AuthorTopic: Cyberwarfare: Second OPM hack puts 21.5 million people at risk  (Read 1132 times)

Offline Palloy

  • Sous Chef
  • ****
  • Posts: 3751
    • View Profile
    • https://palloy.wordpress.com
OPM should get its shit together quickly.

http://rt.com/usa/272782-opm-hack-millions-affected/
Second OPM hack puts 21.5 million people at risk
July 09, 2015
Reuters / James Lawler Duggan

A second data breach at the US Office of Personnel Management has affected 21.5 million people, with the hackers stealing sensitive information such as Social Security numbers and putting them at risk of identity theft, the agency announced.

Notably, the agency said that this incident is “separate but related” to the one that saw 4.2 million former and current government employees personnel data compromised.

Of the 21.5 million people whose information was stolen, 19.7 million were individuals who had submitted to federal background checks, which are needed in order to gain security clearances. The other 1.8 million people were non-applicants, such as family members of those who were being checked, OPM stated.

OPM said it “determined that the types of information in these records include identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history” and more.

Some 1.1 million records included fingerprint records. OPM added that hackers also got away with usernames and passwords that individuals used to submit their background investigation forms. Not just current federal employees were affected, either, but also former and prospective ones.

    Today, OPM announced additional information about the recent cyber incident Learn more: http://t.co/YrWkqJKyYO. pic.twitter.com/46pLmaWMxJ

    — Katherine Archuleta (@OPMDirector) July 9, 2015

Meanwhile, OPM says that so far there is “no evidence” showing that separate systems used to store information about health, financial, payroll and retirement records were affected by the breach.

The department said that it will also work with other agencies to boost identity theft monitoring, including by providing identity theft insurance, credit and fraud monitoring, and more.

Previous reports have quoted unnamed US officials blaming China for the attack, but the White House declined to go on the record on Thursday.

"At this point the investigation into the attribution of this event is still ongoing and we are exploring all of the different options that we have,” Michael Daniel of the National Security Council said to Reuters.

The hack has turned out to much more extensive than was previously believed, with compromised information dating back about 15 years. OPM said that anyone who underwent a background investigation since 2000 is “highly likely” to have had their records stolen.

In response, OPM said it “continues to take aggressive action to strengthen its broader cyber defenses and information technology (IT) systems,” partnering with the Department of Defense, Homeland Security, the FBI and more.

Some high-ranking lawmakers aren’t buying that explanation, though. After OPM’s announcement, House of Representatives Speaker John Boehner (R-Ohio) said that President Barack Obama should remove the agency’s leadership from their positions.

"After today's announcement, I have no confidence that the current leadership at OPM is able to take on the enormous task of repairing our national security," he said in a statement.

The department was also criticized by House Oversight Committee Chairman Jason Chaffetz (R-Utah).

"Since at least 2007, OPM leadership has been on notice about the vulnerabilities to its network and cybersecurity policies and practices," he said in a statement to NBC News. “Director Archuleta and Ms. Seymour consciously ignored the warnings and failed to correct these weaknesses. Their negligence has now put the personal and sensitive information of 21.5 million Americans into the hands of our adversaries."

On Twitter, Rep. Adam Schiff of the House Intelligence Committee said that he was “deeply disturbed” by the information disclosed by OPM and questioned whether the agency was being fully honest with lawmakers about the breaches.

    I do not believe OPM was fully candid in its original briefing to the Committee and omitted key information about two distinct hacks.

    — Adam Schiff (@RepAdamSchiff) July 9, 2015


The State is a body of armed men

Offline Palloy

  • Sous Chef
  • ****
  • Posts: 3751
    • View Profile
    • https://palloy.wordpress.com
Re: Cyberwarfare: Second OPM hack puts 21.5 million people at risk
« Reply #1 on: July 09, 2015, 08:53:47 PM »
Navy and Army had better join the modern world. 
Windows XP - the operating system which is still full of bugs after 14 years of patches !

http://rt.com/usa/270526-navy-millions-windows-xp/
US Navy pays $9 million per year to cling to Windows XP
June 29, 2015

The United States Navy still uses Microsoft’s Windows XP, even though there have been four new versions of Windows since XP debuted in 2001. The choice to use the obsolete operating system costs the Navy $9 million every year

Microsoft stopped providing technical support and security updates for Windows XP over a year ago, leaving it in a state perilous for any institution. For those unwilling to make the switch, Microsoft provided the option of continued support for the XP – for a price. That’s what the Navy decided to do.

There are four versions of Windows that are newer than XP – Windows Vista, Windows 7, Windows 8 and the as-yet unreleased Windows 10. The Navy has said that it has plans to upgrade to one of those by July 12, 2016, but there’s a chance it will take even longer. Consequently, the Navy’s contract with Microsoft includes an option to extend the agreement until June 8, 2017, which could bring the total bill for clinging to XP up to $31 million.

“The Navy relies on a number of legacy applications and programs that are reliant on legacy Windows products,” Steven Davis, spokesman for Space and Naval Warfare Systems Command, told CNN. “Until those applications and programs are modernized or phased out, this continuity of services is required to maintain operational effectiveness.”

Davis also told CNN that the Navy’s land-based computers have already been upgraded to newer versions of Windows. The 100,000 computers located on seaborne ships, on the other hand, still rely on XP.

The US Army recently approved a similar support agreement for more than 8,000 Windows XP devices. The continued usage of the defunct operating system is not necessarily indicative of the sclerosis of government agencies. Most ATMs still use XP, as do 15 percent of personal computers globally, according to NetMarketShare.
The State is a body of armed men

Offline Palloy

  • Sous Chef
  • ****
  • Posts: 3751
    • View Profile
    • https://palloy.wordpress.com
ISP contracts with clients always have Terms of Service which say you mustn't use the system for hacking purposes.  I reckon it's OK for them to store evidence of breaches of the ToS, but that's a long way from storing everything from everyone.

http://rt.com/news/273058-german-cyber-security-law/
Germany passes strict cyber-security law to protect ‘critical infrastructure’
July 11, 2015

​In the wake of ever-increasing cyber-security threats, Germany has passed legislation ordering that over 2,000 essential service providers implement new minimum information security standards or face penalties if they fail to do so within two years.

The law passed its final hurdle in the upper house of the German parliament, the Bundesrat, on Friday after having passed the lower house in June.

The law will affect institutions listed as "critical infrastructure,” such as transportation, health, water utilities, telecommunications providers, as well as finance and insurance firms. It gives companies two years to introduce cyber security measures or face fines of up to €100,000 ($111,000).

The Bundesrat-approved IT security law obliges firms and federal agencies to certify for minimum cyber-security standards and obtain Federal Office of Information Security (BSI) clearance. The companies must also notify the Office of suspected cyber-attacks on their systems.

The new set of rules also obliges telecommunications providers to warn customers when their connection was abused, for example in a botnet attack, and store the traffic data for up to six months for investigative purposes, thus potentially violating privacy rights.

BSI will also be expanded to the international center for IT security. Its main task will be to evaluate the reports of possible cyber-violations in critical infrastructure. The Federal Intelligence Service (BND) will be allowed access to foreign data linking to malware signatures and malware traces.

In addition, the Federal Office for the Protection of the Constitution (BfV) will lend assistance to the BSI with assessing the potential impact of cyber-attacks on the accessibility of the critical infrastructure facilities, while the Office of Criminal Investigation (BKA) will be responsible for investigating such cyber-crimes as data spying, intercepting or manipulating.

The planned measures are an “important step” as IT security is “a central component of the public and internal security,” said Interior Minister Thomas de Maizière as cited by Der Spiegel.

The opposition meanwhile recommends that the government first implement their own IT security before forcing companies to do it. Last month it was revealed that hackers used German Chancellor Angela Merkel’s computer to spread Trojan malware during a recent cyber-attack on the German parliament, and that the virus could still be active.

The data protection activists warn that the law surreptitiously allows spying on people’s communications as well as on everything they do in the Net, as it allows telecommunications providers to store the data about their clients’ actions in the internet.

“From a technical point of view, such measures cannot be justified,” Patrick Breyer, the Kiel’s parliament member from the Pirates Party, told DPA.

"The law would serve the idea of IT-security only in case when providers were allowed to gather as little data about their clients as possible,” he added, as quoted by Der Spiegel.

Critics of the law also argue that the new IT security law will drain German economy and will offer little in return. According to the latest study conducted by the high-tech association Bitkom, introducing security parameters will cost the German economy around €1.1 billion ($1.23 billion) per year.

In addition, the companies also complain that the government has not formulated a clear requirement of how severe the cyber-intrusion must be to fall under the reporting requirement. The companies also fear that information about hacker attacks might become public and will result in a negative impact on customers and shareholders.
The State is a body of armed men

Offline Palloy

  • Sous Chef
  • ****
  • Posts: 3751
    • View Profile
    • https://palloy.wordpress.com
http://rt.com/news/273406-right-sector-ukraine-twitter/
‘Maidan 3.0 imminent’: Right Sector hacks Ukrainian security agency’s Twitter
July 13, 2015

On Monday, Right Sector hacked the Twitter account of Ukraine’s National Security and Defense Council (NSDC) as tensions kept mounting between the ultranationalist movement and the Kiev authorities.

“The NSDC Twitter account is under Right Sector’s control,” the tweet, announcing the hack, said.

A series of messages that followed was dedicated to the events in the western Ukrainian town of Mukachevo, where a group of Right Sector militants are in a standoff with security forces after a deadly shootout with the police on Saturday.

“Right Sector troops acted within from self-defense,” one of the tweets said, while the other urged to “immediately detain police officers, who gave the order to open fire in Mukachevo.”

NSDC is a Ukrainian state agency tasked with developing national security policies on domestic and international issue and advising the Ukrainian president.

The hackers also demanded the resignation of Ukraine’s Interior Minister Arsen Avakov and Major-General Andrey Taran, chief of the Joint Centre for Ceasefire Control and Coordination in eastern Ukraine.

They said: “Taran provides cover for smuggling in the area of the antiterrorist operation.” This is in eastern Ukraine where Kiev has been fighting the rebels for over a year.

The struggle for control over smuggling routes in the Carpathian Mountains between Right Sector members and local MP Mikhail Lanyo is said to be the reason for the shootout in Mukachevo.

Another tweet on the hacked NSDC account warned that “while crooks and oligarchs remain in control in Ukraine – Maidan 3.0 is unavoidable.” They are referring to the Maidan protests in late 2013 and early 2014, in which the Right Sector helped oust President Viktor Yanukovich.
The State is a body of armed men

Offline Palloy

  • Sous Chef
  • ****
  • Posts: 3751
    • View Profile
    • https://palloy.wordpress.com
Re: Cyberwarfare: Windows 10 spies on you by default
« Reply #4 on: August 01, 2015, 06:48:17 AM »
http://www.rt.com/usa/311304-new-windows-privacy-issues/
‘Incredibly intrusive’: Windows 10 spies on you by default

31 Jul, 2015

Microsoft’s new Windows 10 operating system is immensely popular, with 14 million downloads in just two days. The price of the free upgrade may just be your privacy, though, as changing Windows 10’s intrusive default settings is difficult.

Technology journalists and bloggers are singing Windows 10’s praises, often using the words such as “amazing,”“glorious” and “fantastic.” The operating system has been described as faster, smoother and more user-friendly than any previous version of Windows. According to Wired magazine, more than 14 million people have downloaded their upgrade since the system was released on Wednesday.

While the upgrade is currently free of charge to owners of licensed copies of Windows 8 and Windows 7, it does come at a price. Several tech bloggers have warned that the privacy settings in the operating system are invasive by default, and that changing them involves over a dozen different screens and an external website.

According to Zach Epstein of BGR News, all of Windows 10’s features that could be considered invasions of privacy are enabled by default. Signing in with your Microsoft email account means Windows is reading your emails, contacts and calendar data. The new Edge browser serves you personalized ads. Solitaire now comes with ads. Using Cortana – the voice-driven assistant that represents Redmond’s answer to Apple’s Siri – reportedly “plays fast and loose with your data.”

“I am pretty surprised by the far-reaching data collection that Microsoft seems to want,” web developer Jonathan Porta wrote on his blog. “I am even more surprised by the fact that the settings all default to incredibly intrusive. I am certain that most individuals will just accept the defaults and have no idea how much information they are giving away.”

As examples, Porta cited Microsoft having access to contacts, calendar details, and “other associated input data” such as “typing and inking” by default. The operating system also wants access to user locations and location history, both of which could be provided not just to Microsoft, but to its “trusted partners.”

“Who are the trusted partners? By whom are they trusted? I am certainly not the one doing any trusting right now,” Porta wrote, describing the default privacy options as “vague and bordering on scary.”

Alec Meer of the ‘Rock, Paper, Shotgun’ blog pointed out this passage in Microsoft’s 12,000-word, 45-page terms of use agreement:

“We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to.”

While most people are used to ads as the price of accessing free content, writes Meer, Microsoft is not making it clear enough that they are “gathering and storing vast amounts of data on your computing habits,” not just browser data.

Opting out of all these default settings requires navigating 13 different screens and a separate website, the bloggers have found. 

    Real transparency starts with straightforward terms and policies that people can clearly understand https://t.co/nzTaCZbYz7
    — Horacio Gutierrez (@horaciog) June 4, 2015

Meer was underwhelmed with Microsoft executives’ claims of transparency and easily understandable terms of use. “There is no world in which 45 pages of policy documents and opt-out settings split across 13 different Settings screens and an external website constitutes ‘real transparency,’” he wrote.

Tracking and harvesting user data has been a business model for many tech giants. Privacy advocates have raised concerns over Google’s combing of emails, Apple’s Siri, and Facebook’s tracking cookies that keep monitoring people’s browser activity in order to personalize advertising and content.
The State is a body of armed men

Offline Palloy

  • Sous Chef
  • ****
  • Posts: 3751
    • View Profile
    • https://palloy.wordpress.com
Re: Cyberwarfare: Second OPM hack puts 21.5 million people at risk
« Reply #5 on: August 11, 2015, 09:22:49 PM »
The BRICS bloc had better get their shit together over their own distribution of Linux if they are going to try and take on Micro$oft.  There have been versions produced in the past, but they wilted from not being supported with government-level staffing and legislation enforcing it for government computers.

There is quite a big learning curve before a new user can master Linux apps - they are fundamentally no different from Windows apps, just slightly different.

http://www.rt.com/politics/312172-windows-10-service-agreement-stirs/
Windows 10 service agreement stirs espionage fears in Russian Communists
11 Aug, 2015

A senior Communist functionary claims that the end-user service agreement attached to the new Windows 10 OS violates the Russian law requiring the personal data of Russian citizens to be collected and processed only by specially-licensed companies.

Vadim Solovyov, the chief lawyer of the Communist Party in the State Duma addressed Prosecutor General Yury Chaika with an official request to launch a probe into Microsoft’s latest operating system, Izvestia daily reported Tuesday.

In his letter, the politician claims that the end-user service agreement distributed with Windows 10 reads that the operating system (OS) will collect and store users’ web history, access points, passwords and other personal data, including physical location, emails and other messages and information about phone calls. Microsoft also reserves the right to share this data with special services, use it in research, publish or use it in any other way it sees fit.

However, current Russian law demands that such gathering and processing of personal information is only permissible by companies included in the National Register of Personal Data Operators, Solovyov noted. As Microsoft is not included on this register, the distribution of Windows 10 on Russian territory becomes illegal, he wrote.

In addition, the MP shared his fears that the use of the new OS in Russian state structures could end in leaks of classified information to foreign special services.

“Practically, we are talking about espionage here,” the letter reads.

To stop the suspected breach of law, Solovyov asked Chaika to launch a probe into Microsoft and to block on the Russian territory all websites that allow the downloading of Windows 10. He also suggested issuing a warning to all bodies of executive and legislative power asking staff not to use Windows 10 on their devices.

The Microsoft press service commented on the initiative saying that any transfer of personal information is possible only with the user’s consent.

Apart from the regulations concerning the collecting and processing on personal data Russia has a pending law obliging all internet companies to store the personal information of Russian citizens inside the country. This act is expected to come into force from September 2016 in order to give foreign and domestic internet companies enough time to create data-storage facilities in Russia.
The State is a body of armed men

 

Related Topics

  Subject / Started by Replies Last post
0 Replies
506 Views
Last post September 23, 2015, 10:57:48 PM
by Palloy
0 Replies
435 Views
Last post February 01, 2016, 01:52:48 PM
by Palloy
0 Replies
829 Views
Last post April 26, 2016, 02:47:18 PM
by Palloy