Forum list. Calendar Articles, reviews and editorials. Pictures Listen to music and watch videos. See a listing of our DJ's / Producers.
Join our community and access additional features.Here you can view your subscribed threads, work with private messages and edit your profile and preferences.View a list of our members.Answers to some frequently asked questions about using the message board.SearchFind all of the latest posts since your latest visit.Private messagingLog out of the message board Make the board look like a Word document Switch to layout optimized for mobile phones
Username: Password: 

  Last Thread   Next Thread

Groovanauts.com > Everything Else > Politics / Economics > That Federal Employee data breach wasn't a hack...We gave the Chinese direct access willingly
Author
 
Twitter Facebook MySpace Digg
Post New Thread   
translucent
Webmaster
Lord of Laziness

Registered: May 2001
Location: Over there
Posts: 36625

Find other members from United States   This member is single. To change your relationship status, click on the Prefs button at the top of the page and edit your preferences. This member is a m. To change your gender indicator, click on the Prefs button at the top of the page and edit your preferences.
Top 10 List: < click >

That Federal Employee data breach wasn't a hack...We gave the Chinese direct access willingly

The US agency plundered by Chinese hackers made one of the dumbest security moves possible

Natasha Bertrand

Jun. 18, 2015, 3:54 PM
219

Office of Personnel Management (OPM) Director Katherine ArchuletaAPOffice of Personnel Management director Katherine Archuleta testifies on Capitol Hill in Washington, June 16, 2015.

Contractors in Argentina and China were given "direct access to every row of data in every database" when they were hired by the Office of Personnel Management (OPM) to manage the personnel records of more than 14 million federal employees, a federal consultant told ArsTechnica.

The massive breach of OPM's database — made public by the Obama administration this month — prompted speculation over why the agency hadn't encrypted its systems, which contain the sensitive security clearance and background information for intelligence and military personnel.

Encryption, however, according to Ars, would not have helped in this case because administrators responsible for managing these records had root access to the system, Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified yesterday at a two-hour hearing before the House Oversight and Government Reform Committee.

And it turns out that a systems administrator responsible for handling the agency's records "was in Argentina and his co-worker was physically located in the [People's Republic of China]," a consultant who worked with an OPM-contracted company told ArsTechnica.

"Both had direct access to every row of data in every database: they were root."

Experts and politicians are now lambasting the US government for the way agency handled IT security.

"OPM is right in general that encryption is not magic security butter," Dave Aitel, CEO of cybersecurity firm Immunity Inc., told Business Insider. "But the committee is also right in that OPM was massively negligent."

All told, 65% of OPM's data was stored on systems lacking proper security certification, Ars reports, meaning the data was vulnerable to far more people than just those with root access and valid login credentials.

"They [the unsecured systems] were in your office, which is a horrible example to be setting," House Oversight Chairman Jason Chaffetz (R-Utah) told Archuleta during the hearing.

"OPM's data security posture was akin to leaving all your doors and windows unlocked and hoping nobody would walk in and take the information," Chaffetz added.

Office of Personnel Management

The OPM IT team frequently outsources its work to foreign contractors working in their home country. Those holding Chinese passports are no exception.

"Another team that worked with these databases had at its head two team members with [People's Republic of China] passports," the consultant told Ars. "I know that because I challenged them personally and revoked their privileges."

"From my perspective, OPM compromised this information more than three years ago," he added. "And my take on the current breach is 'so what's new?'"

In fact, the breach was unprecedented in its breadth and scope: "Security-wise, this may be the worst breach of personally identifying information ever," Michael Borohovski, CEO of Tinfoil Security, told Business Insider on Friday.

Federal employees and contractors who want government-security clearance have to disclose virtually every aspect of their lives via a 120-page SF 86 questionnaire, which is then stored on OPM's unencrypted database.

The OPM also "conducts more than 90% of all federal background investigations, including those required by the Department of Defense and 100 other federal agencies," Reuters reported last week.

Experts fear the stolen information could be used by the Chinese government to blackmail, exploit, or recruit US intelligence officers, compromising the success and safety of agents operating at home and abroad.

http://uk.businessinsider.com/the-us-agency-plundered-by-chinese-hackers-made-one-of-the-dumbest-security-moves-possible-2015-6?r=US

Let me get this straight, no one in the government thought it would be a bad idea to give Chinese nationals direct access to our entire federal employee database? Why do we even contract stuff like this to foreign nationals? There should be a law requiring that only US citizens can work on government projects. It's bad enough we outsource private sector jobs overseas. Of course now it's probably too late for that cause the Chinese government can blackmail any of them will all of their personal data.



"Tresor never sleeps"

Report this post to a moderator | IP: Logged

Old Post 06-19-2015 09:33 AMtranslucent is offline
Click Here to See the Profile for translucent Click here to Send translucent a Private Message Visit translucent's homepage! Find more posts by translucent Add translucent to your buddy list Edit/Delete Message add to multiple quote reply: Reply w/Quote
bxbomb
VIC....WHERES THE LINK ?!?!?

Registered: Aug 2006
Location: 631
Posts: 4741

Find other members from United States  
Top 10 List: < click >

methinks were behind the 8ball when it comes to this stuff.. I have more faith in a kid from Moldova on his laptop than the govt.

and im sure all we have to do is ask the chinese for Hillarys emails that she destroyed after being told not to

Report this post to a moderator | IP: Logged

Old Post 06-24-2015 10:27 AMbxbomb is offline
Click Here to See the Profile for bxbomb Click here to Send bxbomb a Private Message Find more posts by bxbomb Add bxbomb to your buddy list Edit/Delete Message add to multiple quote reply: Reply w/Quote
translucent
Webmaster
Lord of Laziness

Registered: May 2001
Location: Over there
Posts: 36625

Find other members from United States   This member is single. To change your relationship status, click on the Prefs button at the top of the page and edit your preferences. This member is a m. To change your gender indicator, click on the Prefs button at the top of the page and edit your preferences.
Top 10 List: < click >

This is the problem with sequestration and cutting funding to the federal government. You wind up not having a realistic enough budget to hire the best and the brightest as full time employees. So, a bunch of former burger-flippers wind up working there and we wind up with stupidity like this.



"Tresor never sleeps"

Report this post to a moderator | IP: Logged

Old Post 06-24-2015 01:39 PMtranslucent is offline
Click Here to See the Profile for translucent Click here to Send translucent a Private Message Visit translucent's homepage! Find more posts by translucent Add translucent to your buddy list Edit/Delete Message add to multiple quote reply: Reply w/Quote
All times are GMT -5 hours. The time now is 04:08 AM. Post New Thread   
Groovanauts.com > Everything Else > Politics / Economics > That Federal Employee data breach wasn't a hack...We gave the Chinese direct access willingly

  Last Thread   Next Thread
Show Printable Version | Subscribe to this Thread


Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is ON
vB code is ON
Smilies are ON
[IMG] code is ON
 

[new topics]

< Contact Us - Groovanauts - Refer Friends >

Groovanauts.com is an online community of electronic music enthusiasts, DJ's, producers, promoters, club owners and party animals. If you find yourself addicted to this website, step away from your keyboard, walk out the door and go dance somewhere. We had nothing to do with your internet addiction and you are the only one liable for your own lack of a social life. Our public message board and content is protected by the First Amendment of the United States of America. People can say whatever they want without getting censored. Groovanauts.com's owners and its operators take absolutely no responsibility for the actions, claims or statements made by any of our members. Our members and moderators are neither employees of Groovanauts.com nor its legal representatives.