Thread: FEDERAL EMPLOYEE DATA STOLEN!

FogSailing,

I can say straight up that the DOD is largely incompetent. They wiped out their technical and corporate knowledge in the late 1990's through the early 2000's and outsourced their 'networks'. The dummies then thought that by outsourcing their network infrastructure and desktop support that they outsourced all that expensive and troublesome computer stuff. Uh, no. They outsourced part of the computer stuff and ignored the rest. That is how bozos like OPM (which probably did the same form of self practicing brain surgery) end up with operating systems that haven't been patched for two decades, systems that haven't been upgraded for decades, and dummies pretending to be security mavens because they tested out of Security+ or even CISSP.

Folks, if I am in a position to hire a System Functional Manager or System Security Engineer, a security cert will not help you unless you have lots of experience in Network Architecture, Database Administration, or Systems Programming. You will not get a look from me if you have a cert without lots of background. And, yes, I know you will be expensive - but we can see the expense of hiring unqualified personnel all the time.

This is a pathetic joke. Anyone look at the job requirements for IT personnel posted on USAJobs. When they are not boilerplate blather yammering about seeking the next Leader of the Free World they are seeking expertise in COBOL or something. Folks, agencies like the IRS are still using COBOL based object code. I am certain of it. It has not been updated in decades. And, after reading the OPM report it is readily apparent that those morons are doing the same.

Only the gubmint.

And, as you might guess, I am kinda angry.

NNuut,

If it is the ChiComs don't answer your phone if someone with a bad accent wants to talk about an embarrassing issue from twenty years ago. They ain't going after you. They are going after the systems administrators, senior leadership, and the movers and shakers currently in gubmint service. They will blackmail folks with a bankruptcy in the past or some other issue. This is potentially MUCH worse than someone getting your SSN and DOB.

Anyone actually see the Full Retard process they use to initiate a security clearance. I mean the rinky-dink system they use for the initial data entry. Yowser.

I'm a lucky duck. carerfirst got hacked so they gave me credit monitering and now OPM coughed up my info too.

Folks,

The only way someone can get 4 million people's records is to get entire databases or be able to export huge chunks of databases. To steal a database in Microsoft SQL Server and Oracle (I think) you have to take it off-line, detach it, copy it somewhere locally, and then copy it to the target system off-site. Taking a database off-line and detaching it should have been noticeable. My guess is that if someone 'hacked' it this way than the system was so unreliable that customers expect it to crash all the time for fairly extensive timeframes. If the data was exported or backed up than there would be a record of that with an account ID. Also, if you are trying to backup Terabytes of data than one would expect someone would notice disk usage issues - not to mention potential performance issues. Finally, SQL Server only allows backups to directly attached devices via the SQL Server backup tool. Assuming similar capabilities, the 'hacker' would have to be concerned about disk space and performance issues triggering an audit.

And, you would need the service account credentials with privileges associated with those tasks. If OPM was using current DBMS' (not likely) than the most likely avenue of attack was an over-privileged service account with a weak password and without a limit of password retries and without a force of password change. Those security settings are a pain in the keester and sometimes leave your customers in the lurch as you change the password and some other service still uses the old one - but...

On the other hand, if OPM was using some ancient DBMS on an ancient OS than all bets are off. Maybe they were using some defunct OS with a defunct DBMS created by companies that have long vanished from the scene. VMS on the VAX. Maybe INGRES, Cullinet, or ADR. This is my bet. Probably with over-privileged service accounts with eight character passwords. There you go, have fun...

Originally Posted by Boghie

NNuut,

If it is the ChiComs don't answer your phone if someone with a bad accent wants to talk about an embarrassing issue from twenty years ago. They ain't going after you. They are going after the systems administrators, senior leadership, and the movers and shakers currently in gubmint service. They will blackmail folks with a bankruptcy in the past or some other issue. This is potentially MUCH worse than someone getting your SSN and DOB.

Anyone actually see the Full Retard process they use to initiate a security clearance. I mean the rinky-dink system they use for the initial data entry. Yowser.

I've been getting phone calls from some crooks that speak broken English claiming that my computer's Windows operating system has been corrupted and they want to fix it for me, how nice of them to volunteer. I call them criminals and note that if they call me again I will pinch off their freakin' heads and they hang up.
th_werewolf2.gifHammering_in.gif

Exactly right Boghie. I'd like to think the US Government had a cyberteam that actually looked out for our interests bu that is just so much of a pipedream to be almost funny.

Good luck in your job search. Seems like it is time to hire a remployed annuitant. Maybe you will find qualified people there. I don't have much faith in young people with BIG EGO's.

FS

Nice picture picture Nnut! It reminds of those cute little lap dogs with an ATTITUDE: What do they call them...oh yeah WOLVERPoodles)

FS

I just knew it was Bush's fault.

“Since at least 2007, OPM leadership has been on notice about the vulnerabilities to its network and cybersecurity policies and practices,” Rep. Jason Chaffetz (R-Utah), chairman of the House Oversight and Government Reform Committee, said in a statement.

Hack of security clearance system affected 21.5 million people, federal authorities say - The Washington Post

“Their negligence has now put the personal and sensitive information of 21.5 million Americans into the hands of our adversaries,” Chaffetz said. “Such incompetence is inexcusable. Again, I call upon President Obama to remove Director Archuleta and Ms. Seymour immediately.”

Fat chance of that! Valerie likes em.

The good news:
" Individuals who underwent a background investigation through OPM in 2000 or afterwards are “highly likely” affected, officials said. Background checks before 2000 are less likely to have been affected, they said. "

Below is a link for a petition to get federal employees lifetime credit monitoring if you are interested.

https://petitions.whitehouse.gov/pet...zed-breach-opm

Well it's a good thing I'm broke then. Nothing to steal!

Originally Posted by SWAVET

Below is a link for a petition to get federal employees lifetime credit monitoring if you are interested.

https://petitions.whitehouse.gov/pet...zed-breach-opm

Signed up for the 18 month deal.
But a lifetime of worrying about it sounds like a better deal to me. .....