Author Topic: Hacked - US Office of Personnel Management  (Read 171 times)

Palloy

  • Newbie
  • *
  • Posts: 5
    • View Profile
Hacked - US Office of Personnel Management
« on: June 04, 2015, 08:10:54 pm »
Don't worry, you're not the only one.

http://rt.com/usa/265102-us-agency-hacked-millions-compromised/
US govt agency hacked, 4 million federal workers affected
June 04, 2015
Reuters / David McNew

Hackers breached the system of the US government agency responsible for gathering personnel information on federal employees and granting security clearances, potentially affecting the data of 4 million people, officials said.

It is not known who is responsible for the breach, but officials told Reuters that a foreign government or entity is to blame. The Washington Post and Wall Street Journal cited unnamed government officials who blamed Chinese hackers.

Sen. Susan Collins (R-Maine) also said Chinese hackers are believed to be behind the attack, according to the Associated Press.

The security breach was revealed Thursday by the US Office of Personnel Management (OPM), which is also the affected agency. However, the attack itself occurred in April.

In a press release, OPM said it will contact roughly 4 million people whose personally identifiable information may have been compromised.

“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta in a statement. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”

An unnamed US official told the Associated Press that the hack could potentially affect every federal agency.

Striking the OPM is particularly notable, since the department is responsible for more than 90 percent of all federal background checks, the AP reported.

According to the Washington Post, the attackers may have accessed information such as peoples' job assignments, work evaluations. and training.

“Certainly, OPM is a high value target,” said OPM Chief Information Officer Donna Seymour to the newspaper. “We have a lot of information about people, and that is something that our adversaries want.”

Meanwhile, the FBI announced it is looking into the situation.

"The FBI is working with our interagency partners to investigate this matter," it said in a statement. "We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace."

Since the attack, OPM said it has implemented new security measures, such as restricting access and powers of remote administrators, and utilizing anti-malware software for further protection. A review of all connections to the network was also initiated.

Social Buttons


Palloy

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: Hacked - US Office of Personnel Management
« Reply #1 on: June 04, 2015, 08:23:17 pm »
NSA and FBI fight back my monitoring everything that enters/leaves the US on the internet.

http://rt.com/usa/265025-snowden-nsa-fbi-hackers/
Snowden leak: NSA uses warrantless web surveillance to watch cyberattacks
June 04, 2015

Classified documents from the trove of former intelligence contractor Edward Snowden now reveal that the United States National Security Agency secretly had its powers expanded under Pres. Obama to go after hackers.

A report published on Thursday this week by journalists with the New York Times and ProPublica shows that sensitive NSA documents disclosed by Snowden detail how the Department of Justice agreed in 2012 to give the spy agency new authorities with regards to monitoring cyberattacks unfolding on US-linked networks.

That year, the joint report reveals, two previously secret memos authored by the DoJ lawyers gave NSA analysts the go ahead “to begin hunting on internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad,” according to the journalists.

Although the Justice Dept. ultimately agreed only to let the NSA monitor attacks believed to be stemming from foreign government involvement, the documents show that the agency wanted to have the power to target hackers even in instances where a link couldn’t be established.

“It should come as no surprise that the US government gathers intelligence on foreign powers that attempt to penetrate US networks and steal the private information of US citizens and companies,” Brian Hale, the spokesman for the Office of the Director of National Intelligence, told the reporters, adding that “targeting overseas individuals engaging in hostile cyber activities on behalf of a foreign power is a lawful foreign intelligence purpose.”

Two years ago this week, the first news articles to make use of pilfered NSA documents from the Snowden trove surfaced in the press, paving the way for a discussion on the US intelligence community’s use of previously unpublicized surveillance tools and tactics. Yet while the first spy program exposed through those leaks – the bulk collection of millions of phone records on a regular basis by the NSA – was reined in to a degree as recently as this week, other endeavors revealed through the Snowden leak concerning the agency’s operations remain well in effect.

US law authorizing the NSA’s activities prohibits the agency from targeting American citizens. As with past programs unveiled through the Snowden disclosures, though, critics say the broad powers provided to the government nevertheless raise questions about whether or not the privacy of innocent Americans is being compromised.

According to this week’s report, the Justice Dept. gave the NSA approval in 2012 to query unique “cybersignatures” and internet addresses linked to attacks against American computer networks. The Snowden documents show that the DoJ interpreted a previous secret surveillance court ruling involving the monitoring of foreign governments to justify the decision, yet ensured restrictions were in place to rule out the collection of US-specific information.

“That rule, the NSA soon complained, left a ‘huge collection gap against cyber threats to the nation’ because it is often hard to know exactly who is behind an intrusion,” the journalists wrote. “So the NSA, in 2012, began pressing to go back to the surveillance court and seek permission to use the program explicitly for cybersecurity purposes. That way, it could monitor international communications for any ‘malicious cyber activity,’ even if it did not yet know who was behind the attack.”

At the same time, their report continues, the FBI began to benefit from an arrangement that allowed them to use the NSA’s system to monitor traffic going through internet “chokepoints operated by US providers through which international communications enter and leave the United States.”

Jonathan Mayer, a cybersecurity scholar at Stanford Law School, told the Times and ProPublica reporters that the revelations put the activities of NSA, an organization tasked with international intelligence gathering, “smack into law enforcement land.”

“That’s a major policy decision about how to structure cybersecurity in the US and not a conversation that has been had in public,” he said.

In the aftermath of one of the biggest single acts of intelligence gathering reform in modern American history, Rep. Zoe Lofgren (D-California), a critic of the NSA’s surveillance operations, told the Guardian that the revelations suggest further changes are still needed, and needed urgently.

Contrary to those who hailed the USA Freedom Act, the NSA reform bill passed earlier this week, Lofgren said the Times and ProPublica report exemplifies the fact that passage “did not end bulk collection of communications and data.”

“To add insult to injury, under this program victims of cybercrime are doubly harmed when their government collects and searches their private stolen communications and data,” she said.