‘Trust Us With More Data,’ Say Government Agencies Hacked By A 16-Year-OldPosted: February 20, 2016
Tim Cushing writes: We live in a world where a 16-year-old who goes by the handle of “penis” on Twitter can dive into the servers of two of America’s most secure federal agencies and fish out their internal files.
This 16-year-old is allegedly part of the same crew that socially engineered their way into the inboxes of CIA director John Brennan, Director of National Intelligence James Clapper and the administration’s senior advisor on science and technology, John Holdren.
We also — somehow — live in a world where these same agencies are arguing they should be entrusted with massive amounts of data — not just on their own employees, but on thousands of US citizens.
The DHS, FBI and NSA all want more data to flow to them — and through them. The cybersecurity bill that legislators snuck past the public by attaching it as a rider to a “must pass” appropriations bill contains language that would allow each of these affected agencies to partake in “data sharing” with private companies. This would be in addition to the data these agencies already gather on American citizens as part of their day-to-day work.
The DHS — one of the more recent hacking victims — is the only agency that expressed a reluctance to partake in the new data haul. This isn’t because it wouldn’t like to have access to the data, but because it would be the agency responsible for “scrubbing” the data before passing it on to other agencies. DHS officials likely took a look at this requirement and saw it for what it was: a scapegoat provision. Should any legal action or public outcry have resulted from the new “sharing” demands, the DHS would have been the agency offered up to appease the masses.
Fortunately for the DHS — but less fortunately for anyone concerned about expanding domestic surveillance efforts — this requirement has been altered. A bit. The Attorney General will now examine the DHS’s “scrubbing” efforts and determine whether or not they’re Constitutionally adequate. Of course, the Attorney General is more likely to side with whatever level of scrubbing provides the maximum flow of data to underling agencies like the FBI, so that’s not all that reassuring. On the other hand, it puts the AG in the crosshairs should something backfire.
This is the government that feels it can protect the nation from hackers: the government that can’t protect itself from hackers.
The IRS seems to suffer from attacks almost daily, thanks to its treasure trove of social security numbers, addresses and other personally identifiable information. The OPM — which oversees federal hiring — coughed up plenty of the same personal info when it was hacked.
The agencies involved in the cybersecurity efforts have shrugged at the government’s inability to protect personal information, arguing that these hacks only highlight how essential the new cybersecurity legislation is. More power and more data is what’s needed, apparently, not an internal effort to shore up security before foisting their demands on the private sector. The government can’t protect itself against politically-motivated teenagers. What chance does it have against organized criminals or state-sponsored attacks?
It’s insanity. It’s like hearing…..(read more)