"OPM: The worst hack of all time" https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time <div class="images-v2-count-1"><div class="content-picture image-v2-number-1" id="image-49683"> <div class="social_icons social-buttons-on-image"> <a href='https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.rallypoint.com%2Fanswers%2Fopm-the-worst-hack-of-all-time%3Futm_source%3DFacebook%26utm_medium%3Dorganic%26utm_campaign%3DShare%20to%20facebook' target="_blank" class='social-share-button facebook-share-button'><i class="fa fa-facebook-f"></i></a> <a href="https://twitter.com/intent/tweet?text=%22OPM%3A+The+worst+hack+of+all+time%22&amp;url=https%3A%2F%2Fwww.rallypoint.com%2Fanswers%2Fopm-the-worst-hack-of-all-time&amp;via=RallyPoint" target="_blank" class="social-share-button twitter-custom-share-button"><i class="fa fa-twitter"></i></a> <a href="mailto:?subject=Check this out on RallyPoint!&body=Hi, I thought you would find this interesting:%0D%0A&quot;OPM: The worst hack of all time&quot;%0D%0A %0D%0AHere is the link: https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time" target="_blank" class="social-share-button email-share-button"><i class="fa fa-envelope"></i></a> </div> <a class="fancybox" rel="d0b81271487abc4c1716fe7eeddab445" href="https://d1ndsj6b8hkqu9.cloudfront.net/pictures/images/000/049/683/for_gallery_v2/a87fac5c.png"><img src="https://d1ndsj6b8hkqu9.cloudfront.net/pictures/images/000/049/683/large_v3/a87fac5c.png" alt="A87fac5c" /></a></div></div>From: Computer World<br />--<br />Hi, my name is Steven J. Vaughan-Nichols and I had a security clearance in the 1980s. Because of that, my personal records are likely to have been revealed by the Office of Personnel Management hack.<br /><br />Big deal, right? What could be so important about my 30-year-old records that it would matter to me today?<br /><br />Oh, let me think. There’s my Social Security number, my birthday, my birthplace, everywhere I had lived for 10 years before I got my clearance, the full names of all my relatives — you know, everything you’d need to steal my identity.<br /><br />Does that sound like I’m overstating the case? I’m not. When you get a security clearance, they want to know everything about your life.<br /><br />Check for yourself. The current Questionnaire for National Security Positions form (SF-86) is 127 pages long. It asks for information on everywhere you’ve lived in the last 10 years, every job you’ve had for the last 10 years, and any visits to a healthcare professional for emotional or mental health conditions in the last seven years.<br /><br />Then, of course, records checks may also be made on your spouse, roommates and immediate family members. Oh, and by the way, “immediate family” means your spouse, parents, step-parents, siblings, half- and step-siblings, children, stepchildren and cohabitants.<br /><br />Except for the name of your first pet, the SF-86 pretty much covers every question you’ve ever been told you could use for your “security” question.<br /><br />I understand why they ask those questions. What I don’t understand is why Congress never anted up the cash to encrypt those records or secure them in any meaningful way.<br /><br />While I’m grousing about this, I’d also like to know why it appears that some OPM contractors may have been Chinese nationals — working from China.<br /><br />You can’t make this stuff up. Who needs hackers, when the U.S. government will hire you to manage its top-secret goodies?<br /><br />What’s that you say? It was only 4 million records? Oh no, my friend. It was at least 18 million. That’s 18 million former, current and would-be federal employees and contractors.<br /><br />But, wait! It may be 32 million!<br /><br />I’ve reason to believe it was at least that many. I just haven’t been able to get anyone on record with that number. But trust me, the OPM data breach is bigger and badder than anything else that’s ever happened.<br /><br />Now, let’s think about the next steps. Clearly, the entire government personnel system will need to be cleaned up. There’s a bigger issue, though.<br /><br />The U.S. currently has about 319 million citizens. Of those, 10% of them may have had their Social Security numbers revealed. Think about it.<br /><br />Now, if China has all that information, it may not matter that much. Seriously, does Beijing care about my Social Security benefits? I doubt it.<br /><br />But let’s say I held a sensitive government position and had a cousin living in Hong Kong. Then it would be a different story. In that case, I could foresee getting a call from a burner mobile phone telling me that if I’d like to keep my cousin safe, I might want to share a little information with someone.<br /><br />Let’s say the hackers were run-of-the-mill crackers instead of a nation state. After all, a bright teenager could have broken into the OPM. If that’s the case, what’s to stop them from practicing identity theft on an epic level?<br /><br />I’ll tell you what: nothing. The feds tried — and failed — to set a credit and identity protection plan. Eventually, they’ll get it right, but so what?<br /><br />Ten percent of Americans may have had their identities permanently compromised. So, what are we going to do?<br /><br />No one’s talking about that yet. But here are some real possibilities: 1) Junk our current Social Security numbers. 2) Bring back the much-hated idea of a national ID card. Or 3) Reauthorize every last person whose ID has been revealed and give them new Social Security numbers.<br /><br />Any way you cut it, fixing this is going to take a minimum of tens of billions of dollars. Frankly, I wouldn’t be shocked if the bill ends up running into hundreds of billions. At the same time, no one is going to be happy with any of these solutions.<br /><br />An ancient “ha-ha-but-actually-serious” computer joke goes, “To err is human, but to really foul things up, you need a computer.” That joke has never been more serious.<br /><br /><a target="_blank" href="http://www.computerworld.com/article/2941754/data-security/opm-the-worst-hack-of-all-time.html">http://www.computerworld.com/article/2941754/data-security/opm-the-worst-hack-of-all-time.html</a> Thu, 02 Jul 2015 14:50:24 -0400 "OPM: The worst hack of all time" https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time <div class="images-v2-count-1"><div class="content-picture image-v2-number-1" id="image-49683"> <div class="social_icons social-buttons-on-image"> <a href='https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.rallypoint.com%2Fanswers%2Fopm-the-worst-hack-of-all-time%3Futm_source%3DFacebook%26utm_medium%3Dorganic%26utm_campaign%3DShare%20to%20facebook' target="_blank" class='social-share-button facebook-share-button'><i class="fa fa-facebook-f"></i></a> <a href="https://twitter.com/intent/tweet?text=%22OPM%3A+The+worst+hack+of+all+time%22&amp;url=https%3A%2F%2Fwww.rallypoint.com%2Fanswers%2Fopm-the-worst-hack-of-all-time&amp;via=RallyPoint" target="_blank" class="social-share-button twitter-custom-share-button"><i class="fa fa-twitter"></i></a> <a href="mailto:?subject=Check this out on RallyPoint!&body=Hi, I thought you would find this interesting:%0D%0A&quot;OPM: The worst hack of all time&quot;%0D%0A %0D%0AHere is the link: https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time" target="_blank" class="social-share-button email-share-button"><i class="fa fa-envelope"></i></a> </div> <a class="fancybox" rel="3bd8579c756d20a9ed994c9d1e58126e" href="https://d1ndsj6b8hkqu9.cloudfront.net/pictures/images/000/049/683/for_gallery_v2/a87fac5c.png"><img src="https://d1ndsj6b8hkqu9.cloudfront.net/pictures/images/000/049/683/large_v3/a87fac5c.png" alt="A87fac5c" /></a></div></div>From: Computer World<br />--<br />Hi, my name is Steven J. Vaughan-Nichols and I had a security clearance in the 1980s. Because of that, my personal records are likely to have been revealed by the Office of Personnel Management hack.<br /><br />Big deal, right? What could be so important about my 30-year-old records that it would matter to me today?<br /><br />Oh, let me think. There’s my Social Security number, my birthday, my birthplace, everywhere I had lived for 10 years before I got my clearance, the full names of all my relatives — you know, everything you’d need to steal my identity.<br /><br />Does that sound like I’m overstating the case? I’m not. When you get a security clearance, they want to know everything about your life.<br /><br />Check for yourself. The current Questionnaire for National Security Positions form (SF-86) is 127 pages long. It asks for information on everywhere you’ve lived in the last 10 years, every job you’ve had for the last 10 years, and any visits to a healthcare professional for emotional or mental health conditions in the last seven years.<br /><br />Then, of course, records checks may also be made on your spouse, roommates and immediate family members. Oh, and by the way, “immediate family” means your spouse, parents, step-parents, siblings, half- and step-siblings, children, stepchildren and cohabitants.<br /><br />Except for the name of your first pet, the SF-86 pretty much covers every question you’ve ever been told you could use for your “security” question.<br /><br />I understand why they ask those questions. What I don’t understand is why Congress never anted up the cash to encrypt those records or secure them in any meaningful way.<br /><br />While I’m grousing about this, I’d also like to know why it appears that some OPM contractors may have been Chinese nationals — working from China.<br /><br />You can’t make this stuff up. Who needs hackers, when the U.S. government will hire you to manage its top-secret goodies?<br /><br />What’s that you say? It was only 4 million records? Oh no, my friend. It was at least 18 million. That’s 18 million former, current and would-be federal employees and contractors.<br /><br />But, wait! It may be 32 million!<br /><br />I’ve reason to believe it was at least that many. I just haven’t been able to get anyone on record with that number. But trust me, the OPM data breach is bigger and badder than anything else that’s ever happened.<br /><br />Now, let’s think about the next steps. Clearly, the entire government personnel system will need to be cleaned up. There’s a bigger issue, though.<br /><br />The U.S. currently has about 319 million citizens. Of those, 10% of them may have had their Social Security numbers revealed. Think about it.<br /><br />Now, if China has all that information, it may not matter that much. Seriously, does Beijing care about my Social Security benefits? I doubt it.<br /><br />But let’s say I held a sensitive government position and had a cousin living in Hong Kong. Then it would be a different story. In that case, I could foresee getting a call from a burner mobile phone telling me that if I’d like to keep my cousin safe, I might want to share a little information with someone.<br /><br />Let’s say the hackers were run-of-the-mill crackers instead of a nation state. After all, a bright teenager could have broken into the OPM. If that’s the case, what’s to stop them from practicing identity theft on an epic level?<br /><br />I’ll tell you what: nothing. The feds tried — and failed — to set a credit and identity protection plan. Eventually, they’ll get it right, but so what?<br /><br />Ten percent of Americans may have had their identities permanently compromised. So, what are we going to do?<br /><br />No one’s talking about that yet. But here are some real possibilities: 1) Junk our current Social Security numbers. 2) Bring back the much-hated idea of a national ID card. Or 3) Reauthorize every last person whose ID has been revealed and give them new Social Security numbers.<br /><br />Any way you cut it, fixing this is going to take a minimum of tens of billions of dollars. Frankly, I wouldn’t be shocked if the bill ends up running into hundreds of billions. At the same time, no one is going to be happy with any of these solutions.<br /><br />An ancient “ha-ha-but-actually-serious” computer joke goes, “To err is human, but to really foul things up, you need a computer.” That joke has never been more serious.<br /><br /><a target="_blank" href="http://www.computerworld.com/article/2941754/data-security/opm-the-worst-hack-of-all-time.html">http://www.computerworld.com/article/2941754/data-security/opm-the-worst-hack-of-all-time.html</a> RallyPoint Shared Content Thu, 02 Jul 2015 14:50:24 -0400 2015-07-02T14:50:24-04:00 Response by SSgt Private RallyPoint Member made Jul 2 at 2015 2:53 PM https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time?n=786531&urlhash=786531 <div class="images-v2-count-0"></div>And yet, there's was hardly a mention of it on the news. The hacking agency had access to everything for a great length of time before anyone noticed!!! SSgt Private RallyPoint Member Thu, 02 Jul 2015 14:53:24 -0400 2015-07-02T14:53:24-04:00 Response by PO1 John Miller made Jul 2 at 2015 3:11 PM https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time?n=786571&urlhash=786571 <div class="images-v2-count-0"></div>I'm still waiting to hear from OPM that my data was compromised. I've had a security clearance for just over 20 years now. PO1 John Miller Thu, 02 Jul 2015 15:11:55 -0400 2015-07-02T15:11:55-04:00 Response by MSgt James Mullis made Jul 2 at 2015 3:32 PM https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time?n=786638&urlhash=786638 <div class="images-v2-count-0"></div>Welcome to the club. I had a TS/SCI clearance until I retired. I don't know if it was related to the OPM hack, but this year someone filed my taxes for me and received a sizable refund electronically (possibly to an overseas bank). According to the IRS, an investigation is underway and I might or might not get the refund I was due in about 9 months. MSgt James Mullis Thu, 02 Jul 2015 15:32:42 -0400 2015-07-02T15:32:42-04:00 Response by SPC Joseph Eichelberger made Jul 3 at 2015 12:09 PM https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time?n=788712&urlhash=788712 <div class="images-v2-count-0"></div>"Any way you cut it, fixing this is going to take a minimum of tens of billions of dollars. Frankly, I wouldn’t be shocked if the bill ends up running into hundreds of billions." <br /><br />What makes you think they're going to fix it? Why start caring about vets and the military now? They only love us when they can take from us. SPC Joseph Eichelberger Fri, 03 Jul 2015 12:09:28 -0400 2015-07-03T12:09:28-04:00 Response by SPC Kortney Kistler made Jul 3 at 2015 11:24 PM https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time?n=789963&urlhash=789963 <div class="images-v2-count-0"></div>I'm curious as to why people on this site choose to reveal their clearance levels? SPC Kortney Kistler Fri, 03 Jul 2015 23:24:29 -0400 2015-07-03T23:24:29-04:00 Response by GySgt Wayne A. Ekblad made Jul 19 at 2015 6:20 AM https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time?n=826363&urlhash=826363 <div class="images-v2-count-0"></div>Weeks later, services for cyber theft victims still a work in progress ...<br /><br /><a target="_blank" href="http://www.washingtonpost.com/blogs/federal-eye/wp/2015/07/16/weeks-later-services-for-cyber-theft-victims-still-a-work-in-progress/?tid=hpModule_14fd66a0-9199-11e2-bdea-e32ad90da239&amp;hpid=z12">http://www.washingtonpost.com/blogs/federal-eye/wp/2015/07/16/weeks-later-services-for-cyber-theft-victims-still-a-work-in-progress/?tid=hpModule_14fd66a0-9199-11e2-bdea-e32ad90da239&amp;hpid=z12</a> <div class="pta-link-card answers-template-image type-default"> <div class="pta-link-card-picture"> <img src="https://d26horl2n8pviu.cloudfront.net/link_data_pictures/images/000/018/322/qrc/OPM.jpg?1443048720"> </div> <div class="pta-link-card-content"> <p class="pta-link-card-title"> <a target="blank" href="http://www.washingtonpost.com/blogs/federal-eye/wp/2015/07/16/weeks-later-services-for-cyber-theft-victims-still-a-work-in-progress/?tid=hpModule_14fd66a0-9199-11e2-bdea-e32ad90da239&amp;hpid=z12">Weeks later, services for cyber theft victims still a work in progress</a> </p> <p class="pta-link-card-description">The new acting chief of the Office of Personnel Management can&#39;t provide information on when notifications and remediation services for data breach victims will be ready.</p> </div> <div class="clearfix"></div> </div> GySgt Wayne A. Ekblad Sun, 19 Jul 2015 06:20:19 -0400 2015-07-19T06:20:19-04:00 Response by GySgt Wayne A. Ekblad made Aug 7 at 2015 7:37 AM https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time?n=871463&urlhash=871463 <div class="images-v2-count-1"><div class="content-picture image-v2-number-1" id="image-54851"> <div class="social_icons social-buttons-on-image"> <a href='https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.rallypoint.com%2Fanswers%2Fopm-the-worst-hack-of-all-time%3Futm_source%3DFacebook%26utm_medium%3Dorganic%26utm_campaign%3DShare%20to%20facebook' target="_blank" class='social-share-button facebook-share-button'><i class="fa fa-facebook-f"></i></a> <a href="https://twitter.com/intent/tweet?text=%22OPM%3A+The+worst+hack+of+all+time%22&amp;url=https%3A%2F%2Fwww.rallypoint.com%2Fanswers%2Fopm-the-worst-hack-of-all-time&amp;via=RallyPoint" target="_blank" class="social-share-button twitter-custom-share-button"><i class="fa fa-twitter"></i></a> <a href="mailto:?subject=Check this out on RallyPoint!&body=Hi, I thought you would find this interesting:%0D%0A&quot;OPM: The worst hack of all time&quot;%0D%0A %0D%0AHere is the link: https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time" target="_blank" class="social-share-button email-share-button"><i class="fa fa-envelope"></i></a> </div> <a class="fancybox" rel="adaee3862df1a073105e4be764fa52d4" href="https://d1ndsj6b8hkqu9.cloudfront.net/pictures/images/000/054/851/for_gallery_v2/3adb7ad6.jpg"><img src="https://d1ndsj6b8hkqu9.cloudfront.net/pictures/images/000/054/851/large_v3/3adb7ad6.jpg" alt="3adb7ad6" /></a></div></div>OPM officials hindering scrutiny of hacked computer systems, watchdog says ...<br /><br />The Office of Personnel Management’s inspector general has accused the agency’s information technology office of trying to thwart scrutiny of how well OPM protected the security clearance and federal employee personnel files that were hacked and how well it responded to those breaches.<br /><br />Inspector general Patrick E. McFarland said that OPM’s Office of the Chief Information Officer, or OCIO, has “hindered and interfered with” his office’s oversight and “has created an environment of mistrust by providing my office with incorrect and/or misleading information.”<br /><br />In a memo to acting OPM director Beth Cobert, McFarland said that while his independent office traditionally has had a positive relationship with the OCIO, recent events make him “question whether the OCIO is acting in good faith.”<br /><br />In particular, the memo said that the IG delayed a planned audit of a contractor when officials pointed out that another audit recently had been done, even though they knew by then that the contractor already had been breached — a breach that has been described as providing the key to unlocking the OPM personnel files. The CIO’s office also “failed to timely notify” the IG of the hack of the personnel records, which “impeded our ability to coordinate with other law enforcement organizations and conduct audit oversight activity,” it said.<br /><br />Management also tried to keep IG investigators out of meetings with the FBI and others on the security-clearance files breach, and did not fully inform the IG of a major IT project for nearly a year after planning and implementation began, it said.<br /><br /><a target="_blank" href="http://www.washingtonpost.com/blogs/federal-eye/wp/2015/08/06/opm-officials-hindering-scrutiny-of-hacked-computer-systems-auditor-says/?tid=hpModule_308f7142-9199-11e2-bdea-e32ad90da239&amp;hpid=z14">http://www.washingtonpost.com/blogs/federal-eye/wp/2015/08/06/opm-officials-hindering-scrutiny-of-hacked-computer-systems-auditor-says/?tid=hpModule_308f7142-9199-11e2-bdea-e32ad90da239&amp;hpid=z14</a> <div class="pta-link-card answers-template-image type-default"> <div class="pta-link-card-picture"> <img src="https://d26horl2n8pviu.cloudfront.net/link_data_pictures/images/000/019/470/qrc/BethCobert2.jpg?1443050662"> </div> <div class="pta-link-card-content"> <p class="pta-link-card-title"> <a target="blank" href="http://www.washingtonpost.com/blogs/federal-eye/wp/2015/08/06/opm-officials-hindering-scrutiny-of-hacked-computer-systems-auditor-says/?tid=hpModule_308f7142-9199-11e2-bdea-e32ad90da239&amp;hpid=z14">OPM officials hindering scrutiny of hacked computer systems, watchdog says</a> </p> <p class="pta-link-card-description">OPM’s inspector general says agency’s information technology office tried to thwart scrutiny of OPM security practices, response.</p> </div> <div class="clearfix"></div> </div> GySgt Wayne A. Ekblad Fri, 07 Aug 2015 07:37:48 -0400 2015-08-07T07:37:48-04:00 Response by SSgt Alex Robinson made Aug 7 at 2015 4:07 PM https://www.rallypoint.com/answers/opm-the-worst-hack-of-all-time?n=873016&urlhash=873016 <div class="images-v2-count-0"></div>We must completely secure all military and govenrment related networks. We owe it to all military and civilians to protect their data. SSgt Alex Robinson Fri, 07 Aug 2015 16:07:45 -0400 2015-08-07T16:07:45-04:00 2015-07-02T14:50:24-04:00