Saturday, June 13, 2015

We Were Hacked and Our Data Stolen


For John, BLUFThe theft of personal data from OPM is terrible.  Nothing to see here; just move along.



From Daily Beast Reporter John R. Schindler we have "China’s Spies Hit the Blackmail Jackpot With Data on 4 Million Federal Workers".  This articles from 11 June.  Still, 13 June, no firings for this terrible loss of personal information.  That is to say, if you ever filled out an SF 86 in pursuit of a security clearance, the data is now in the hands of the hackers.  Here is the lede:
If you’ve ever held a security clearance with Uncle Sam, Chinese hackers now have all your personal info—and from debt to dirty money, they won’t be shy about causing mayhem with it.

With each passing day the U.S. government’s big hacking scandal gets worse.  Just what did hackers steal from the Office of Personnel Management? Having initially assured the public that the loss was not all that serious, OPM’s data breach now looks very grave.  The lack of database encryption appears foolhardy, while OPM ignoring repeated warnings about its cyber vulnerabilities implies severe dysfunction in Washington.

This should be the top headline everywhere, but doesn't even make Drudge, which means it is not making news across the fruited plain.

So, what will this stolen info provide to the thieves?  They can use it for blackmail.  They can use sell it to marketing operations.  They can increase your paranoia.

What should the Office of Personnel Management (OPM) (Federal Government) be doing?  They should be replacing managers who let this happen.  They should be looking for ways to impede hackers, including by air gapping some information.  They should be investing in modern hardware and software and investing in computer monitoring.

What should the US Congress be doing?  Investigating.  On a bipartisan basis.

UPDATE:  A 12 June AP story, from The Blaze.

Regards  —  Cliff

  Probably including if you went for a Security Clearance as an employee of a private company, like LockMart or Teledyne or DRC.
  If this were the UK, perhaps the head of OPM, Director Katherine Archuleta, would resign.  At least that used to be the way, with Members of Parliament shouting Shame! Shame!.
  Sorry, it is what popped up first when I searched on the lede.

1 comment:

Craig H said...

Our government's bipartisan disinclination to demand bureaucratic accountability in this and so many other instances is gutting. When our own veterans (the VA) and citizens (the IRS and name-your-other-federal-agency) are victims, it's bad enough. But when it's active duty personnel and intelligence information, it's effectively treasonous, (it's not like the people running these systems weren't informed there were vulnerabilities on repeated occasions), and your suggestion that, at the very least, they be fired, HAS to be the first step, and quickly.