Update – (5:10pm Mountain 6/12) : The agency responsible for the data breach and horrific loss of US government employee personal data was found to be incompetent in an Inspector General report released almost a year earlier.
“The OPM had no IT security staff until 2013, and it showed. The agency was harshly criticized for its lax security in an inspector general’s report released last November that cited its lack of encryption and the agency’s failure to track its equipment. Investigators found that the OPM failed to maintain an inventory list of all of its servers and databases and didn’t even know all the systems that were connected to its networks. The agency also failed to use multi-factor authentication for workers accessing the systems remotely from home or on the road.”
Seriously? No security staff???? You gotta be kidding me! No wonder the Chinese had such an easy job hacking into the system.
And this is the same government that we are now entrusting all of our sensitive medical and health information with? Idiots! We are absolute idiots!
Update – (4:55pm Mountain 6/12) : The US government has confirmed that the data breach is far deeper and far worse than originally stated.
“Hackers linked to China appear to have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, several U.S. officials said Friday, describing a second cyberbreach of federal records that could dramatically compound the potential damage.”
“Nearly all of the millions of security clearance holders, including CIA, National Security Agency and military special operations personnel, are potentially exposed in the security clearance breach, the officials said. More than 2.9 million people had been investigated for a security clearance as of October 2014, according to government records.”
So not only is DHS and OPM utterly incompetent in protecting highly sensitive data, they lie regularly and withhold extremely important information from the public. So when exactly are we to believe anything that the government says anymore?
Update – (5:50pm Mountain 6/10) : The US government didn’t discover the data breach. A tech company that was demonstrating a cyber-security product discovered the breach. So how much more doesn’t the government know about how incompetent it is?
So, bottom line – DHS lied to the American public when it told the WSJ that OPM had detected the breach. OPM had not. The program CyFIR (developer, CyTech Services) discovered the network embedded malware during a product demonstration.
So when exactly doesn’t DHS lie to American citizens?
Update – (9:30am Mountain 6/5) : The Department of Interior sent out an email to department employees. But it is not what you would expect.
- It was sent out only after the information became public and after all Washington D.C. government offices had closed for the day.
- It was sent out after all the media outlets had either printed their final editions of the newspapers and all televised already had their new programs set and ready to go.
- The Secretary of the Interior, Sally Jewell, talks like she had just heard of it when in actuality it
was known last month. So why the attempt to deceive the employees as to when she knew about the data breach?
- The email did not notify the people whose data was actually breached. That won’t happen starting June 9th, five days after the email was sent. So why the huge and potentially devastating delay with the notifications? They know who the employees are who had their information stolen so why would she purposely delay notifying them?
- The federal government won’t be notifying their own employees, they will have a private company notify the federal employees. So why a private company and not the federal government themselves?
- While there will be a mitigation program available, the employees will have to ask for it, coverage will not be automatic. So why force an employee to ask for the identity protection and credit monitoring services?
- The email also says that OPM took immediate action to protect the personnel data. But what assurances are there that they will get it right this time?
- And there is no mention that the Department of Interior is taking action to protect data, only OPM. Why is DOI not talking about taking action to protect their data that was hacked?
- And finally, the email says the employee is on their own until this private company notifies them. What? The federal government screws up big time and then the employee is left alone for almost two weeks.
Update – (6:45am Mountain 6/5) : This isn’t the first time that the Chinese military has been accused of hacking into US computer systems. Just over a year ago five Chinese military officers were indicted by the U.S. and charged with hacking into U.S. companies to steal industry secrets about nuclear and solar power in what one official called “21st century burglary.”
Update – (4:40am Mountain 6/5) : Fox News is reporting that names, addresses and Social Security numbers of the entire federal workforce were likely swept up by hackers.
The concern is China could now use that information to blackmail high-ranking government officials with top security clearances.
Update – (2:45am Mountain 6/5) : CNN & AP has further confirmed the data beach. The breach actually occurred in April and was detected by DHS monitoring the government computer system. The FBI began investigating the breach at that time. However, government employees have still not been notified of their data breach.
It was originally thought that the breach only hit OPM and the Department of Interior. However, it is now suspected that the breach hit every branch of the government. But the FBI and DHS are not making any other details clear about the breadth and depth of the breach. But the breach could have actually affected millions more employees than originally suspected. US government investigators are now pointing the finger directly at the Chinese military. The Chinese responded…
“Cyberattacks conducted across countries are hard to track, and therefore the source of attacks is difficult to identify. Jumping to conclusions and making hypothetical accusation is not responsible and counterproductive,” said Zhu Haiquan.
The amazing lack of information coming out of the US government is unacceptable. What is far worse is the federal government not telling its employees that their data has been breached and is now in the hands of the Chinese military. It appears that the Chinese military hackers are trying to target those with security clearances. What next?
“This is an attack against the nation,” said Ken Ammon, chief strategy officer of Xceedium, who said the attack fit the pattern of those carried out by nation states for the purpose of espionage. The information stolen could be used to impersonate or blackmail federal employees with access to sensitive information, he said.
UPDATE – (6:18pm Mountain 6/4/2015) : CNN has confirmed! Federal employees have not been notified of the breach of their personal information as of close of business today (Thursday). No notification or memo was sent to federal employees informing them of the breach of their information. Employees heard about the hacking by the Chinese government through the OPM press release. Federal employees are stunned and don’t know how serious or widespread the breach is or what to do to protect themselves.
Original Story (4:45pm Mountain 6/4/2015) —————————————————————————
The Wall Street Journal and The Washington Post have just released a story confirming the federal government has released a statement that the personal data information of over 4,000,000 federal government workers has been stolen by the Chinese. The Chinese government has been identified as responsible by investigators.
That is an act of war!
I told you earlier this month that this was coming, I told you that China was gearing up for war…and here it is. Just because there are no missiles or bullets flying yet, that doesn’t mean it is any less of an attack.
I have confirmed with one federal employee that they are unable to access their federal government 401K account.
So what are the Republican Congressmen saying, “…the breach is disturbing.” What?
So what are the Democrats saying, “It’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue.” What?
The Chinese government attacks the United States’ computer system, breaches it, steals millions upon millions of highly
sensitive and protected pieces of information on federal employees and they call it “disturbing” and we need “improvement” in our data systems.
You have got to be kidding me!! This is an act of war, there is no other way to look at it.
But what will this President do? Nothing! Absolutely nothing at all! Why? Because he has no courage, no balls, and no will to fight the Chinese. The Chinese beat us years ago when they figured out just how weak Obama really is.
And what will happen now? This act of war by the Chinese will go by with no response from a gutless President which will open the flood gates for every other country in the world to break into our systems and take whatever they want. Bu here is the truly important questions:
- What else have the Chinese hacked into and the government is not telling us?
- How soon till an enemy targets our infrastructure and brings down the power grid?
- How soon till they breach the Defense Department computer system and what will they go after?
So who was supposed to be protecting us? Yup, the NSA & FBI ! So where was the NSA & FBI while the Chinese government hackers were stealing millions and millions of records from the government? Yeah, the NSA & FBI were spying on normal, average American citizens and oppositional Congressmen. They see American citizens as a bigger threat than any foreign government…and see what it has gotten us!
And last question, “Why release that information at this particular time?”
I bet you already know the answer to that question.
Partial list of sources:
Copyright © AHTrimble.com ~ All rights reserved No reproduction or other use of this content without expressed written permission from AHTrimble.com See Content Use Policy for more information.