OPM Data Breach - Whitehouse Petition - Help Wanted

Ronald F. Guilmette rfg at tristatelogic.com
Thu Jun 18 06:14:25 UTC 2015



Harry Hoffman hhoffman at ip-solutions.net wrote:

>I think it would be great if you were to include some source links in
>your petition/email so that folks unaware of the specifics can educate
>themselves in a non-partisan and factual manner.

Well, as regards to the petition itself, I can't because now it is
cast in stone and can't be edited, I think, which is too bad, because
I slightly misspelled the lady's name.  It is Katherine Archuleta,
not Katherine Archueta. :-(

But more to the point, they only give you a VERY limited number of
characters to state what your petition is asking for, so there's
really not room for much in the way of links within the petition
itself.

But elsewise, I'll give a few good links here, but really if you just
go to Google News and search for "OPM breach" you will find one hell
of a lot of VERY fresh news reports.

===============================================================================
Fed Agency blames giant hack on 'neglected' security systems

http://www.usnews.com/news/politics/articles/2015/06/16/cybertheft-of-personnel-info-rips-hole-in-espionage-defenses

(Executive Summary: 4.2 mellion federal personel records stolen - OPM was
warned, repeatedly, FOR YEARS that systems were insecure and didn't do squat.)
===============================================================================
Military clearance OPM data breach 'absolute calamity'

http://www.navytimes.com/story/military/2015/06/17/sf-86-security-clearance-breach-troops-affected-opm/28866125/

(Executive Summary:  Literally MILLIONS of detailed security clearance files
were taken... quote: "everyone's".)
===============================================================================
OPM Hack Probe Hindered Because Digital Trail Has Been Erased, US Official Says

http://abcnews.go.com/US/opm-hack-probe-hindered-digital-trail-erased-us/story?id=31784335

(Executive Summary:  They don't know how long this lasted or even what
really happened because they over-write their log files every 60 days)
===============================================================================
Will anyone at OPM be fired for not preventing this catastrophic mega-hack by China?

http://hotair.com/archives/2015/06/16/will-anyone-at-opm-be-fired-for-not-preventing-this-catastrophic-mega-hack-by-china/

Nope!  In fact, Whitehouse has already come out expressing confidence in
the OPM Director, Katherine Archuleta:

http://thehill.com/policy/cybersecurity/245294-obama-has-confidence-in-opm-director-despite-hack
===============================================================================
Catching Up on the OPM Breach - Krebs On Security

http://krebsonsecurity.com/2015/06/catching-up-on-the-opm-breach/

(Detailed timeline of the MANY screw-ups)
===============================================================================

And last but by no means least, we have ArsTechnica's most recent contribution
to the news coverage, it which the following UNBELIEVEABLE insanity is revealed:

Encryption would not have helped" at OPM, says DHS official
http://arstechnica.com/security/2015/06/encryption-would-not-have-helped-at-opm-says-dhs-official/

      ...
      A consultant who did some work with a company contracted by OPM to
      manage personnel records for a number of agencies told Ars that he
      found the Unix systems administrator for the project "was in
      Argentina and his co-worker was physically located in the [People's
      Republic of China]. Both had direct access to every row of data in
      every database: they were root. Another team that worked with these
      databases had at its head two team members with PRC passports. I
      know that because I challenged them personally and revoked their
      privileges. From my perspective, OPM compromised this information
      more than three years ago and my take on the current breach is
      'so what's new?'"

Yea.  Right.  If you are trying to keep foreign nationals out of your
"secure" system, then encryption quite certainly WILL NOT HELP if you
have already given them root.


Regards,
rfg


P.S.  Regadless of your politics or what you think of Snowden, THIS INCIDENT
is VASTLY WORSE that any leak that Snowden participated in.  At least he and
the reporters he worked with tried to exercise some discretion, and did not
leak any personal details about any specific U.S. government employees.  In
the case of this massive OPM hack however, the incompetents in charge of
OPM gave unknown foreign enemies EVERYTHING... enough data and personal dirt
on millions of federal employees... including active service members and
intelligence operatives... to allow them, our enemies, to engage in virtually
unlimited blackmailing and spear-phishing of our people until the Second
Coming.

For those who were worriedly waiting for the much-predicted "Digital Pearl
Harbor" attack on this country... well...  you don't have to fret about
THAT anymore, because this is it.  It's already happened.

And we did it to ourselves.


P.P.S.  Here is OPM Director Katherine Archuleta's personal biography.
Executive Summary:  She a long-time Democratic Party political hack with
nothing other than a Master's degree in Education.  (Still, isn't it
comforting to know that "As a long-time public servant, she is a champion
of Federal employees" ?)

https://www.opm.gov/about-us/our-people-organization/senior-staff-bios/katherine-archuleta/print-bio.pdf

P,P.P.S.  Here's a nice clear explanation of how/why she got the job as the
Director of the Office of Personel Management, overseeing the safety and
security of millions of confidential federal government employee files and
the people behind them:

http://www.nationaljournal.com/decision-makers/government-operations/katherine-archuleta-director-designate-20130718

     July 18, 2013 - Even before President Obama nominated Archuleta to be
     director of OPM in late May, word leaked to the Washington press corps
     that the White House was intent on choosing a Hispanic. Both Interior
     Secretary Ken Salazar and Labor Secretary Hilda Solis had resigned
     from the Obama administration, and groups such as the National Council
     of La Raza had chided the president for nominating only one Hispanic
     to a Cabinet-level position in his second term.

     Enter Archuleta, who helped engineer the president's reelection win as
     Obama for America's national political director. Not only is she Latina,
     but Archuleta also hails from the swing state of Colorado, where Democrats
     have made inroads in recent years. If she is confirmed as OPM director,
     the 64-year-old will be the first Hispanic to hold that position.
     ...



More information about the NANOG mailing list