Jump to content
Sign in to follow this  
lostinblue

Hack of government employee records discovered by product demo

4 posts in this topic

Recommended Posts

Report: Hack of government employee records discovered by product demo Security tools vendor found breach, active over a year, at OPM during sales pitch.

by Sean Gallagher - Jun 11, 2015 7:41pm EDT

As officials of the Obama administration announced that millions of sensitive records associated with current and past federal employees and contractors had been exposed by a long-running infiltration of the networks and systems of the Office of Personnel Management on June 4, they claimed the breach had been found during a government effort to correct problems with OPM's security. An OPM statement on the attack said that the agency discovered the breach as it had "undertaken an aggressive effort to update its cybersecurity posture." And a DHS spokesperson told Ars that "interagency partners" were helping the OPM improve its network monitoring "through which OPM detected new malicious activity affecting its information technology systems and data in April 2015."

Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ's Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. "CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network," Paletta and Hughes reported.

Why the “biggest government hack ever” got past the feds

Inertia, a lack of internal expertise, and a decade of neglect at OPM led to breach.

And, according to federal investigators, that malware may have been in place for over a year. US intelligence agencies have joined the investigation into the breach. But it's still not even clear what data was accessed by the attackers.

Meanwhile, the breach has triggered outrage from unions representing federal employees. In a letter to OPM Director Katherine Archuleta, American Federation of Government Employees president J. David Cox expressed displeasure at the way OPM had handled the breach, calling the 18 months of credit monitoring and $1 million liability insurance OPM is offering federal employees "entirely inadequate, either as compensation or protection from harm."

And he expressed concern about the extent of the breach. "Based on the sketchy information OPM has provided, we believe the Central Personnel Data file was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees," he stated. "We believe that the hackers have every affected person's Social Security number(s), military records and veterans' status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race, union status, and more. Worst, we believe the Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous."

Cox demanded that federal employees be allowed to use their government computers "on duty time to attempt to protect themselves from this breach." He said OPM's outsourcing of the responsibility for handling questions about the breach "adds insult to injury," and that federal employees "deserve more than a difficult-to-navigate website and call center contractors who do not know the answers to questions that go beyond a FAQ template."

"AFGE will issue demands to bargain for represented workers, and we ask that you make certain that management is apprised of its responsibility to respond appropriately," he added.

http://arstechnica.com/security/2015/06/report-hack-of-government-employee-records-discovered-by-product-demo/

we believe the Central Personnel Data file was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees," he stated. "We believe that the hackers have every affected person's Social Security number(s), military records and veterans' status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race, union status, and more. Worst, we believe the Social Security numbers were not encrypted

At least Hillary handled her server in the correct manner


If more citizens were armed, criminals would think twice about attacking them, Detroit Police Chief James Craig

Florida currently has more concealed-carry permit holders than any other state, with 1,269,021 issued as of May 14, 2014

The liberal elite ... know that the people simply cannot be trusted; that they are incapable of just and fair self-government; that left to their own devices, their society will be racist, sexist, homophobic, and inequitable -- and the liberal elite know how to fix things. They are going to help us live the good and just life, even if they have to lie to us and force us to do it. And they detest those who stand in their way."
- A Nation Of Cowards, by Jeffrey R. Snyder

Tavis Smiley: 'Black People Will Have Lost Ground in Every Single Economic Indicator' Under Obama

white-privilege.jpg?resize=318%2C318

Democrats>Socialists>Communists - Same goals, different speeds.

#DeplorableLivesMatter

Share this post


Link to post
Share on other sites

this is so footzing cool !

it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. "CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network," Paletta


Sometimes my language usage seems confusing - please feel free to 'read it twice', just in case !
Ya know, you can find the answer to your question with the advanced search tool, when using a PC? Ditch the handphone, come back later on a PC, and try again.

-=-=-=-=-=R E A D ! ! !=-=-=-=-=-

Whoa Nelly ! Want NVC Info? see http://www.visajourney.com/wiki/index.php/NVC_Process

Congratulations on your approval ! We All Applaud your accomplishment with Most Wonderful Kissies !

2mzcunl.gif

Share this post


Link to post
Share on other sites

this is so footzing cool !

it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. "CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network," Paletta

You think they made the sale ?


If more citizens were armed, criminals would think twice about attacking them, Detroit Police Chief James Craig

Florida currently has more concealed-carry permit holders than any other state, with 1,269,021 issued as of May 14, 2014

The liberal elite ... know that the people simply cannot be trusted; that they are incapable of just and fair self-government; that left to their own devices, their society will be racist, sexist, homophobic, and inequitable -- and the liberal elite know how to fix things. They are going to help us live the good and just life, even if they have to lie to us and force us to do it. And they detest those who stand in their way."
- A Nation Of Cowards, by Jeffrey R. Snyder

Tavis Smiley: 'Black People Will Have Lost Ground in Every Single Economic Indicator' Under Obama

white-privilege.jpg?resize=318%2C318

Democrats>Socialists>Communists - Same goals, different speeds.

#DeplorableLivesMatter

Share this post


Link to post
Share on other sites

man, that's got to be the most esoteric side issue in this big pot o poo, aye?

but hey - lets hope yes?

Edited by Darnell

Sometimes my language usage seems confusing - please feel free to 'read it twice', just in case !
Ya know, you can find the answer to your question with the advanced search tool, when using a PC? Ditch the handphone, come back later on a PC, and try again.

-=-=-=-=-=R E A D ! ! !=-=-=-=-=-

Whoa Nelly ! Want NVC Info? see http://www.visajourney.com/wiki/index.php/NVC_Process

Congratulations on your approval ! We All Applaud your accomplishment with Most Wonderful Kissies !

2mzcunl.gif

Share this post


Link to post
Share on other sites
 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
- Back to Top -


Important Disclaimer: Please read carefully the Visajourney.com Terms of Service. If you do not agree to the Terms of Service you should not access or view any page (including this page) on VisaJourney.com. Answers and comments provided on Visajourney.com Forums are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Visajourney.com does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. VisaJourney.com does not condone immigration fraud in any way, shape or manner. VisaJourney.com recommends that if any member or user knows directly of someone involved in fraudulent or illegal activity, that they report such activity directly to the Department of Homeland Security, Immigration and Customs Enforcement. You can contact ICE via email at Immigration.Reply@dhs.gov or you can telephone ICE at 1-866-347-2423. All reported threads/posts containing reference to immigration fraud or illegal activities will be removed from this board. If you feel that you have found inappropriate content, please let us know by contacting us here with a url link to that content. Thank you.
×