Good job.
Next: social-engineer or blackmail those who are weak, indebted or corrupt into giving away data they amassed on US citizens and private companies.
When I first heard this on the news I thought “sucks to be a fed employee” until about 10 seconds later when I realized how this could be leveraged. This is no small deal. The fallout from this could be huge and doesn’t even have to be soon. 5 years from now they could decide “now is the time” and start taking over lives, black mailing for info…
In short, this is a whole lot bigger than the news made it sound this morning in their 10 second news bite.
That already happens. You cannot trust government agents specifically because any of them could be a double agent. This breach only increases the possibility that there may be double agents.
And I doubt this is the first breach either. This is just the breach which was sloppy enough to be detected.
Report: Hack of government employee records discovered by product demo
Security tools vendor found breach, active over a year, at OPM during sales pitch.
As officials of the Obama administration announced that millions of sensitive records associated with current and past federal employees and contractors had been exposed by a long-running infiltration of the networks and systems of the Office of Personnel Management on June 4, they claimed the breach had been found during a government effort to correct problems with OPM’s security. An OPM statement on the attack said that the agency discovered the breach as it had “undertaken an aggressive effort to update its cybersecurity posture.” And a DHS spokesperson told Ars that “interagency partners” were helping the OPM improve its network monitoring “through which OPM detected new malicious activity affecting its information technology systems and data in April 2015.”
Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ’s Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. “CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network,” Paletta and Hughes reported.
Inertia, a lack of internal expertise, and a decade of neglect at OPM led to breach.
And, according to federal investigators, that malware may have been in place for over a year. US intelligence agencies have joined the investigation into the breach. But it’s still not even clear what data was accessed by the attackers.
Meanwhile, the breach has triggered outrage from unions representing federal employees. In a letter to OPM Director Katherine Archuleta, American Federation of Government Employees president J. David Cox expressed displeasure at the way OPM had handled the breach, calling the 18 months of credit monitoring and $1 million liability insurance OPM is offering federal employees “entirely inadequate, either as compensation or protection from harm.”
And he expressed concern about the extent of the breach. “Based on the sketchy information OPM has provided, we believe the Central Personnel Data file was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees,” he stated. “We believe that the hackers have every affected person’s Social Security number(s), military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race, union status, and more. Worst, we believe the Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous.”
Cox demanded that federal employees be allowed to use their government computers “on duty time to attempt to protect themselves from this breach.” He said OPM’s outsourcing of the responsibility for handling questions about the breach “adds insult to injury,” and that federal employees “deserve more than a difficult-to-navigate website and call center contractors who do not know the answers to questions that go beyond a FAQ template.”
“AFGE will issue demands to bargain for represented workers, and we ask that you make certain that management is apprised of its responsibility to respond appropriately,” he added.
Russia and China have allegedly decrypted the top-secret cache of files stolen by whistleblower Edward Snowden, according to a report from The Sunday Times, to be published tomorrow. The info has compelled British intelligence agency MI6 to withdraw some of its agents from active operations and other Western intelligence agencies are now actively involved in rescue operations. In a July 2013 email to a former U.S. Senator, Snowden stated that, “No intelÂliÂgence serÂvice—not even our own—has the capacÂity to comÂproÂmise the secrets I conÂtinue to proÂtect.
Wow it is amazing the timing of these two big stories that are centered around encryption and privacy.
I’m not sure what to think?
A report in The Guardian on Sunday has called into question both the timing and accuracy of The Sunday Times report, as it relied completely on anonymous sourcing and comes just days after a report on terrorism legislation.
Never let a crisis go to waste?
Hopefully logic and truth prevails. It is almost comical at this point how stupid the “Intelligent” have been for a long time.
The Guardian article is BS.
If the two countries knew the identities of “spies”, they would have caught them.
Also Snowden didn’t have any “files”.
I read the guardian article as they did not believe the Sunday News article stating the new ED rumor. They provided the list of previous attempts to sway the public opinion with false stories that have been disproved and this one seems the same unless several questions can be answered.
@janitor Did you read the gaurdian article? It’s not bullshit.
Today the gaurdian reports that both The Sunday Times - the publisher of these unfounded accusations about Snowden - and the Daily Mail, have both dropped one of the lies about Snowden this story is based on, and without explanation, which is a violation if their own IPSO press rules: corrections are supposed to be explained and given equal prominence to the original.
You’re right, it raises the issues about the nature of those reports, it’s not bullshit.
What I meant to say the whole story is made up and it shouldn’t be even discussed. Clearly it’s made to build support for the new and improved Orwellian surveillance plan (I know you said that document contains improvements and the fact that it’s debated is an improvement in itself).
My point is: all such docs and news should be ignored and efforts to create mechanisms for secure communications and data sharing tools for everyone should continue as usual. In terms of Internet surveillance governments are increasingly irrelevant and most privacy-oriented projects (at least credible ones) rightly view them as evil and any conciliatory attitude towards the government should automatically discredit them because any “cooperation” with the government should be by design impossible.
Their goal wouldn’t be to catch them. Their goal would be to turn them in many instances.
Honestly we would have on way to know until they decide to move on their information which could be years or decades from now.
Fingerprints don’t make the best biometric because you can easily copy it. Other biometrics are much more difficult to copy such as veins.
In any case it’s not a big surprise that these government computers could be hacked by China. Cybersecurity is very hard especially when the computers are facing the Internet.