Hmmm.....didn't waste time calling it an attack on America and blaming it on China/Russia, did they?

http://wtop.com/tech/2015/06/us-officials-massive-breach-of-federal-personnel-data/


Hackers broke into the computer networks of the U.S. government personnel office and stole identifying information of at least 4 million federal workers, officials said Thursday.

The Department of Homeland Security said in a statement that data from the Office of Personnel Management and the Interior Department had been compromised.

“The FBI is conducting an investigation to identify how and why this occurred,” the statement said.

A U.S. official who declined to be identified said the data breach could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen.

Ken Ammon, chief strategy officer of Xceedium, a government security contractor, said the attack fit the pattern of those conducted by “nation states.” In the world of data-stealing cyberattacks, that phrase typically refers to either Russia or China.

“This is an attack against the nation,” Ammon said, because the information could be used to impersonate or blackmail federal employees with access to sensitive information.
more at link

And these are the guys that want to store and record all your personal data. What could go wrong?


https://www.youtube.com/watch?v=VUW71HXbXAg

Probably just conditioning for a larger "hack" at a later date with much larger ramifications...

http://www.reuters.com/article/2015/04/14/us-usa-fed-disaster-idUSKBN0N528G20150414


Two of the sources, which included market participants and Fed officials and who spoke under condition of anonymity, said the Chicago office was partly protection against a possible cyber attack against the New York Fed. In February, Fed Chair Janet Yellen told a congressional panel the central bank is addressing "ever-escalating (cyber) threats to our operations."

Chinese Hackers?

Isn't that what they said about the Sony Hack too.. and were wrong.

I would not blame the Chinese,, with the provocations that have been ongoing..

But I doubt they are anything but a convenient scapegoat.. The idiots that failed to secure the system are the ones to blame.

Chinese Hackers?

Isn't that what they said about the Sony Hack too.. and were wrong.

I would not blame the Chinese,, with the provocations that have been ongoing..

But I doubt they are anything but a convenient scapegoat.. The idiots that failed to secure the system are the ones to blame.
I don't know why those systems with so much critical info are open to the entire internet in the first place.

I don't know why those systems with so much critical info are open to the entire internet in the first place.

Sort of an invitation,,huh?

Massive breach of federal personnel data

This should be publicly accessible in the first place, permitting tax-ticks to hide anonymously is a big problem....

This should be publicly accessible in the first place, permitting tax-ticks to hide anonymously is a big problem....

Looking at headlines.. you know what stands out..?

Not Chinese hackers,, (ignore that,, it's misdirection)
What stands out is 4 MILLION Federal workers.

4 Million

way too many

Looking at headlines.. you know what stands out..?

Not Chinese hackers,, (ignore that,, it's misdirection)
What stands out is 4 MILLION Federal workers.

4 Million

way too many

How many more are there?

Yes 4 million is exorbitant but 4 million is only a segment.........

How many more are there?

Yes 4 million is exorbitant but 4 million is only a segment.........

I've read 1 in 7 get's their primary income from the federal government. What's that? About 40 million?

Looking at headlines.. you know what stands out..?

Not Chinese hackers,, (ignore that,, it's misdirection)
What stands out is 4 MILLION Federal workers.

4 Million

way too many


If it makes you feel any better its only 1 million more than are in prison.

For the gov system to find threats, it has to know what it's looking for.... :confused:


https://www.youtube.com/watch?v=SQ26VlpbH98

You can only fight off what you know is attacking you.... if it's FUD, then you're fu.... well, you know.

Who watches the watchmen? Don't call it a hack, call it open source big brother.

Youtube comment: Yeah can't really protect yourself when the country that is hacking you is most likely making your computer's to? Lol. :o

It's an "attack on America" when government employees have their personal information sifted through, but it's not an attack when the government does it to innocent Americans?

I've read 1 in 7 get's their primary income from the federal government. What's that? About 40 million?

That's 14%. Puts Stasi in a different perspective - https://www.nytimes.com/books/first/k/koehler-stasi.html

not 4 million, AT LEAST 4 million, which means there's even more

It's an "attack on America" when government employees have their personal information sifted through, but it's not an attack when the government does it to innocent Americans?

Good talking point.

You can only fight off what you know is attacking you....

U.S. Was Warned of System Open to Cyberattacks
http://www.nytimes.com/2015/06/06/us/chinese-hackers-may-be-behind-anthem-premera-attacks.html


The agency did not possess an inventory of all the computer servers and devices with access to its networks, and did not require anyone gaining access to information from the outside to use the kind of basic authentication techniques that most Americans use for online banking. It did not regularly scan for vulnerabilities in the system, and found that 11 of the 47 computer systems that were supposed to be certified as safe for use last year were not “operating with a valid authorization.”


As one senior former government official who once handled cyberissues for the administration, who would not speak on the record because it could endanger the person’s role on key advisory committees, said on Friday, “The mystery here is not how they got cleaned out by the Chinese. The mystery is what took the Chinese so long.”

Good.

Hope whoever did it, empties their bank accounts.

Asset Forfeiture, assholes.

Good.

Hope whoever did it, empties their bank accounts.

Asset Forfeiture, assholes.

I would like for the families of those incarcerated on trumped up, over inflated and misrepresented drug charges to have direct access to DA's and AUSA's....Even the undercover kops of various stripes.

If these folks were doing good they wouldn't need to hide.

Some are saying it was every last federal employee, including retired.

http://www.huffingtonpost.com/2015/06/11/federal-government-data-breach_n_7564218.html

------

Chinese Hackers?

Isn't that what they said about the Sony Hack too.. and were wrong.

North Korea actually, but yeah.

Watching today's House hearing on this breach. Chaffetz asked the OPM Director, Katherine Archuleta, if the compromised info included military. She refused to answer and said "I'd be happy to speak with you in a classified setting." She was asked if contractors have been compromised. Same "classified setting" answer. Finally she was asked if there were CIA in the database. She shut down momentarily and then the "classified setting" answer yet again.

Why would it require a classified session to answer those simple questions? I'm thinking data was turned over voluntarily and is being called a breach.

A wise man once said: "The purpose of government is to pretend to fail."

eta: It was just admitted, by omission, that SF-86 digitized security clearance forms (the 120 page background forms) were part of the breached data. There was a classified session after this public session today.

This is something to watch. The few Congresscritters in the hearing are hammering the panel.

If it makes you feel any better its only 1 million more than are in prison.

I hear the figure is actually closer to 14 million. That is, 14 million government employees who had their personal information compromised.
Also, a large sum of the 14 million were records relating to security clearance. So this class of "personal information" extends well beyond the SSN,DOB,Employer, etc.. This is very personal/private data used by the government to evaluate/check for security clearance.

Funny thing is that they (the government) are trying to spin this as a justification for complete system overhauls and upgrades. "Systems were too old and slow to enable encryption" LOL. So nobody will go to jail - nobody will be held accountable for the damage caused - and they'll end up getting appropriations to upgrade their entire datacenter. Everybody wins :)

This year+ long leak stands to cause much more damage to individual and national security than anything Snowden leaked. The scale and duration exceeds anything I would call negligent - I'd argue it was deliberate. Especially when "they" were advised that the systems be shut down (security holes were known). Now who's going to be charged under the espionage act? <holding_breath>

I haven't seen this article posted yet. Some interesting info (emphasis added).

But of course, we are supposed to ignore this comedy of errors and incompetence.

Instead, we will be expected to howl for the government to "save us" from those perfidious Russians and Chinese.

(And don't forget that Edward Snowden musta helped 'em! (http://www.ronpaulforums.com/showthread.php?476774-Britain-pulls-spies-as-Moscow-cracks-Snowden-files) :rolleyes:)

With "security" like this, who needs vulnerabilities ... ?

Why the OPM Breach Is Such a Security and Privacy Debacle
http://www.wired.com/2015/06/opm-breach-security-privacy-debacle/
Kim Zetter & Andy Greenberg (11 June 2015)

If it’s not already a maxim, it should be: Every big hack discovered will eventually prove to be more serious than first believed. That’s holding to be especially true with the recently disclosed hack of the federal Office of Personnel Management, the government’s human resources division.

At first, the government said the breach exposed the personal information of approximately four million people (http://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-governments-personnel-office/2015/06/04/889c0e52-0af7-11e5-95fd-d580f1c5d44e_story.html)—information such as Social Security numbers, birthdates and addresses of current and former federal workers. Wrong.

[...]

What’s more, in initial media stories about the breach, the Department of Homeland Security had touted the government’s EINSTEIN detection program, suggesting it was responsible for uncovering the hack. Nope, also wrong.

Although reports are conflicting about how the OPM discovered the breach, it took investigators four months to uncover it, which means the EINSTEIN system failed. According to a statement from the OPM, the breach was found after administrators made upgrades to unspecified systems. But the Wall Street Journal reported today that the breach was actually discovered during a sales demonstration by a security company named CyTech Services (http://www.wsj.com/articles/u-s-spy-agencies-join-probe-of-personnel-records-theft-1433936969) (paywall), showing the OPM its forensic product.

There are also some questions now about the number of people affected by the breach. Bloomberg and the Associated Press report that the figure may be closer to 14 million (http://www.bloomberg.com/news/articles/2015-06-11/white-house-weighs-responses-as-scope-of-federal-hack-widens)—affecting not only current and federal employees but also military, intelligence and government contractor staff going back to the 1980s. But others are disputing this (http://www.politico.com/story/2015/06/report-opm-breach-may-have-compromised-14-million-records-118912.html).

[...]

The OPM had no IT security staff until 2013, and it showed. The agency was harshly criticized for its lax security in an inspector general’s report released last November that cited its lack of encryption and the agency’s failure to track its equipment. Investigators found that the OPM failed to maintain an inventory list of all of its servers and databases and didn’t even know all the systems that were connected to its networks. The agency also failed to use multi-factor authentication for workers accessing the systems remotely from home or on the road.

[... full article at link: http://www.wired.com/2015/06/opm-breach-security-privacy-debacle/ ...]

This hearing displays that basically all executive level government officials are nothing more than PR people for contractors. The notion of a behemoth federal government is a ruse. The federal government itself is a relatively small group of administrators and PR mouthpieces for the contractors that perform what is considered by most people to be "government functions". Corporate controlled government (aka fascism) is here.