US Government Databreach – Four Times Larger Than Originally Estimated

Starbucks says gift card hack was 'fraudulent activity'
June 19, 2015
Citizens Demand "Uber" Privacy
July 2, 2015

Current and former Federal Employees at Risk of Blackmail, Compromise and Exploitation

“The extent of personal data stolen makes this attack an order of magnitude greater than any we have seen of its kind in the past,” said California Democratic Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee who was briefed on the attack.

FBI Director James Comey gave the 18 million estimate in a closed-door briefing to Senators in recent weeks, using the OPM’s own internal data, according to U.S. officials briefed on the matter. Those affected could include people who applied for government jobs, but never actually ended up working for the government.

The same hackers who accessed OPM’s data are believed to have last year breached an OPM contractor, KeyPoint Government Solutions, U.S. officials said. When the OPM breach was discovered in April, investigators found that KeyPoint security credentials were used to breach the OPM system.

How does a government failure so consequential — a foreign power accessing 18 million confidential records, including the intimate personal details of federal workers’ infidelity, drug abuse, and personal debts uncovered during the background-check process for security clearances — happen?

According to CyberSecurity Expert, Gary S. Miliefsky, CEO of SnoopWall, Inc., they failed to do the following 7 basic INFORMATION SECURITY COUNTERMEASURES:

  1. Quarterly Information Security Training
  2. Removing holes and patching vulnerabilities
  3. Using the latest form of encryption
  4. Strong password management
  5. Understanding and protecting against phishing attacks
  6. Latest Tools to Block zero-day malware Remote Access Trojans (RATs)
  7. Not allowing traffic to leave the network to other risky countries

 

“Not only was a large volume (11 out of 47 systems) of OPM’s IT systems operating without a valid Authorization, but several of these systems are among the most critical and sensitive applications owned by the agency,” Michael Esser, OPM’s assistant inspector general for audits, wrote in testimony prepared for committee.

Let’s look at their chief of staff:

Before becoming the head of OPM, Katherine Archuleta had no background in the kind of work the agency does. Archuleta, a lawyer and former Clinton administration official, was national political director for President Obama’s reelection campaign. She served as the chief of staff to Secretary of Labor Hilda Solís, and was the City of Denver’s lead planner for the 2008 Democratic National Convention. Like the president, she has roots in “community organizing”: She co-founded the Latina Initiative, a Colorado organization aimed at getting more Hispanic voters involved in politics. (In 2011, the Latina Initiative suspended its operations, citing insufficient funding.) Nothing in this record suggests any expertise in the vitally important human resources and record-keeping functions OPM is supposed to serve.

The actual number of people affected is expected to grow, in part because hackers accessed a database storing government forms used for security clearances, known as SF86 questionnaires, which contain the private information of multiple family members and associates for each government official affected, these officials said.

The hackers have not only 18 million records, they can also correlate those with the 80m anthem breach and you have a full health and personal bio of a person…

In cyber-espionage terms “this is the mother load” in mission impossible terms, this is much bigger than the NOC (non official cover) list …By revealing who has security clearances and at what level, the Chinese may now be able to identify, expose and blackmail U.S. government officials around the world.

Sources:  SnoopWall, CNN, FBI, DHS

Comments are closed.

Request Demo