Advertisements

Democrats Debate in New Hampshire

drudge-dem-debate-dec

Source: Clinton goes for the jugular after data breach – POLITICO

bernie-debate-abc-brietbart

Live Updates: Democrats Debate in New Hampshire

Breitbart.comDrudgereport.com – Politico.com 

Advertisements

15 Million T-Mobile Customers Affected by Experian Data Breach, Including Social Security Numbers, More 

cool-blue-servers-data

T-Mobile has confirmed this evening that as many as 15 million of its customers have been affected by a data breach. As the company is quick to point out, however, the breach did not occur on its servers, but rather its credit partner’s, Experian.

While Experian and T-Mobile both confirm that no credit card or banking information was compromised in the breach, a variety of other sensitive information was. Customer names, addresses, birthdates, Social Security numbers, and ID numbers were all leaked as part of the attack.

The attack affects approximately 15 million people who required a credit check when signing up for device financing through T-Mobile. Perhaps most notably, however, the vulnerability was open for more than two years, from September 1, 2013 though September 16, 2015.

T-Mobile says that it is offering two years of free credit monitoring to anyone who fears they could have been affected by the breach. T-Mobile CEO John Legere wrote in an open letter on the carrier’s website that he is “incredibly angry about this data breach” and that T-Mobile will be reevaluating its relationship with Experian.

T-Mobile CEO on Experian’s Data Breach

I’ve always said that part of being the Un-carrier means telling it like it is. Whether it’s good news or bad, I’m going to be direct, transparent and honest.We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment. Experian has determined that this encryption may have been compromised. We are working with Experian to take protective steps for all of these consumers as quickly as possible. Read the rest of this entry »


BREAKING: OPM Director Resigns over Hack

archuletakatherine-resigns

Cory Bennett The embattled director of the Office of Personnel Management has resigned, bowing to mounting pressure from Capitol Hill for her to step aside over a devastating government hack.

Also see – Katherine Archuleta and the Accountability Problem

“Archuleta made clear to the president that she believed it was best for her to step aside and allow new leadership that would enable the agency to move beyond the current challenges and allow the employees at OPM to continue their important work.”

Katherine Archuleta, director of the Office of Personnel Management (OPM), stepped down a day after she revealed that multiple breaches at her agency had exposed more than 22 million people’s sensitive information.

resign-OPM

The chorus on Capitol Hill calling for her firing have been growing since shortly after the breach was first revealed in early June. Read the rest of this entry »


Military Clearance OPM Data Breach ‘Absolute Calamity’

Government-Hacking-Smal

The SF-86, a 127-page document, asks government employees to disclose information about family members, friends and past employment as well as details on alcohol and drug use, mental illness, credit ratings, bankruptcies, arrest records and court actions

David Larter and Andrew Tilghman report: Anxiety is spreading among defense officials and the military community that the recent theft of federal government data linked to China may affect hundreds of thousands of service members.

“They had access on everyone who has applied for a security clearance: families, residences and job assignments, bank records. If that’s not an absolute calamity, I don’t know what is.”

Compounding those concerns is the limited information made public by the Office of Personnel Management.

“They got everyone’s SF-86.”

Some military officials believe the recent hack targeting the civilian-run OPM seized information from tens of thousands of Standard Form 86s, which are required for all service members and civilians seeking a security clearance. That includes service members of all ranks, officers and enlisted, in a wide range of job specialties and assignments.

“This is a surreal new world and they are not being truthful. The way this works now is that they tell you a little bit of the truth, and then they obfuscate.”

“They got everyone’s SF-86,” one Pentagon official familiar with the investigation told Military Times.

The SF-86, a 127-page document, asks government employees to disclose information about family members, friends and past employment as well as details on alcohol and drug use, mental illness, credit ratings, bankruptcies, arrest records and court actions.

Given the scale of the breach as publicly disclosed by the Obama administration and OPM, it’s likely that the hackers obtained the SF-86 data of every military member who filled out the form on a computer, something that has been standard practice in Defense Department for well over a decade, said a retired senior intelligence community official who writes a blog under the pen name Victor Socotra.

The services began to make the digital SF-86 form mandatory in 2007, but service members used the digital form for years before that. Read the rest of this entry »


OPM IT Outsourced to Foreigner Contractors, with Root Access, Working from their Home Country. In this Case, Oh Yeah, China

opm-it

Encryption ‘would not have helped’ at OPM, says DHS official: Attackers had valid user credentials and run of network, bypassing security

 reports: During testimony today in a grueling two-hour hearing before the House Oversight and Government Reform Committee, Office of Personnel Management (OPM) Director Katherine Archuleta claimed that she had recognized huge problems with the agency’s computer security when she assumed her post 18 months ago. But when pressed on why systems had not been protected with encryption prior to the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractorsNON-STOP-PANIC-EX, she said, “It is not feasible to implement on networks that are too old.” She added that the agency is now working to encrypt data within its networks.

But even if the systems had been encrypted, it likely wouldn’t have mattered. Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network.

House Oversight Chairman Jason Chaffetz (R-Utah) told Archuleta and OPM Chief Information Officer Donna Seymour, “You failed utterly and totally.” He referred to OPM’s own inspector general reports and hammered Seymour in particular for the 11 major systems out of 47 that had not been properly certified as secure—which were not contractor systems but systems operated by OPM’s own IT department. “They were in your office, which is a horrible example to be setting,” Chaffetz told Seymour. In total, 65 percent of OPM’s data was stored on those uncertified systems.

chinese hackers

Chaffetz pointed out in his opening statement that for the past eight years, according to OPM’s own Inspector General reports, “OPM’s data security posture was akin to leaving all your doors and windows unlocked and hoping nobody would walk in and take the information.”

[Read the full text here, at Ars Technica]

When Chaffetz asked Archuleta directly about the number of people who had been affected by the breach of OPM’s systems panic-manand whether it included contractor information as well as that of federal employees, Archuleta replied repeatedly, “I would be glad to discuss that in a classified setting.” That was Archuleta’s response to nearly all of the committee members’ questions over the course of the hearing this morning.

At least we found it

Archuleta told the committee that the breach was found only because she had been pushing forward with an aggressive plan to update OPM’s security, centralizing the oversight of IT security under the chief information officer and implementing “numerous tools and capabilities.” She claimed that it was during the process of updating tools that the breach was discovered. “But for the fact that OPM implemented new, more stringent security tools in its environment, we would have never known that malicious activity had previously existed on the network and would not have been able to share that information for the protection of the rest of the federal government,” she read from her prepared statement. Read the rest of this entry »


Ellen Nakashima: With a Series of Major Hacks, China Builds a Database on Americans

DigitalDC

China hacked into the federal government’s network, compromising four million current and former employees

Ellen Nakashima reports: China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary, U.S. officials and analysts say.

“This is part of their strategic goal — to increase their intelligence collection via big data theft and big data aggregation. It’s part of a strategic plan.”

— U.S. government official, on condition of anonymity

Groups of hackers working for the Chinese government have compromised the networks of the Office of Personnel Management, which holds data on millions of current and former federal employees, as well as the health insurance giant Anthem, among other targets, the officials and researchers said.

Hong-Lei

“We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation.”

— Chinese Foreign Ministry spokesman Hong Lei

“They’re definitely going after quite a bit of personnel information,” said Rich Barger, chief intelligence officer of ThreatConnect, a Northern Virginia cybersecurity firm. “We suspect they’re using it to understand more about who to target [for espionage], whether electronically or via human ­recruitment.”

The targeting of large-scale data­bases is a relatively new tactic and is used by the Chinese government to further its intelligence-gathering, the officials and analysts say. It is government espionage, not commercial espionage, they say.

china-hackers

“They would leverage this data to get to diplomatic, political, military and economic intelligence that they typically target.”

“This is part of their strategic goal — to increase their intelligence collection via big data theft and big data aggregation,” said a U.S. government official, who, like others, spoke on condition of anonymity to discuss a sensitive topic. “It’s part of a strategic plan.”

One hack of the OPM, which was disclosed by the government Thursday, dates at least to December, officials said. Earlier last year, the OPM discovered a separate intrusion into a highly sensitive database that contains information on employees seeking or renewing security clearances and on their background investigations.

0624-ANSA-NSA_Phone_Records_Big_Data_full_600

“So now the Chinese counterintelligence authorities know which American officials are meeting with which Chinese.”

Once harvested, the data can be used to glean details about key government personnel and potential spy recruits, or to gain information useful for counter­intelligence. Records in OPM’s database of background investigations, for instance, could contain a complete history of where an individual has lived and all of his or her foreign contacts in, say, China. “So now the Chinese counterintelligence authorities know which American officials are meeting with which Chinese,” a China cyber and intelligence expert said.

china-us-flags-ap

“For bigger data storage, for bigger data theft. And when you can gain it in bulk, you take it in bulk.”

— China cyber and intelligence expert

The data could help Chinese analysts do more effective targeting of individuals, said a former National Security Agency official. “They can find specific individuals they want to go after, family members,” he said. Read the rest of this entry »


BREAKING: U.S. Officials: Massive Breach of Federal Personnel Data

Shutterstock

WASHINGTON — The Obama administration is scrambling to assess the impact of a massive data breach involving the agency that handles security clearances and employee records, U.S. officials said Thursday. STAMP-panic-red-250

A congressional aide familiar with the situation, who declined to be named because he was not authorized to discuss it, said the Office of Personnel Management and the Interior Department were hacked. A second U.S. official who also declined to be identified said the data breach could potentially affect every federal agency.

The White House was considering a public announcement of the breach Thursday night or Friday morning, the second official said.

The Office of Personnel Management is the human resources department for the federal government, and issues security clearances….(developing)

StarTribune.com


Kevin D. Williamson: The GOP Should Turn its Attention to Prosecutorial Misconduct

prison

Kevin D. Williamson writes:

“…The Democrats have long been acculturated to the climate of corruption that attends government agencies that are largely free of ordinary accountability, where a carefully cultivated lack of transparency shields operatives from scrutiny and normal oversight. Republicans can rouse themselves to action, if only barely, when this involves the federal Internal Revenue Service or Environmental Protection Agency. But deference to police agencies and prosecutors is so habitual among the members of the law-and-order party that they instinctively look for excuses when presented with obvious examples of police misconduct, and twiddle their thumbs in the 99 percent of cases of prosecutorial misconduct that do not involve a Republican elected official.…”

[Read the full article at NRO]

National Review Online


Leading Cause of Malware Problems? Executives Watching Porn

Infected computers at work are often the result of top execs watching pornography. Credit: Man using laptop image via Shutterstock

Infected computers at work are often the result of top execs watching pornography.
Credit: Man using laptop image via Shutterstock

Chad Brooks reports:  While employees may get the brunt of the blame for security breaches, company leaders are doing their fair share of damage as well, a new study finds.

Research from ThreatTrack Security revealed that 40 percent of security professionals found that a device used by a member of their company’s senior leadership team had been infected by malware because of a visit to a pornographic website, and nearly 60 percent of the security professionals surveyed have cleaned malware from a device after an executive clicked on a malicious link or was duped by a phishing email.

In addition, 45 percent of respondents said they have found malware on a senior leader’s device because the executive allowed a family member to use it, with one-third of security professionals discovering it on an executive’s mobile devices because they installed a malicious app.

Read the rest of this entry »