FEDERAL EMPLOYEE DATA STOLEN!

Frixxxx

Moderator
Reaction score
130
[h=1]Chinese hackers stole 4 million federal employees’ personal information[/h]HACKED - Story

By Stephen Dinan - The Washington Times - Thursday, June 4, 2015
China-based hackers stole sensitive personal information on as many as 4 million current and former federal employees from government computers, officials said Thursday, underscoring the growing threats to data stored even in what are supposed to be the most secure of systems.
The Office of Personnel Management, which is the government’s human resources agency, said it is notifying 4 million people that “personally identifiable information” may have been compromised in the breach.




 
It would have cost less to improve IT security than what it will cost to cover 4 million former and current employees with 18 months of protection.
 
We all need a new Social Security Numbers, change all your passwords the system is far from safe! Who is responsible for this? I know it's Mr. NOBODY again.
 
Don't worry folks, the Chinese hackers can be trusted with our personal info.

Hell, they probably have all Americans info by now.
 
Soon our pay checks will be sent to some deserving Chinese family or finance another Aircraft Carrier. I'm HAPPY are You?:banana:
 
Fear not! You probably have gotten a similar e-mail by now.

“The Agency takes the safety, security, and privacy of our workforce very seriously and the Director and Deputy Director have mobilized a team of senior leaders from across the enterprise to ensure that our staff has the information and resources necessary to understand the incident and protect themselves.”

We will all undoubtedly have to change all our passwords and sit through a few more hours of training and get the feeling that somehow it is all our fault as the users of the systems.

I would also expect a policy change to deny us access to our personnel, pay and HR records. That will fix the problem!

Another extension of the monitoring/protection being provided free of charge from the last data breach ought to make everything OK.

PO
 
They posted their IT security audit in the clear on their internet site.

Nice, very nice. One of the findings is that OPM has used non-IT folks to 'lead' their systems security teams. These folks are clueless. They have at least seven operating systems of which two are not reliably patched or scanned. More nice, very nice. What a joke. They seem to have a problem with little things like databases and application front ends. Apparently, they spent their time chasing vulnerabilities on client machines and kinda ignore the golden egg servers and database management systems.

Question: Can we sue them in a class action?

By the way, the hackers have had access for quite some time. It is not like they just got in. They got in and took what they wanted. Anyone that declared something kinda embarrassing on their security clearance request might get a call from someone with broken English. But, like PessOptimist said, we will be subjected to more annual PII computer based training about how not to leave you machine logged in or give someone the name, IP, MAC, user account, and password of some mission critical system...
 
By the way, the hackers have had access for quite some time. It is not like they just got in. They got in and took what they wanted. Anyone that declared something kinda embarrassing on their security clearance request might get a call from someone with broken English.

i am just going to tell them 'yeah, i screwed her, she wanted it, and she liked it'. because it is the truth. go ahead and try to blackmail me for that mofo's. go ahead, post the pictures, i was good that night.

also, please steal my identity, you'll get what you deserve. this is not an easy road. maybe improve my credit score some on the way out the door?

everybody already knows everything anyways because it is in phone records and interweb looking for since about 15 years ago or when they invented darpanet whichever came first.

they can have mine. suck it. when you got nothing to lose you know free.
 
They can have all my credit card debt. I give it freely!!!

Embrace the Suck...
 
This is third time my federal career data has been stolen. First time, the subagency I worked for was hacked. I was given Experian and told they would monitor everything and protect me for up to 1M in fraud. OK.

Next, the agency I worked for was hacked and my data was stolen again. Same message, same story. Now OPM.

There really was never a lot to know in the first place. Have you tried to read your personnel records. I have no idea what all those codes are. You'd have to be able to read Chinese to understand all those symbols.

Anyways, it's not like we're all rich and have lots of important things to share with the Chinese. What ticks me off is that we look just plain sloppy. How does that happen?

I know a lot of great IT guys who know security....but almost unanimously, they have been screwed with by political eggheads or young know everything brainchildren with PHD's but no experience; and things contine to get worse for them, their agencies, and the people they serve. Now because of all these BS, some Chinese hacker has my bank account number....Crud.

FS
 
I went to the OPM site today with intentions of changing my password. When I tried to log in it said my password was cancelled because I hadn't accessed the site for over 15 months. Now I have to contact them to get a new password. They also said that on the 8th of June they would start contacting all who may have effected by the BREACH in SECURITY some by email and others by snail mail. I might as well wait.computer4.gif
 
FogSailing,

I can say straight up that the DOD is largely incompetent. They wiped out their technical and corporate knowledge in the late 1990's through the early 2000's and outsourced their 'networks'. The dummies then thought that by outsourcing their network infrastructure and desktop support that they outsourced all that expensive and troublesome computer stuff. Uh, no. They outsourced part of the computer stuff and ignored the rest. That is how bozos like OPM (which probably did the same form of self practicing brain surgery) end up with operating systems that haven't been patched for two decades, systems that haven't been upgraded for decades, and dummies pretending to be security mavens because they tested out of Security+ or even CISSP.

Folks, if I am in a position to hire a System Functional Manager or System Security Engineer, a security cert will not help you unless you have lots of experience in Network Architecture, Database Administration, or Systems Programming. You will not get a look from me if you have a cert without lots of background. And, yes, I know you will be expensive - but we can see the expense of hiring unqualified personnel all the time.

This is a pathetic joke. Anyone look at the job requirements for IT personnel posted on USAJobs. When they are not boilerplate blather yammering about seeking the next Leader of the Free World they are seeking expertise in COBOL or something. Folks, agencies like the IRS are still using COBOL based object code. I am certain of it. It has not been updated in decades. And, after reading the OPM report it is readily apparent that those morons are doing the same.

Only the gubmint.

And, as you might guess, I am kinda angry.
 
NNuut,

If it is the ChiComs don't answer your phone if someone with a bad accent wants to talk about an embarrassing issue from twenty years ago. They ain't going after you. They are going after the systems administrators, senior leadership, and the movers and shakers currently in gubmint service. They will blackmail folks with a bankruptcy in the past or some other issue. This is potentially MUCH worse than someone getting your SSN and DOB.

Anyone actually see the Full Retard process they use to initiate a security clearance. I mean the rinky-dink system they use for the initial data entry. Yowser.
 
I'm a lucky duck. carerfirst got hacked so they gave me credit monitering and now OPM coughed up my info too.
 
Folks,

The only way someone can get 4 million people's records is to get entire databases or be able to export huge chunks of databases. To steal a database in Microsoft SQL Server and Oracle (I think) you have to take it off-line, detach it, copy it somewhere locally, and then copy it to the target system off-site. Taking a database off-line and detaching it should have been noticeable. My guess is that if someone 'hacked' it this way than the system was so unreliable that customers expect it to crash all the time for fairly extensive timeframes. If the data was exported or backed up than there would be a record of that with an account ID. Also, if you are trying to backup Terabytes of data than one would expect someone would notice disk usage issues - not to mention potential performance issues. Finally, SQL Server only allows backups to directly attached devices via the SQL Server backup tool. Assuming similar capabilities, the 'hacker' would have to be concerned about disk space and performance issues triggering an audit.

And, you would need the service account credentials with privileges associated with those tasks. If OPM was using current DBMS' (not likely) than the most likely avenue of attack was an over-privileged service account with a weak password and without a limit of password retries and without a force of password change. Those security settings are a pain in the keester and sometimes leave your customers in the lurch as you change the password and some other service still uses the old one - but...

On the other hand, if OPM was using some ancient DBMS on an ancient OS than all bets are off. Maybe they were using some defunct OS with a defunct DBMS created by companies that have long vanished from the scene. VMS on the VAX. Maybe INGRES, Cullinet, or ADR. This is my bet. Probably with over-privileged service accounts with eight character passwords. There you go, have fun...
 
NNuut,

If it is the ChiComs don't answer your phone if someone with a bad accent wants to talk about an embarrassing issue from twenty years ago. They ain't going after you. They are going after the systems administrators, senior leadership, and the movers and shakers currently in gubmint service. They will blackmail folks with a bankruptcy in the past or some other issue. This is potentially MUCH worse than someone getting your SSN and DOB.

Anyone actually see the Full Retard process they use to initiate a security clearance. I mean the rinky-dink system they use for the initial data entry. Yowser.

I've been getting phone calls from some crooks that speak broken English claiming that my computer's Windows operating system has been corrupted and they want to fix it for me, how nice of them to volunteer. I call them criminals and note that if they call me again I will pinch off their freakin' heads and they hang up.
th_werewolf2.gifHammering_in.gif
 
Exactly right Boghie. I'd like to think the US Government had a cyberteam that actually looked out for our interests bu that is just so much of a pipedream to be almost funny.

Good luck in your job search. Seems like it is time to hire a remployed annuitant. Maybe you will find qualified people there. I don't have much faith in young people with BIG EGO's.

FS
 
Nice picture picture Nnut! It reminds of those cute little lap dogs with an ATTITUDE: What do they call them...oh yeah WOLVERPoodles) :) :)

FS
 
Back
Top