FEDERAL EMPLOYEE DATA STOLEN!

Going to try the other two attachments. Maybe I can only attach so much at a time?

No luck. No biggie, just CYA from the White House Press Secretary and OPM press release.
 
I am not sure I am supposed to have this e-mail but do and am sending it along including an attachment from the White House and two from Ms. Archuleta.

I deleted the to: part to protect federal employee information.:worried: While trying to attach the two additional files I find my internet connection went away and now I cannot attach them. I must be doing something wrong. Here is what I think may post now.

From: Carter, Jennifer C [Jennifer.Carter@Hq.Doe.Gov]
Sent: Thursday, July 09, 2015 1:08 PM
Subject: RE: IMPORTANT!!!!


Good afternoon all,

Please find the attached documents which were embargoed until 3:15pm today.


Also see link:
https://www.opm.gov/news/releases/2015/07/opm-announces-steps-to-protect-


federal-workers-and-
others-from-cyber-threats/

Unfortunately OPM has determined that background investigation records of


current, former, and
prospective Federal employees and contractors have been compromised to


include the types of
information in these records, such as Social Security Numbers; residency and


educational history;
employment history; information about immediate family and other personal and


business
acquaintances; health, criminal and financial history; and other details.


Some records also include
findings from interviews conducted by background investigators and


fingerprints. Usernames and
passwords that background investigation applicants used to fill out their


background investigation forms
were also stolen.

OPM is advising that this incident is separate but related to a previous


incident, discovered in April 2015,
affecting personnel data for current and former Federal employees. OPM and


its interagency partners
concluded with a high degree of confidence that personnel data for 4.2


million individuals had been
stolen. This number has not changed since it was announced by OPM in early


June, and OPM has
worked to notify all of these individuals and ensure that they are provided


with the appropriate support
and tools to protect their personal information.

After the analysis of the OPM background investigation incident OPM is


advising that the OPM team has
now concluded with high confidence that sensitive information, including the


Social Security Numbers
(SSNs) of 21.5 million individuals, was stolen from the background


investigation databases. This includes
19.7 million individuals that applied for a background investigation, and 1.8


million non-applicants,
predominantly spouses or co-habitants of applicants. As noted above, some


records also include
findings from interviews conducted by background investigators and


approximately 1.1 million include
fingerprints. There is no information at this time to suggest any misuse or


further dissemination of the
information that was stolen from OPM’s systems.

Please review the Background Investigation Press Release to review the steps


OPM is announcing to
protect those impacted, which include providing a comprehensive suite of


monitoring and protection
services for background investigation applicants and non-applicants whose


Social Security Numbers, and
in many cases other sensitive information, were stolen.

We are scheduled to meet on behalf of the LMF next Wed July 15 and I will see


about designating some
time on the agenda to discuss this matter for those interested.

Very Respectfully,


Jennifer Carter
Department Labor Management/Employee Relations Specialist
Human Capital Policy & Accountability Division
U.S. Dept. of Energy
View attachment 34441
 
I just knew it was Bush's fault.
“Since at least 2007, OPM leadership has been on notice about the vulnerabilities to its network and cybersecurity policies and practices,” Rep. Jason Chaffetz (R-Utah), chairman of the House Oversight and Government Reform Committee, said in a statement.
Click to expand...
Hack of security clearance system affected 21.5 million people, federal authorities say - The Washington Post
“Their negligence has now put the personal and sensitive information of 21.5 million Americans into the hands of our adversaries,” Chaffetz said. “Such incompetence is inexcusable. Again, I call upon President Obama to remove Director Archuleta and Ms. Seymour immediately.”
Click to expand...
Fat chance of that! Valerie likes em.

The good news:
" Individuals who underwent a background investigation through OPM in 2000 or afterwards are “highly likely” affected, officials said. Background checks before 2000 are less likely to have been affected, they said. "
 
Nice picture picture Nnut! It reminds of those cute little lap dogs with an ATTITUDE: What do they call them...oh yeah WOLVERPoodles) :) :)

FS
 
Exactly right Boghie. I'd like to think the US Government had a cyberteam that actually looked out for our interests bu that is just so much of a pipedream to be almost funny.

Good luck in your job search. Seems like it is time to hire a remployed annuitant. Maybe you will find qualified people there. I don't have much faith in young people with BIG EGO's.

FS
 
Boghie said:
NNuut,

If it is the ChiComs don't answer your phone if someone with a bad accent wants to talk about an embarrassing issue from twenty years ago. They ain't going after you. They are going after the systems administrators, senior leadership, and the movers and shakers currently in gubmint service. They will blackmail folks with a bankruptcy in the past or some other issue. This is potentially MUCH worse than someone getting your SSN and DOB.

Anyone actually see the Full Retard process they use to initiate a security clearance. I mean the rinky-dink system they use for the initial data entry. Yowser.
Click to expand...

I've been getting phone calls from some crooks that speak broken English claiming that my computer's Windows operating system has been corrupted and they want to fix it for me, how nice of them to volunteer. I call them criminals and note that if they call me again I will pinch off their freakin' heads and they hang up.
th_werewolf2.gifHammering_in.gif
 
Folks,

The only way someone can get 4 million people's records is to get entire databases or be able to export huge chunks of databases. To steal a database in Microsoft SQL Server and Oracle (I think) you have to take it off-line, detach it, copy it somewhere locally, and then copy it to the target system off-site. Taking a database off-line and detaching it should have been noticeable. My guess is that if someone 'hacked' it this way than the system was so unreliable that customers expect it to crash all the time for fairly extensive timeframes. If the data was exported or backed up than there would be a record of that with an account ID. Also, if you are trying to backup Terabytes of data than one would expect someone would notice disk usage issues - not to mention potential performance issues. Finally, SQL Server only allows backups to directly attached devices via the SQL Server backup tool. Assuming similar capabilities, the 'hacker' would have to be concerned about disk space and performance issues triggering an audit.

And, you would need the service account credentials with privileges associated with those tasks. If OPM was using current DBMS' (not likely) than the most likely avenue of attack was an over-privileged service account with a weak password and without a limit of password retries and without a force of password change. Those security settings are a pain in the keester and sometimes leave your customers in the lurch as you change the password and some other service still uses the old one - but...

On the other hand, if OPM was using some ancient DBMS on an ancient OS than all bets are off. Maybe they were using some defunct OS with a defunct DBMS created by companies that have long vanished from the scene. VMS on the VAX. Maybe INGRES, Cullinet, or ADR. This is my bet. Probably with over-privileged service accounts with eight character passwords. There you go, have fun...
 
NNuut,

If it is the ChiComs don't answer your phone if someone with a bad accent wants to talk about an embarrassing issue from twenty years ago. They ain't going after you. They are going after the systems administrators, senior leadership, and the movers and shakers currently in gubmint service. They will blackmail folks with a bankruptcy in the past or some other issue. This is potentially MUCH worse than someone getting your SSN and DOB.

Anyone actually see the Full Retard process they use to initiate a security clearance. I mean the rinky-dink system they use for the initial data entry. Yowser.
 
FogSailing,

I can say straight up that the DOD is largely incompetent. They wiped out their technical and corporate knowledge in the late 1990's through the early 2000's and outsourced their 'networks'. The dummies then thought that by outsourcing their network infrastructure and desktop support that they outsourced all that expensive and troublesome computer stuff. Uh, no. They outsourced part of the computer stuff and ignored the rest. That is how bozos like OPM (which probably did the same form of self practicing brain surgery) end up with operating systems that haven't been patched for two decades, systems that haven't been upgraded for decades, and dummies pretending to be security mavens because they tested out of Security+ or even CISSP.

Folks, if I am in a position to hire a System Functional Manager or System Security Engineer, a security cert will not help you unless you have lots of experience in Network Architecture, Database Administration, or Systems Programming. You will not get a look from me if you have a cert without lots of background. And, yes, I know you will be expensive - but we can see the expense of hiring unqualified personnel all the time.

This is a pathetic joke. Anyone look at the job requirements for IT personnel posted on USAJobs. When they are not boilerplate blather yammering about seeking the next Leader of the Free World they are seeking expertise in COBOL or something. Folks, agencies like the IRS are still using COBOL based object code. I am certain of it. It has not been updated in decades. And, after reading the OPM report it is readily apparent that those morons are doing the same.

Only the gubmint.

And, as you might guess, I am kinda angry.
 
I went to the OPM site today with intentions of changing my password. When I tried to log in it said my password was cancelled because I hadn't accessed the site for over 15 months. Now I have to contact them to get a new password. They also said that on the 8th of June they would start contacting all who may have effected by the BREACH in SECURITY some by email and others by snail mail. I might as well wait.computer4.gif
 
This is third time my federal career data has been stolen. First time, the subagency I worked for was hacked. I was given Experian and told they would monitor everything and protect me for up to 1M in fraud. OK.

Next, the agency I worked for was hacked and my data was stolen again. Same message, same story. Now OPM.

There really was never a lot to know in the first place. Have you tried to read your personnel records. I have no idea what all those codes are. You'd have to be able to read Chinese to understand all those symbols.

Anyways, it's not like we're all rich and have lots of important things to share with the Chinese. What ticks me off is that we look just plain sloppy. How does that happen?

I know a lot of great IT guys who know security....but almost unanimously, they have been screwed with by political eggheads or young know everything brainchildren with PHD's but no experience; and things contine to get worse for them, their agencies, and the people they serve. Now because of all these BS, some Chinese hacker has my bank account number....Crud.

FS
 
Boghie said:
By the way, the hackers have had access for quite some time. It is not like they just got in. They got in and took what they wanted. Anyone that declared something kinda embarrassing on their security clearance request might get a call from someone with broken English.
Click to expand...

i am just going to tell them 'yeah, i screwed her, she wanted it, and she liked it'. because it is the truth. go ahead and try to blackmail me for that mofo's. go ahead, post the pictures, i was good that night.

also, please steal my identity, you'll get what you deserve. this is not an easy road. maybe improve my credit score some on the way out the door?

everybody already knows everything anyways because it is in phone records and interweb looking for since about 15 years ago or when they invented darpanet whichever came first.

they can have mine. suck it. when you got nothing to lose you know free.
 
They posted their IT security audit in the clear on their internet site.

Nice, very nice. One of the findings is that OPM has used non-IT folks to 'lead' their systems security teams. These folks are clueless. They have at least seven operating systems of which two are not reliably patched or scanned. More nice, very nice. What a joke. They seem to have a problem with little things like databases and application front ends. Apparently, they spent their time chasing vulnerabilities on client machines and kinda ignore the golden egg servers and database management systems.

Question: Can we sue them in a class action?

By the way, the hackers have had access for quite some time. It is not like they just got in. They got in and took what they wanted. Anyone that declared something kinda embarrassing on their security clearance request might get a call from someone with broken English. But, like PessOptimist said, we will be subjected to more annual PII computer based training about how not to leave you machine logged in or give someone the name, IP, MAC, user account, and password of some mission critical system...
 
You must log in or register to reply here.
Back
Top