Attention

The opinions expressed by columnists are their own and do not represent our advertisers

Monday, June 15, 2015

Report: Hack Of Government Employee Records Discovered By Product Demo

Security tools vendor found the breach during sales pitch.

As officials of the Obama administration announced that millions of sensitive records associated with current and past federal employees and contractors had been exposed by a long-running infiltration of the networks and systems of the Office of Personnel Management on June 4, they claimed the breach had been found during a government effort to correct problems with OPM's security. An OPM statement on the attack said that the agency discovered the breach as it had "undertaken an aggressive effort to update its cybersecurity posture." And a DHS spokesperson told Ars that "interagency partners" were helping the OPM improve its network monitoring "through which OPM detected new malicious activity affecting its information technology systems and data in April 2015."

Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ's Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. "CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network," Paletta and Hughes reported.

And, according to federal investigators, that malware may have been in place for over a year. US intelligence agencies have joined the investigation into the breach. But it's still not even clear what data was accessed by the attackers.

Meanwhile, the breach has triggered outrage from unions representing federal employees. In a letter to OPM Director Katherine Archuleta, American Federation of Government Employees president J. David Cox expressed displeasure at the way OPM had handled the breach, calling the 18 months of credit monitoring and $1 million liability insurance OPM is offering federal employees "entirely inadequate, either as compensation or protection from harm."

And he expressed concern about the extent of the breach.

More here

2 comments:

Anonymous said...

Isn't that precious?
The biggest data breach EVER was discovered by some salesman pitching his security software,
NOT by the government IT pros who are getting paid MEGABUCKS to secure our systems.

Are there ANY competent people left in our government?

Steve said...

And this is the Government who wants us to let them be in charge of "Net Neutrality",or whatever the Nom du Jour will be the next time they want to be in charge of Internet Security.




Think about this for a loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong time, folks!

Are you listening, Andy Harris?