical stuff or anything confidential.

 

But systems can be secured. It isn't easy or cheap and the hardest part is where human beings are in any way responsible for 100% of the access required...like if they need just a password.

 

But the systems can be secured if its done correctly and the defense isn't static. And this is the exception. The rule is most companies suck at network/system security. And often its because of the shitty directives and weak backing from senior mgt. but it is possible to secure "digital" systems.

Share this post

Link to post
Share on other sites

Malsua    1,422

Malsua
Posted

Anyone run through a federal background check is also compromised.   I'm pretty sure it only applies to people in security positions, but still, this is a huge breach.

 

---------

http://www.usatoday.com/story/news/nation/2015/07/09/obama-hack-office--personnel-management/29921919/

 

OPM says second hack affected more than 21M Americans

 

WASHINGTON — The massive hack of background check records at the Office of Personnel Management compromised the data of 21.5 million people — five times more than were affected by an initial breach, the agency announced Thursday.

The revelation brought more calls from Congress for OPM Director Katherine Archuleta to be fired.

"After today's announcement, I have no confidence that the current leadership at OPM is able to take on the enormous task of repairing our national security," said House Speaker John Boehner, R-Ohio. "Too much trust has been lost, and too much damage has been done. President Obama must take a strong stand against incompetence in his administration and instill new leadership at OPM."

When the hack was revealed early last month, OPM officials said personal information from the personnel records of about 4.2 million current and former federal employees had been breached.

That number did not include the victims of a second, related hack into the background check forms of people applying for jobs that required security clearance. OPM officials said Thursday that an interagency investigation of that data breach concluded that sensitive information — including Social Security numbers — was stolen from 21.5 million people.

The victims of that second hack include 19.7 million people who applied for a background investigation, as well as 1.8 million others who were not applicants. The non-applicants were primarily spouses and cohabitants of the applicants, and their personal information was included in the background check forms the applicants were required to complete.

The breach is likely to have affected any federal applicant over the past 15 years, and perhaps longer.

For any individual who underwent a background check since 2000, "it is highly likely that the individual is impacted by this cyber breach," the OPM statement said. "If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely."

The statement said there is no information to suggest "any misuse or further dissemination of the information that was stolen from OPM's systems."

Two major federal employee unions sued OPM for failing to protect their personal information.

Thursday's announcement further outraged House Oversight Committee Chairman Jason Chaffetz, who had already been calling for the resignation of OPM Director Katherine Archuleta and Chief Information Officer Donna Seymour.

"As I've said since June 16, after the Oversight Committee held the first hearing on this disastrous data breach, Director Archuleta and CIO Donna Seymour need to resign or be removed," Chaffetz, R-Utah, said Thursday. "Since at least 2007, OPM leadership has been on notice about the vulnerabilities to its network and cyber security policies and practices. Director Archuleta and Ms. Seymour consciously ignored the warnings and failed to correct these weaknesses."

 

Rep. Adam Schiff of California, the senior Democrat on the House Permanent Select Committee on Intelligence, said he doesn't believe OPM has been completely honest with Congress about the cyberattacks.

"I do not believe OPM was fully candid in its original briefing to the committee and omitted key information about two distinct hacks and the breadth of the potential compromise," Schiff said. "To the degree OPM has not been fully forthcoming with Congress or has sought to blame others for a lack of adequate security, OPM has not inspired confidence in its ability to safeguard our networks and most sensitive databases."

Fellow Democrat Mark Warner, a Virginia senator, called for Archuleta's removal Thursday.

"It is time for her to step down, and I strongly urge the administration to choose new management with proven abilities to address a crisis of this magnitude with an appropriate sense of urgency and accountability," he said.

Sen. Ron Johnson, R-Wis., chairman of the Committee on Homeland Security and Governmental Affairs, also blasted OPM's management.

"Today's announcement shows not only that cyber security on federal agency networks has been grossly inadequate but that the management of the OPM is not up to the task of fixing the problem," Johnson said.

Sen. John McCain, R-Ariz., the chairman of the Armed Services Committee, said "it is time for new leadership at OPM."

"After the Office of Personnel Management initially downplayed the damage of the recent data breach, it is deeply troubling to learn that the extent of the damage is far greater," McCain said.

The FBI and the Department of Homeland Security are investigating the hack, which some administration officials have privately blamed on hackers from China. The Chinese government has denied involvement.

In testimony before key congressional committees, officials of OPM's Office of Inspector General said they had repeatedly warned of cybersecurity weaknesses in the agency's data systems.

Archuleta, who has been at OPM for 18 months, testified that the hacks occurred as she was in the process of trying to modernize the agency's aging systems, some of which are 30 years old.

Lawmakers were largely unmoved by Archuleta's explanations.

"OPM was aware of the persistent issues – including three data breaches in 2014 that should have served as stark warnings that the personal data of millions of federal employees was being targeted by hackers," said Sen. Jerry Moran, R-Kan., chairman of the Commerce Subcommittee for Consumer Protection and Data Security. "Yet, there is little evidence that any action was taken by OPM. This lack of response has put federal workers, the American people, and – most importantly – our national security at risk."

Share this post

Link to post
Share on other sites

PeteF    1,044

PeteF
Posted

I had a security clearance for ~20 years.  I received the following letter from the "OPM".  If you go to sign up for these services, the first thing they do is ask for SSN, address, phone, email Birth day, etc.

What the F?  All the things that possibly could have been stolen they are asking for?  Any one else got one of these letters?

 

 

 

post-1653-0-14749400-1447802229_thumb.jpg

Share this post

Link to post
Share on other sites

voyager9    3,434

voyager9
Posted

I had a security clearance for ~20 years. I received the following letter from the "OPM". If you go to sign up for these services, the first thing they do is ask for SSN, address, phone, email Birth day, etc.

What the F? All the things that possibly could have been stolen they are asking for? Any one else got one of these letters?

Yes. Same exact thing. Haven't gone to the website and I'm not sure if it's spear phishing or not.

 

 

Sent from my iPhone using Tapatalk

Share this post

Link to post
Share on other sites

jackandjill    683

jackandjill
Posted

Then they turn around ask for crazy budget and additional powers to fight Cyber War.

 

You would imagine certain agencies moved away from using SSN as ID's or symmetric key algo and moved to revokable ID'S and stronger encryption.

 

Somewhere Chinese are laughing their ass off looking at the follow up remediation.

 

 

No amount of money can address mind-boggling stupidity.

Share this post

Link to post
Share on other sites

mipafox    438

mipafox
Posted

I had a security clearance for ~20 years.  I received the following letter from the "OPM".  If you go to sign up for these services, the first thing they do is ask for SSN, address, phone, email Birth day, etc.

What the F?  All the things that possibly could have been stolen they are asking for?  Any one else got one of these letters?

If you had a security clearance for 20 years, they hacked and stole all your personnel records including your medical records 15 years ago. You missed that letter?

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Sign in to follow this  
Followers 0
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.



×
×
  • Create New...