The .gov has been hacked

Chinese breach data of 4 million federal workers
Video link

By Ellen Nakashima June 4
Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S. officials said Thursday, and the agency will notify about 4 million current and former federal employees that their personal data may have been compromised.

The hack was the largest breach of federal employee data in recent years. It was the second major intrusion of the same agency by China in less than a year and the second significant foreign breach into U.S. government networks in recent months.Last year, Russia compromised White House and State Department e-mail systems in a campaign of cyberespionage.

[What to do if your information was stolen]

The OPM, using new tools, discovered the breach in April, according to officials at the agency who declined to discuss who was behind the hack.

Other U.S. officials, who spoke on the condition of anonymity, citing the ongoing investigation, identified the hackers as being state-sponsored.


One private security firm, iSight Partners, says it has linked the OPM intrusion to the same cyberespionage group that hacked the health insurance giant Anthem. The FBI suspects that that intrusion, announced in February, was also the work of Chinese hackers, people close to the investigation have said.

The intruders in the OPM case gained access to information that included employees’ Social Security numbers, job assignments, performance ratings and training information, agency officials said. OPM officials declined to comment on whether payroll data was exposed other than to say that no direct-
deposit information was compromised. They could not say for certain what data was taken, only what the hackers gained access to.

[China calls the accusation ‘irresponsible and unscientific’]

“Certainly, OPM is a high-value target,” Donna Seymour, the agency’s chief information officer, said in an interview. “We have a lot of information about people, and that is something that our adversaries want.”

The personal information exposed could be useful in crafting “spear-phishing” e-mails, which are designed to fool recipients into opening a link or an attachment so that the hacker can gain access to computer systems. Using the stolen OPM data, for instance, a hacker might send a fake e-mail purporting to be from a colleague at work.

After the earlier breach discovered in March 2014, the OPM undertook “an aggressive effort to update our cybersecurity posture, adding numerous tools and capabilities to our networks,” Seymour said. “As a result of adding these tools, we were able to detect this intrusion into our networks.”

“Protecting our federal employee data from malicious cyber incidents is of the highest priority at OPM,” Director Katherine Archuleta said in a statement.

The real story of how the Internet became so vulnerable]

Seymour said the agency is working to better protect the data stored in its servers throughout the government, including by using data masking or redaction. “We’ve purchased tools to be able to implement that capability for all” the data, she said.

Among the steps taken to protect the network, the OPM restricted remote access to the network by system administrators, officials said. When the OPM discovered the breach, it notified the FBI and the Department of Homeland Security.

A senior DHS official, who spoke on the condition of anonymity because of the ongoing investigation, said the “good news” is that the OPM discovered the breach using the new tools. “These things are going to keep happening, and we’re going to see more and more because our detection techniques are improving,” the official said.

FBI spokesman Josh Campbell said his agency is working with DHS and OPM officials to investigate the incident. “We take all potential threats to public- and private-sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” he said.

The intruders used a “zero-day” — a previously unknown cyber-tool — to take advantage of a vulnerability that allowed the intruders to gain access into the system.

[Why the Internet’s massive flaws may never get fixed]

China is one of the most aggressive nations targeting U.S. and other Western states’ networks. In May 2014, the United States announced the indictments of five Chinese military officials for economic cyberespionage — hacking into the computers of major steel and other companies and stealing plans, sensitive negotiating details and other information.

“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”

Rep. Adam B. Schiff (Calif.), ranking Democrat on the House Intelligence Committee, said the past few months have seen a massive series of data breaches affecting millions of Americans.

“This latest intrusion . . . is among the most shocking because Americans may expect that federal computer networks are maintained with state-of-the-art defenses,” he said. “The cyberthreat from hackers, criminals, terrorists and state actors is one of the greatest challenges we face on a daily basis, and it’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue.”

Colleen M. Kelley, president of the nation’s second-largest federal worker union, the National Treasury Employees Union, said her organization “is very concerned” about the breach. “Data security, particularly in an era of rising incidence of identity theft, is a critically important matter,” she said.

“It is vital to know as soon as possible the extent to which, if any, personal information may have been obtained so that affected employees can be notified promptly and encouraged to take all possible steps to protect themselves from financial or other risks,” she said.

 

I'm so impressed they are willing to share how they have been hacked but not let us see the supposidly public information from Hillary clintin' s server

What is wrong with this picture?

 

Lol @kellory. Good one

 

You might contact the Chinese consulate and ask them if they have a copy you can send to the VA.

 

if you work for the .gov and you ever get arrested because of a fingerprint, just tell 'em you were framed.
==============================================================================

How Much Damage Can the OPM Hackers Do With a Million Fingerprints? - NationalJournal.com

July 14, 2015
The Office of Personnel Management announced last week that the personal data for 21.5 million people had been stolen. But for national security professionals and cybersecurity experts, the more troubling issue is the theft of 1.1 million fingerprints.

Much of their concern rests with the permanent nature of fingerprints and the uncertainty about just how the hackers intend to use them. Unlike a Social Security number, address, or password, fingerprints cannot be changed—once they are hacked, they're hacked for good. And government officials have less understanding about what adversaries could do or want to do with fingerprints, a knowledge gap that undergirds just how frightening many view the mass lifting of them from OPM.

"It's probably the biggest counterintelligence threat in my lifetime," said Jim Penrose, former chief of the Operational Discovery Center at the National Security Agency and now an executive vice president at the cybersecurity company Darktrace. "There's no situation we've had like this before, the compromise of our fingerprints. And it doesn't have any easy remedy or fix in the world of intelligence."

(RELATED: OPM Announces More Than 21 Million Affected by Second Data Breach)

Though the idea of hacked fingerprints conjures up troubling scenarios gleaned from Hollywood's panoply of espionage capers, not much is currently known about those that OPM said were swiped in the data breach, which began last year and has been privately linked by officials to China. In fact, the agency said it didn't even know yet specifically which personnel have had their prints compromised.

"We do not have that information at this time," said Sam Schumach, an OPM spokesman, explaining that the agency is still assessing the breach and has not yet performed a "deep dive" into the data to assess whose fingerprints are now in the hands of hackers.

Questions also remain about what the ultimate goal of the OPM hackers is, and the administration so far continues to refuse to publicly blame China for the intrusion. Some have likened the breach to an enormous surveillance operation, one that Beijing conducted in order to build databases on the ins and out of the U.S. government and to potentially coerce, blackmail, or bribe officials into divulging closely guarded secrets.

Whatever the motives, the stolen fingerprints are viewed as a uniquely important and unprecedented data heist—one that could reap huge rewards for the hackers for decades to come.

(RELATED: OPM Director Katherine Archuleta Quits)

"It's really horrifying, on so many levels," said Peter Singer, a strategist at the New America Foundation and a consultant for the military who just published a book,Ghost Fleet, that imagines what a cyber-heavy 21st-century war between the U.S., China, and Russia might look like. "This is different from the other breaches because this is a cyberattack that was not about intellectual-property theft. It was not about economic advantage of some sort. This is what we call preparing the battlefield."

Part of the worry, cybersecurity experts say, is that fingerprints are part of an exploding field of biometric data, which the government is increasingly getting in the business of collecting and storing. Fingerprints today are used to run background checks, verify identities at borders, and unlock smartphones, but the technology is expected to boom in the coming decades in both the public and private sectors.

"There's a big concern [with the OPM hack] not because of how much we're using fingerprints currently, but how we're going to expand using the technology in the next 5-10 years," said Robert Lee, cofounder of Dragos Security, which develops cybersecurity software.

Also problematic is that there is "no way to reissue a fingerprint," Lee said, meaning that once a set is in the hands of a foreign adversary they are vulnerable as long as that person is working in government.

That reality could create a squeeze on government for decades to come, as agencies may be forced to forgo fingerprints for things like two-factor authentication and instead rely on another biometric, such as facial recognition or iris scans. But those could also someday be hacked, as the OPM hack showed that just about anything stored in a government database can be up for grabs.

One thing seems clear: The fingerprints of most covert CIA spies working for the government are likely not affected, because the spy agency manages it own records apart from OPM. But the records for nearly every other executive agency, from the NSA to the FBI and anything housed under the Department of Defense, were laid bare during the hack. And some CIA agents who have previously worked elsewhere in government where they were required to submit a security-clearance form to OPM are also vulnerable.

One nightmare scenario envisioned by Ramesh Kesanupalli, an expert in biometrics, is that agents traveling across borders under aliases could be spotted for their true identities when their prints are scanned. Kesanupalli also warned that the fingerprints could end up somewhere on the black market, making biometrics a novel good to be trafficked on the Internet that could be useful to a buyer for decades.

For Kesanupalli, the hack may spur the government to start adopting other biometrics more quickly in lieu of the contaminated fingerprints, noting that iris scans are not as easily hackable as prints and harder to forge than facial scans, which can sometimes dupe cameras.

But fingerprints are likely only going to grow in importance for the government in the coming years, he said, and that is true for hackers, too.

"You never know down the line where we are going to use the fingerprints," Kesanupalli said.

Penrose, the former NSA official, also speculated that most of the stolen fingerprints were likely digital scans and not the older ink-based records, which may suggest that the bulk of the prints belong to active or recent employees. The broader breach affected all employees going back to 2000, OPM said.

"Jason Bourne would be in big trouble over this," Penrose said, referencing the fictional action-movie character played by Matt Damon. "Give him some new fingerprints."

 

Imagine a smartphone app, that runs fingerprints from photos, or worse, runs the data bank as images for a fingerprint scanner. It would be a virtual master key, and also ID anyone working abroad, no matter what name they used, or in what capacity they were there.
(Jason Bourne, indeed. He was framed by a single false fingerprint, on a failed bomb)

 

@CATO. Thanks for posting this
I will put the info to good use and make a few calls.

It ridiculous that gov is allowed to track all our data and can't keep it secure.

And as you said.... 'I was framed' is a good defense from now on. Lol

 

2 Best Darknet Websites