Thursday, June 18, 2015

About that... OPM Data Breach Edition

Insty has a link to an ABC report: Instapundit » Blog Archive » MASSIVE OPM HACK EVEN WORSE THAN THOUGHT: OPM Hack Far Deeper Than Publicly Acknowledged, Went Undetected For More Than A Year, Sources Say...
The massive hack into federal systems announced last week was far deeper and potentially more problematic than publicly acknowledged, with hackers believed to be from China moving through government databases undetected for more than a year, sources briefed on the matter told ABC News.
"If [only] they knew the full extent of it," one U.S. official said about those affected by the intrusion into the Office of Personnel Management's information systems.
It all started with an initial intrusion into OPM's systems more than a year ago, and after gaining that initial access the hackers were able to work their way through four different "segments" of OPM's systems, according to sources.
By some accounts, the data exposed goes back 20 or 30 years.

And may have been stored unencrypted.

It inspired this: Rick Wilson's rant on OPM breach (with tweets) · faceattack · Storify

Which came out BEFORE this: Daily Pundit: OPM Got Hacked Because It Handed Root to the People’s Republic of China Three Years Ago
Quoting Ars Technica:
A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root. (!!!) Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is ‘so what’s new?'”
(Emphasis added)

But good news! Now it will get traction: Instapundit » Blog Archive » A DEBACLE OF THE FIRST ORDER: OPM tells lawmakers their information was likely stolen….

No comments: