21 Million SS numbers hacked

[boomerang]

Well, it's all over the news. The data breach is five times bigger than was previously thought. SS numbers, fingerprints, financial, health as well as information about family, acquaintances and residences was stolen over a year long period.

Congress is calling for the head of the OPM, Katherine Archuleta to step down. IMO she should although I realize that she's just a scapegoat. But just how do we assess responsibility for this breach? Someone ultimately has to be responsible.

I don't feel this is an R and D thing at all. This is a government thing that could have occurred under any administration. How does a government secure this type of information as well as all the other information it collects and retains? Is it even possible? This is not an isolated incident although I believe it may be the most massive that we are currently aware of.

Edit: Looks like another thread got started while I was typing.

 

[thraashman]

Well, it's all over the news. The data breach is five times bigger than was previously thought. SS numbers, fingerprints, financial, health as well as information about family, acquaintances and residences was stolen over a year long period.

Congress is calling for the head of the OPM, Katherine Archuleta to step down. IMO she should although I realize that she's just a scapegoat. But just how do we assess responsibility for this breach? Someone ultimately has to be responsible.

I don't feel this is an R and D thing at all. This is a government thing that could have occurred under any administration. How does a government secure this type of information as well as all the other information it collects and retains? Is it even possible? This is not an isolated incident although I believe it may be the most massive that we are currently aware of.

Edit: Looks like another thread got started while I was typing.

True, but yours is actually non-partisan and sane.

 

[Kwatt]

What I hear in the news is anyone that has had a security background check in the last 15 years may/has been got.


I have had 3 checks for 3 different sites....


.

 

[lotus503]

The only way to secure this type of data is in a closed system.

I'm curious as to why this information wasn't encrypted at rest.

 

[unokitty]

The only way to secure this type of data is in a closed system.

I'm curious as to why this information was encrypted at rest.

It wasn't encrypted.

"OPM's data security posture was akin to leaving all the doors and windows open in your house and expecting that nobody would walk in and nobody would take any information. ...."

The investigating committee heard that IT security at the OPM has been identified as lacking in every report by the inspector general since 2007, and that while some advances had been made, the state of the agency's network security was embarrassing.

Archuleta acknowledged that the none of the 4.2 million social security numbers stolen in the hack were stored in an encrypted form; that two-factor authentication was only used consistently by remote workers; and that it would be impossible to secure some of the OPM's older legacy systems.

Admittedly, encrypting a database isn't much use if a hijacker has gained full control of your application servers, but the lack of two-factor authentication, and other protection mechanisms, is telling.

"It was not feasible to implement [encryption] on networks that are too old," she said, adding that her assessment was that once an attacker gained access to a network they could decrypt the data anyway.

"Advanced tools take time," she said. "Cybersecurity problems are decades in the making and the whole of government is responsible."

A visibly uncomfortable Archuleta frequently refused to answer questions from Congressfolk about what exactly was stolen in the attack, citing national security concerns.

If the OPM director won't answer the questions perhaps the Chinese will...

Seriously, encrypting data is security 101.

The 'hacker' was in the system for the better part of a year...

But as long as the US Government's position is that no one is getting fired because no one is responsible, crap like this is going to keep on happening...

Billions of dollars for TSA, no money to secure OPM.

Billions of dollars to bomb the Middle East, no money to secure OPM.

Its just priorities...

Obviously, the cybersecurity companies are not giving as much to the politician's campaign funds as the more traditional parts of the defense industry.

Uno

 

[echo4747]

What I hear in the news is anyone that has had a security background check in the last 15 years may/has been got.


I have had 3 checks for 3 different sites....


.

I heard on the news that it was China that hacked the ssn numbers. Wonder if the Chinese stock market tumble a few days ago was a bit a revenge or coincidence... plus the "glitch" in the US stock exchange a couple days ago too

 

[lotus503]

It wasn't encrypted.



If the OPM director won't answer the questions perhaps the Chinese will...

Seriously, encrypting data is security 101.

But as long as the US Government's position is that no one is getting fired because no one is responsible, crap like this is going to keep on happening...

Billions of dollars for TSA not enough money to secure OPM.

Billions of dollars to bomb the Middle East no money to secure OPM.

Its a matter of priorities...

Uno

Yes sorry, I meant to type wasn't not was.

 

[lotus503]

It wasn't encrypted.



If the OPM director won't answer the questions perhaps the Chinese will...

Seriously, encrypting data is security 101.

But as long as the US Government's position is that no one is getting fired because no one is responsible, crap like this is going to keep on happening...

Billions of dollars for TSA not enough money to secure OPM.

Billions of dollars to bomb the Middle East no money to secure OPM.

Its a matter of priorities...

Uno

What is interesting is I've recently had to go through Risk and Security assessment by the federal government. As a minimum standard data must be encrypted in transit and at rest with 128bit AES.

So as a vendor they insist I have security controls in place they don't have.

 

[HomerJS]

Does this mean Hillary did the right thing keeping her emails off .gov servers?

 

[TheSlamma]

Katherine Archuleta has no reason to even be in that position, her experience is in political campaigns. The icing on the cake is it sounds like she is a complete luddite to boot.

You don't have to be SSCP certified to be in these positions, but you better damn well respect IT and cybersecurity in the 21st century.

 

[unokitty]

What is interesting is I've recently had to go through Risk and Security assessment by the federal government. As a minimum standard data must be encrypted in transit and at rest with 128bit AES.

So as a vendor they insist I have security controls in place they don't have.

Still, its good to be professional and to have your reputation intact.

Unlike some other people:

"After today's announcement, I have no confidence that the current leadership at OPM is able to take on the enormous task of repairing our national security. Too much trust has been lost, and too much damage has been done," Boehner said in a statement.

Sen. Mark R. Warner, D-Va., Sen. Steve Daines, R-Mont., and Rep. Jason Chaffetz, R-Utah, also issued statements Thursday saying Archuleta must go.

On Thursday's teleconference with reporters, Archuleta said she would not be stepping down. "I am committed to the work that I am doing at OPM," she said. "I have trust in the staff that is there, including Donna Seymour."

Until the government holds their own accountable for data security, we're going to keep hearing about what they have lost...

Uno

 

[TheSlamma]

Does this mean Hillary did the right thing keeping her emails off .gov servers?

Most Gov email is all "discoverable" anyway. Open Records Act and Freedom of Information Act.

I know a few gov workers who are 100% fine with being discovered... know what they tell me.. go ahead look through it, all you will find in there is WORK related stuff since I do my job. Maybe more gov workers should take that hint.

 

[tweaker2]

Does this mean Hillary did the right thing keeping her emails off .gov servers?

Well, seeing as if the Repubs are always pushing for smaller government and letting the more qualified and streamlined private sector handle as much of the load as possible, I should think they'd be all for that. So I wonder why they made such a stink over it.

 

[TheSlamma]

Well, seeing as if the Repubs are always pushing for smaller government and letting the more qualified and streamlined private sector handle as much of the load as possible, I should think they'd be all for that. So I wonder why they made such a stink over it.

BIAS police here: If it was a Repub the Dems would have their panties in a bunch over it too. Nice try though.

Back to the facts. All gov workers should be transparent, screw what the Dems and Reps say.

 

[Doc Savage Fan]

Archuleta resigned.

 

[ivwshane]

BIAS police here: If it was a Repub the Dems would have their panties in a bunch over it too. Nice try though.

Back to the facts. All gov workers should be transparent, screw what the Dems and Reps say.

Not true at all! Repubs have already done the same thing, hell the bush admin lost some 10k emails (if I remember correctly) and barely a peep was made let alone multi investigations into the matter.

So no, "both sides are the same" doesn't apply here.

 

[TheSlamma]

Not true at all! Repubs have already done the same thing, hell the bush admin lost some 10k emails (if I remember correctly) and barely a peep was made let alone multi investigations into the matter.

So no, "both sides are the same" doesn't apply here.

https://en.wikipedia.org/wiki/Bush_White_House_email_system

Naa it was loud, you just don't remember it from your side of the fence.

Doesn't matter, fact is ALL government should be transparent with their people. Not a party thing.

 

[tweaker2]

BIAS police here: If it was a Repub the Dems would have their panties in a bunch over it too. Nice try though.

Back to the facts. All gov workers should be transparent, screw what the Dems and Reps say.

It was tongue in cheek humor brah.

 

[TheSlamma]

It was tongue in cheek humor brah.

Damn my humor meter!

recalibration time

 

[ivwshane]

https://en.wikipedia.org/wiki/Bush_White_House_email_system

Naa it was loud, you just don't remember it from your side of the fence.

No it wasn't and your link even proves that.

 

[TheSlamma]

No it wasn't and your link even proves that.

http://www.nydailynews.com/news/pol...-missing-bush-administration-article-1.432951

So these guys wasted 2 years getting them all back?

 

[ivwshane]

http://www.nydailynews.com/news/pol...-missing-bush-administration-article-1.432951

So these guys wasted 2 years getting them all back?

Are those liberal groups? Are they related to the DNC? No? Then you haven't made your point now have you?

Do I need to remind you what you wrote or are you going to continue to provide me with links to non partisan groups who took matters into their own hands because the dems didn't bother?

 

[TheSlamma]

Are those liberal groups? Are they related to the DNC? No? Then you haven't made your point now have you?

Do I need to remind you what you wrote or are you going to continue to provide me with links to non partisan groups who took matters into their own hands because the dems didn't bother?

lol, CREW is well known to be liberal group.

So the answer is yes.

Let me guess, knowing you now is when the name calling and personal attacks fire up?

 

[unokitty]

Failed to prevent penetration of systems. Check
For the better part of a year, failed to detect compromised systems Check
Failed to detect extraction of data Check

No one responsible Check

What was this lady's qualifications again?

Archuleta “also worked as the National Political Director for President Obama’s reelection campaign, where she traveled around the country listening to the many issues facing Americans,” according to the White House...

Among her many accomplishments, Katherine served as the Executive Director of the National Hispanic Cultural Center Foundation, worked as the director of professional services for a Denver law firm, and cofounded the Center for Regional and Neighborhood Action. During her tenure in the Clinton Administration, she served as a senior advisor to Secretary Federico Peña at the Department of Energy, and as his Chief of Staff and Deputy Chief of Staff at the Department of Transportation.

Breaking news -- she quit.

Apparently, if you are a former National Political Director for Obama's reelection campaign, you can lose 4 million sets of PIID and everything is fine.

If however, you lose 21 million sets of PIID, then you have to quit?

Who said that the Obama Administration doesn't have cybersecurity standards?

Uno

 

[cabri]

What was this lady's qualifications again?
Breaking news -- she quit.

Apparently, if you are a former National Political Director for Obama's reelection campaign, you can lose 4 million sets of PIID and everything is fine.

If however, you lose 21 million sets of PIID, then you have to quit?

Who said that the Obama Administration doesn't have cybersecurity standards?

Uno

She is only gone because the extent of the breach became public and political backlash started up.