Submit your comments on this article |
Home Front: WoT |
Encryption "would not have helped" at OPM, says DHS official |
2015-06-18 |
A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project "was in Argentina and his co-worker was physically located in the [People's Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is 'so what's new?'" |
Posted by:whitecollar redneck |
#14 Being admin'd out of the PRC? Snark of the day. And likely true :( |
Posted by: CrazyFool 2015-06-18 14:42 |
#13 "where is our high-speed, Cyber Warfare Command?" Being admin'd out of the PRC? |
Posted by: ExtremeModerate 2015-06-18 14:28 |
#12 In other news: Level playing field now a reality. White House issues stern warning following Chinese hacking of millions of 401k's, investor retirements, VA pensions, and bank accouts. FDIC sez it cannot cover banking losses. Everyone else appears to be tango uniform. Wall Street closes, Walmart shuttered. Chinese deny involvement. Congress discusses scraping entire monetary system in favor of emergency gov't issued script with 30 day expiration dates. More at eleven. |
Posted by: Besoeker 2015-06-18 14:22 |
#11 This is such gross negligence that it is nothing less than treason and should be punished with a summery execution. Unfortunately nothing will be done. Congress will make the usreal noises, the media will ignore it (except to blame Boosh!) and the public will forget about it in the next election - and most just don't give a shit because it doesn't obviously effect their magic government check. Nobody will be remanded, nobody fired or demote. Not even a stern lecture. In fact I predict a number of promotions coming to those responsible (things usually run faster and smoother once you ignore all the basic security precautions). |
Posted by: CrazyFool 2015-06-18 14:04 |
#10 This is criminal negligence. Immediately put in place law, regulations, and procedures to 1. Require that all systems containing sensitive information must be admin'd by cleared US citizens working in the US. 2. Require that all systems that cannot be secured must not be connected to the Internet except by remote procedure call through a secure system. Administration of those systems must be on-site and not through the Internet. This is not hard to do, even for COBOL systems. Developing new systems will take years, and experience shows they won't work and will be full of holes initially. Meanwhile, we are wide open unless the above requirements are implemented asap. |
Posted by: KBK 2015-06-18 13:37 |
#9 This is the same government that says all your medical information is secure and they want control over it. Fuck them. This is such gross negligence that it is nothing less than treason and should be punished with a summery execution. |
Posted by: DarthVader 2015-06-18 10:37 |
#8 ...they were attending their mandatory diversity and LGBT |
Posted by: Procopius2k 2015-06-18 10:29 |
#7 Alright, I'll ask the probing question, "where is our high-speed, Cyber Warfare Command ? |
Posted by: Besoeker 2015-06-18 09:58 |
#6 #5 Once more, appointees of this administration, are inadequate. -a haiku- Bravo. Mike |
Posted by: Mike Kozlowski 2015-06-18 09:46 |
#5 Once more, appointees of this administration, are inadequate. -a haiku- |
Posted by: Skidmark 2015-06-18 08:52 |
#4 Let me repeat the warning of the late Adm Grace Hopper - Automation and Privacy are mutually exclusive. If you're going to grow government, better to spend the personnel money on cabinet clerks dealing with tons of paper than on creatures who spend their time thinking up new methods of central management of your life. There is something to be said about inefficient slow government when dealing with bureaucracy. |
Posted by: Procopius2k 2015-06-18 06:33 |
#3 Yes, a tempting diversion employing the captured data of the proles and useful idiots. Pardon the redundancy. Not everyone in gov't can afford their very own private server and encryption protocols. A very likely scenario EH. Very likely indeed. |
Posted by: Besoeker 2015-06-18 05:00 |
#2 Was this a Honeypot/Pseudoserver scheme? A clumsy attempt to feed false intelligence to the Chinese? |
Posted by: Elmerert Hupens2660 2015-06-18 03:23 |
#1 When you hold CRYPTO information, it remains in a locked safe unless it is being used. Putting that shit on the website, on the internet, and outsourcing the data to china is TREASON. YOU SUCK. You F**KING SUCK. You at OPM are disgusting people, as is THIS ENTIRE PIECE OF SHIT ADMINISTRATION. Fired. |
Posted by: newc 2015-06-18 01:34 |