Saturday, July 25, 2015

Claims entire US national security system at risk following 'mind boggling' year-long cyber-assault that saw information of 21.5 million federal employees stolen

Claims entire US national security system at risk following 'mind boggling' year-long cyber-assault that saw information of 21.5 million federal employees stolen

  • Most of the files accessed in May were from background checks on people who applied for jobs with the government, or on their spouse or partner 
  • At least 1.1 million of the stolen records included fingerprints 
  • U.S. national security clearance system only coming back online today    


Saturday, Jul 25th 2015

It was one of the biggest hacks in history, with cyber intruders breaching the White House Office of Personnel Management and stealing the personal information of at least some 21.5 million past and current federal employees.
Now, experts have warned that this could be just the tip of the iceberg - and that the entire US national security system could be at risk from the 'mind boggling' attacks, which several experts believe originated from China. 
They say the entire U.S. national security clearance system could be compromised, on the day it is finally being restarted. 
Data breach: Hackers stole sensitive information, including social security numbers, of about 21.5 million people from background investigation databases. At least 1.1 million of the records include fingerprints
Data breach: Hackers stole sensitive information, including social security numbers, of about 21.5 million people from background investigation databases. At least 1.1 million of the records include fingerprints

21.5 MILLION AFFECTED

Hackers stole 21.5 million social security numbers in an extraordinary data breach, the US Office of Personnel Management (OPM) has revealed.
The files, accessed in May, included those of 19.7 million individuals who had applied for security clearances to qualify for a job with the government. Another 1.8 million belonged to non-applicants, such as applicants' spouses or partners.
At least 1.1 million of the stolen records included fingerprints, the OPM said in a news release.
Shut down in late June for 'security enhancements,' the Office of Personnel Management's e-QIP system was back on line, OPM spokesman Sam Schumach said today in a statement.
He said, however, that the system would only 'incrementally' be re-opened to users so as to 'resume this service in an efficient and orderly way.'
OPM was sorely criticized after it reported in April and May that computer breaches had compromised job and security clearance personal data related to more than 21.5 million people. 
The e-QIP system was shut down two weeks ago as a precaution. 
According to Fox News, unnamed experts have warned it could be used to blackmail and bribe officials. 
The identity disaster could also weaken the U.S. in any time of military confrontation: 'If we choose to engage in conflict, we are in a much weaker position,' one expert concluded, according to Fox. 
'It's the digital equivalent of Pearl Harbor,' another expert told Fox News. 
'Because people don't see the carnage, they don't recognize that this is the equivalent of an act of war. This is about espionage—Cold War tactics in the modern digital age.'
Government officials have acknowledged that data submitted by 4.2 million federal job applicants, as well as security clearance data for 22 million individuals, some of them relatives of clearance applicants, likely was compromised in two computer breaches disclosed earlier this year.
Officials have privately blamed China for hacking into the data, but the Obama administration has indicated it is reluctant to publicly accuse the Chinese of this kind of spying.

China has dismissed as 'irresponsible and unscientific' any suggestion that it was behind the hacking.
Some administration officials have said the disabling of e-QIP seriously 'hindered' the security clearance process because agencies and contractors who dealt with clearance applications were not set up to handle replacement paper applications.
An OPM official said the government still had not started to notify any of the 21.5 million individuals whose data was suspected of being compromised.
Following the breach, the Obama Administration carried out a much-touted “30-Day Cybersecurity Sprint” announced in the wake of the hacking at the Office of Personnel Management (OPM).  
'They are saying 'The horse has left the barn, let's lock the door,' ' declared Theresa Payton, who served as White House Chief Information Officer from 2006 to 2008, and now runs her own cyber-security consulting firm, Fortalice Solutions. 
'This is an unrecoverable situation. Our most sensitive data is in bad peoples' hands.'
 The breach caused America's personnel chief to quit.
Katherine Archuleta, who was appointed head of OPM in 2013, has stepped down after the breach emerged
Katherine Archuleta, who was appointed head of OPM in 2013, has stepped down after the breach emerged
Katherine Archuleta, director of the Office of Personnel Management (OPM), initially dismissed calls for her to leave office, insisting she planned to help resolve the extraordinary oversight.
She was in charge when social security numbers, health histories and even finger prints were downloaded from the OPM database in May. 
It was just a month after another massive breach affecting 4.2 million federal employees. 
Finally, on Friday afternoon, the White House caved to bipartisan calls for the president to 'take a strong stand against incompetence' by letting Archuleta go. Obama appointed her in 2013.
House Speaker John Boehner, Majority Leader Kevin McCarthy and Whip Steve Scalise have appealed to President Obama to fire Archuleta and 'take a strong stand against incompetence'.
The White House initially said there were no plans the remove Archuleta from her position, which she has held since 2013, after waiting a month to share news of the hack with the public. 
However, Michael Daniel, cyber security coordinator for the National Security Council, cryptically told reporters on Friday morning: 'Just because we're not doing public attribution does not mean that we're not taking steps to deal with the matter.'
In a statement, Boehner said: 'After today's announcement, I have no confidence that the current leadership at OPM is able to take on the enormous task of repairing our national security.'
Scalise says the president's response to the security breach has been 'nothing short of breathtaking in its inadequacy.'
McCarthy calls the latest news 'absolutely inexplicable.' 
The files, accessed in May, included those of 19.7 million individuals who had applied for security clearances to qualify for a job with the government. Another 1.8 million belonged to non-applicants, such as applicants' spouses or partners.
At least 1.1 million of the stolen records included fingerprints, the OPM said in a news release.
Michael Daniel, who is also a special assistant to the president, said he was 'not really prepared to comment' on whether China was responsible for the hack.
The incident comes after a 'separate, but related' incident in April, when files of 4.2 million current and former federal workers were stolen.
According to OPM, both breaches were discovered as the agency conducted a forensics investigation into the way federal data is managed.  

The new breach is in addition to, and also overlaps with, the leak of four million citizens 'information in April
The government will now be forced to provide three years of support from a private firm specializing in data breaches for all 21.5 million victims to monitor their children, credit files and identity.  
Stolen records include identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and more.
Some records also include findings from interviews conducted by background investigators and fingerprints. 
Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.
There is significant overlap between the two groups, according to the OPM news release.
Human vices, such as infidelity, compulsive gambling, problems with alcohol or drugs, as well as emotional and behavioral issues, raise red flags for officials who gather so-called 'adjudication information' - information that government investigators gather during the vetting process of potential hires and current employees seeking a higher level of clearance.
The U.S. government has attributed sophisticated attacks - including the original large-scale data theft last month - to increasingly advanced state-affiliated teams from China.
China has denied any connection with the OPM attack and little is known about the identities of those involved in it.
Asked during a conference call with reporters whether China was responsible, Michael Daniel said that 'at this point the investigation into the attribution of this event is still ongoing and we are exploring all of the different options that we have.'
He added that 'we're not really prepared to comment at this time on the attribution behind this event.' 

No comments:

Post a Comment

Comments always welcome!