Page 1 of 3 123 LastLast
Results 1 to 100 of 216

Thread: US hit by 'massive data breach'

  1. #1
    Registered User Neki's Avatar
    Join Date
    Dec 2012
    Location
    UK
    Posts
    2,479
    Tuconots
    27

    US hit by 'massive data breach'

    US hit by 'massive data breach' - BBC News

    US government agencies have been hit by a "massive breach" affecting the personal data of millions of federal workers, officials said.

    The Office of Personnel Management confirmed on Thursday that almost four million current and past employees have been affected...
    woops...

  2. #2
    The King of Beers Araxen's Avatar
    Join Date
    Dec 2012
    Posts
    4,195
    Tuconots
    18
    Not surprising to say the least. It was only a matter of time. I'm surprised it took this long for it to happen.
    PSN: Araxen, Xbox Live: Araxen II, WiiU: Araxen, Steam: Araxen

  3. #3
    sa da tay! radditsu's Avatar
    Join Date
    Dec 2012
    Location
    The Farm
    Posts
    3,333
    Tuconots
    48
    Someone plugged in a usb stick from the parking lot again.

  4. #4
    "AH HA HA HA HA HA" Barraco Bisi's Avatar
    Join Date
    Dec 2012
    Posts
    18,230
    Tuconots
    246
    Sup, Monica. Don't forget to register at re rerolled

  5. #5
    "AH HA HA HA HA HA" Barraco Bisi's Avatar
    Join Date
    Dec 2012
    Posts
    18,230
    Tuconots
    246
    Sup, Monica. Don't forget to register at re rerolled

  6. #6
    Registered User Malakriss's Avatar
    Join Date
    Dec 2012
    Location
    USA
    Posts
    4,713
    Tuconots
    54
    Sounds like the Chinese wanted to find out who to spy on without a China Freedom Act.

  7. #7
    Gavinrad Sparklerad's Avatar
    Join Date
    Dec 2012
    Posts
    16,719
    Tuconots
    35
    Do I need to invest in a tinfoil fedora, or is it very convenient that this happened right after provisions of the Patriot Act expired?
    Draegan is a faggoty piece of shit who sold the forum to mmorpg.com just to spite us. Register at the new site.

    ReReRolled.org - A Gaming Community

  8. #8
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    It happened months ago, so yes, invest in the hipsterwear.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  9. #9
    MEDIOCRE! Big Phoenix's Avatar
    Join Date
    Dec 2012
    Posts
    11,323
    Tuconots
    0
    So when are nations gonna start taking this kind of shit seriously and laying the smackdown on tards who engage in such behavior?

  10. #10
    Registered Hutt Agraza's Avatar
    Join Date
    Dec 2012
    Location
    Florida
    Posts
    6,410
    Tuconots
    40
    What, go to war with China? That wouldn't go well. I'm sure we have our own operations against them. The difference is that we say things when we're penetrated, others don't.
    Quote Originally Posted by brekk View Post
    In all reality I take pride in peoples surprise that I have mod powers at all.

  11. #11
    Gavinrad Sparklerad's Avatar
    Join Date
    Dec 2012
    Posts
    16,719
    Tuconots
    35
    Quote Originally Posted by chaos View Post
    It happened months ago, so yes, invest in the hipsterwear.
    I meant that they announced it now, but w/e im not big on conspiracies.
    Draegan is a faggoty piece of shit who sold the forum to mmorpg.com just to spite us. Register at the new site.

    ReReRolled.org - A Gaming Community

  12. #12
    Registered Smurf Selix's Avatar
    Join Date
    Dec 2012
    Posts
    2,142
    Tuconots
    1
    Quote Originally Posted by Neki View Post
    Given how ancient goverment keeps it systems and how glacial it moves on keeping things up-to-date I am not the least bit surprised. Combine those factors with your standard pensioned elderly government worker who couldn't tell a cd-rom from a coffee cup holder and you are just begging for compromised systems.
    MWS Natural "As an online discussion grows longer, the probability of a comparison involving black people approaches 1."

  13. #13
    Hard Truths Cut Both Ways AladainAF's Avatar
    Join Date
    Dec 2012
    Posts
    2,536
    Tuconots
    18
    So.. what do we do to China in response?

    My bet at what happens: Nothing at all.

  14. #14
    Banned
    Join Date
    Dec 2012
    Posts
    1,622
    Tuconots
    -26
    Yeah, been preaching this at work (fed emp) and . . . well, they literally do not understand.

    Its kinda like, 90% of my agencies work could be automated, and when I show them a script to save 10million+ a year and 10s of thousands of man hours, they just give me blank stares. So I figure, fuck it, and quit working for 3 weeks at a time.

  15. #15
    We Do Not Scissor. Chanur's Avatar
    Join Date
    Dec 2012
    Location
    In the Panhandle waiting for death by Tornado.
    Posts
    9,273
    Tuconots
    27
    If we wanted to punish China we could declare the Senkaku and Daoiyo islands part of territorial Japan.

  16. #16
    Registered User grumblethorn's Avatar
    Join Date
    Dec 2012
    Posts
    1,820
    Tuconots
    4
    We already did when we returned Okinawa to them.

  17. #17
    Hard Truths Cut Both Ways AladainAF's Avatar
    Join Date
    Dec 2012
    Posts
    2,536
    Tuconots
    18
    Quote Originally Posted by grumblethorn View Post
    We already did when we returned Okinawa to them.
    lol, that's what I was thinking. I was like.... "wasn't this settled like.. 70 years ago?". Even China was fine with Japan owning them, until suddenly oil appeared.

  18. #18
    MEDIOCRE! Big Phoenix's Avatar
    Join Date
    Dec 2012
    Posts
    11,323
    Tuconots
    0
    Quote Originally Posted by Agraza View Post
    What, go to war with China? That wouldn't go well. I'm sure we have our own operations against them. The difference is that we say things when we're penetrated, others don't.
    Many ways to deal with this situation that doesnt involve shooting each other. You want to be a fucking tard on the internet, you get kicked off.

  19. #19
    devil's advocate fanaskin's Avatar
    Join Date
    Dec 2012
    Posts
    12,529
    Tuconots
    22
    Quote Originally Posted by AladainAF View Post
    So.. what do we do to China in response?

    My bet at what happens: Nothing at all.
    we've been at "cyber war" for a while now, from what I can tell. it's been a constant back and forth trying to probe and breach each other.

    look at this thing they found china doing in 2009
    GhostNet - Wikipedia, the free encyclopedia
    Last edited by fanaskin; 06-05-2015 at 07:38 AM.

  20. #20
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    Quote Originally Posted by Big Phoenix View Post
    Many ways to deal with this situation that doesnt involve shooting each other. You want to be a fucking tard on the internet, you get kicked off.
    Do you think that we have the ability, authority, or political will to do anything like that to an entire nation without going to war?

    It isn't as if we even know it was China. Attribution is not an exat science bros. Attribution Dice and CyberSquirrel1
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  21. #21
    Janitor Tuco's Avatar
    Join Date
    Dec 2012
    Location
    Ann Arbor, MI
    Posts
    20,175
    Tuconots
    86
    Quote Originally Posted by Big Phoenix View Post
    Many ways to deal with this situation that doesnt involve shooting each other. You want to be a fucking tard on the internet, you get kicked off.
    Lol. Yeah lets just kick china off the internet. Where is the amod thread for the internet?
    Want to play the next big MMO with us? check out Black Desert Online

  22. #22
    Iannis didn't do anything ZyyzYzzy's Avatar
    Join Date
    Dec 2012
    Location
    NoVa
    Posts
    5,710
    Tuconots
    29
    Quote Originally Posted by Tuco View Post
    Lol. Yeah lets just kick china off the internet. Where is the amod thread for the internet?
    Are they repeat offenders? Just give them a long stint in the RR Tuco.

  23. #23
    some sweet gravity AngryGerbil's Avatar
    Join Date
    Dec 2012
    Location
    spherical zoo
    Posts
    5,219
    Tuconots
    87

  24. #24
    Registered Smurf Selix's Avatar
    Join Date
    Dec 2012
    Posts
    2,142
    Tuconots
    1
    Is not all of this hacking just a modern version of 14th century court games? The nobles are rich corporate interests. The hackers are the hired thugs. The peasants are the peasants.
    MWS Natural "As an online discussion grows longer, the probability of a comparison involving black people approaches 1."

  25. #25
    MEDIOCRE! Big Phoenix's Avatar
    Join Date
    Dec 2012
    Posts
    11,323
    Tuconots
    0
    Quote Originally Posted by Tuco View Post
    Lol. Yeah lets just kick china off the internet. Where is the amod thread for the internet?
    Im sure there are ways to deal with this that arent either do nothing or launch all the nukes.

    Its just fucking idiotic that we let this kind of shit happen. This 100% complete inaction just leads to shit like what NK did last year. As time goes on its only going to get worse.
    Last edited by Big Phoenix; 06-05-2015 at 09:31 PM.

  26. #26
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    Bro, settle down. We don't just "let this happen". We don't even know China did it. Even if they did, we do it just as much as they do. You say shit like "100% complete inaction" and then reference North Korea, assuming you are talking about the Sony hack, a hack we only knew North Korea was involved in because we have owned their network on such a primal level that we literally know everything that goes on there. The cyber war is a war and it is ongoing, forever glorious shiny and chrome. Blue team has the hardest job for sure, but red team is out there doing their thing all day every day.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  27. #27
    Font of Positivity Mist's Avatar
    Join Date
    Dec 2012
    Posts
    11,005
    Tuconots
    14
    I'm gonna guess it was fairly standard criminals, not a state actor. This required little technical expertise, and most of that information is really only useful for ID thieves.
    Calling me a Cunt is a lot like calling Hitler a Nazi, it's not exactly received as the insult you were intending.

    Star Citizen referral code - [STAR-C3G4-2XMJ]

  28. #28
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    Where did you get ahold of the methods used? All the govt has reported has been what was in the OPM release, and leaks haven't been that detailed that I have seen.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  29. #29
    Registered User Malakriss's Avatar
    Join Date
    Dec 2012
    Location
    USA
    Posts
    4,713
    Tuconots
    54
    It's Mist, so the truth is likely a very sophisticated government only act that only got information that was useful to spies.

  30. #30
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    We're still early on in the bullshit-fest. Earlier today OPM officials said "no clearance data was breached, clearance data isn't even contained in that data center" then later Reuters reports that "OPM officials have stated that clearance data WAS breached and the data goes back to 1985". One source was even saying classified information was exfiltrated, which is absurd. It is 2015, why is this still rocket surgery? Fucking people running around with their heads cut off.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  31. #31
    Font of Positivity Mist's Avatar
    Join Date
    Dec 2012
    Posts
    11,005
    Tuconots
    14
    Quote Originally Posted by chaos View Post
    Where did you get ahold of the methods used? All the govt has reported has been what was in the OPM release, and leaks haven't been that detailed that I have seen.
    It's a public sector IT system. You don't need to know the methods used to know it was a joke to get into.
    Calling me a Cunt is a lot like calling Hitler a Nazi, it's not exactly received as the insult you were intending.

    Star Citizen referral code - [STAR-C3G4-2XMJ]

  32. #32
    Registered User Crazily's Avatar
    Join Date
    Dec 2012
    Posts
    301
    Tuconots
    -1
    Quote Originally Posted by Mist View Post
    It's a public sector IT system. You don't need to know the methods used to know it was a joke to get into.
    This.

    I work in a public IT sector as a network admin. My specialty is firewalls and security so I am in the trenches when it comes to this type of thing.

  33. #33
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    I do VM for the DoD, I'm not quite there with you in the trenches but I certainly don't think we should be offering lessons learned until we have some idea of what happened. Public sector sucks for keeping up with technology but on the VM side I don't think they are worse than the rest of the industry, and certainly aren't alone when it comes to breaches.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  34. #34
    crushin' them guts Warrian's Avatar
    Join Date
    Dec 2012
    Posts
    135
    Tuconots
    -6
    Stuff that actually matters isn't connected to the internet.

  35. #35
    Registered User Palum's Avatar
    Join Date
    Jan 2013
    Location
    ReRe
    Posts
    9,162
    Tuconots
    66
    My PII matters to me.

  36. #36
    Registered User grumblethorn's Avatar
    Join Date
    Dec 2012
    Posts
    1,820
    Tuconots
    4
    Chaos, you should look into leaving the dod. The financial institutions in Maryland DC are now offering equal pay to cleared work, and is a million times less stressful

  37. #37
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    Yeah I 100% plan to, I have had it with contract work and the stupidity of the DoD/government. I know a bunch of guys recently left the PENCERT and headed to Sony, which I didn't even know had a presence in this area.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  38. #38
    Registered User grumblethorn's Avatar
    Join Date
    Dec 2012
    Posts
    1,820
    Tuconots
    4
    Yeah I went to boa for a year long consulting gig doing PKI than bounced over to another equity firm. Stress-1000%

  39. #39
    We Do Not Scissor. Chanur's Avatar
    Join Date
    Dec 2012
    Location
    In the Panhandle waiting for death by Tornado.
    Posts
    9,273
    Tuconots
    27
    Quote Originally Posted by grumblethorn View Post
    Yeah I went to boa for a year long consulting gig doing PKI than bounced over to another equity firm. Stress-1000%
    Are you who I should bitch at when it doesn't recognize my card? :P

  40. #40
    Registered User grumblethorn's Avatar
    Join Date
    Dec 2012
    Posts
    1,820
    Tuconots
    4
    No comment!

  41. #41
    Registered User Quineloe's Avatar
    Join Date
    Dec 2012
    Posts
    3,426
    Tuconots
    17
    Quote Originally Posted by Big Phoenix View Post
    So when are nations gonna start taking this kind of shit seriously and laying the smackdown on tards who engage in such behavior?


    regarding us, it's the law. So nothing to do here.

  42. #42
    Registered User Elurin's Avatar
    Join Date
    Dec 2012
    Location
    California
    Posts
    7,578
    Tuconots
    57
    Add in SF-86's, which is probably much more egregious than the other data.

    AP: Chinese Hackers Stole Security Clearance Docs for Soldiers and Spies

  43. #43
    Font of Positivity Mist's Avatar
    Join Date
    Dec 2012
    Posts
    11,005
    Tuconots
    14
    The US government should have to go back to filing cabinets and manila envelopes after this.

    You know, like the VA records department.
    Calling me a Cunt is a lot like calling Hitler a Nazi, it's not exactly received as the insult you were intending.

    Star Citizen referral code - [STAR-C3G4-2XMJ]

  44. #44
    Registered User Palum's Avatar
    Join Date
    Jan 2013
    Location
    ReRe
    Posts
    9,162
    Tuconots
    66
    At least the Chinese have both sets of my data now.

  45. #45
    Registered Yiffer Furry's Avatar
    Join Date
    Dec 2012
    Posts
    2,691
    Tuconots
    -39
    Looks like government contractors keep getting hacked.

    Who wants to bet that the correction to this shit is going to be we should outsource more government work to contractors?

  46. #46
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  47. #47
    Rape Culture Enthusiast Dr. Mario Speedwagon's Avatar
    Join Date
    Dec 2012
    Location
    2nd place
    Posts
    4,068
    Tuconots
    144
    Govt so incompetent they can't even outsource properly. Outsource the outsourcing to contractors. That'll do it.

  48. #48
    Iannis didn't do anything ZyyzYzzy's Avatar
    Join Date
    Dec 2012
    Location
    NoVa
    Posts
    5,710
    Tuconots
    29
    Quote Originally Posted by Dr. Mario Speedwagon View Post
    Govt so incompetent they can't even outsource properly. Outsource the outsourcing to contractors. That'll do it.
    Subsubsubcontractors

  49. #49
    Registered User
    Join Date
    Mar 2013
    Posts
    376
    Tuconots
    5
    So next time China wants to hack our data they'll need to hack India instead? Brilliant!

  50. #50
    Registered User Malakriss's Avatar
    Join Date
    Dec 2012
    Location
    USA
    Posts
    4,713
    Tuconots
    54
    I had a summer internship a better part of a decade ago and I'm wondering if my forms were leaked. Probably.

  51. #51
    Hard Truths Cut Both Ways AladainAF's Avatar
    Join Date
    Dec 2012
    Posts
    2,536
    Tuconots
    18
    And now you see why those cooky right-wingers that say shit like "I don't want my medical records online" are not idiots. Crazies, probably. Idiots, nah.

  52. #52
    Registered User Borzak's Avatar
    Join Date
    Dec 2012
    Posts
    8,603
    Tuconots
    26
    I'm suprised at anyone is under the illusion that anything connected to the internet is safe. People who spend all day every day trying to get it just because they can, now throw in state sponsored hacking.

  53. #53
    Registered Yiffer Furry's Avatar
    Join Date
    Dec 2012
    Posts
    2,691
    Tuconots
    -39
    Lets store everything about every american at the nsa. It'll be safe guys, double pinky promise.

  54. #54
    Registered User Malakriss's Avatar
    Join Date
    Dec 2012
    Location
    USA
    Posts
    4,713
    Tuconots
    54
    Safer than it is with the standard government, that's for damn sure.

  55. #55
    MEDIOCRE! Big Phoenix's Avatar
    Join Date
    Dec 2012
    Posts
    11,323
    Tuconots
    0
    Quote Originally Posted by Malakriss View Post
    Safer than it is with the standard government, that's for damn sure.
    Snowden.

  56. #56
    Registered Yiffer Furry's Avatar
    Join Date
    Dec 2012
    Posts
    2,691
    Tuconots
    -39
    Quote Originally Posted by Big Phoenix View Post
    Snowden.
    another contractor brooo

  57. #57

  58. #58
    Iannis didn't do anything ZyyzYzzy's Avatar
    Join Date
    Dec 2012
    Location
    NoVa
    Posts
    5,710
    Tuconots
    29
    So lot of people at work have been getting emails from OPM. I'm fucked.

  59. #59
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    Yeah they got ALL the clearance data. We're all fucked.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  60. #60
    Iannis didn't do anything ZyyzYzzy's Avatar
    Join Date
    Dec 2012
    Location
    NoVa
    Posts
    5,710
    Tuconots
    29
    Quote Originally Posted by chaos View Post
    Yeah they got ALL the clearance data. We're all fucked.
    Now some chinaman knows where I lived 6 years ago. RIP old roommates.

  61. #61
    Registered User Malakriss's Avatar
    Join Date
    Dec 2012
    Location
    USA
    Posts
    4,713
    Tuconots
    54
    Maybe now they'll revamp the social security system and issue new numbers?

  62. #62
    Registered User Palum's Avatar
    Join Date
    Jan 2013
    Location
    ReRe
    Posts
    9,162
    Tuconots
    66
    Well, it's long been true that pre '94 (I think, or there abouts, maybe '91) socials are very easy to reverse engineer with basic knowledge of an individual as long as you know the last 4 - and that's been used as 'safe' forever. Made worse by the internet, of course.

    SSNs are really not the issue though - the issue is the fact that any number ID is only as good as the systems built to use it. SSN is security through obscurity in a lot of cases and any replacement number scheme is just as vulnerable. If the credit agencies or federal government invested in a two factor system there'd at least be something to stop 'prying eyes theft'.

  63. #63
    Registered Yiffer Furry's Avatar
    Join Date
    Dec 2012
    Posts
    2,691
    Tuconots
    -39
    I just got the expected letter in the mail. What seemed really strange to me was that my parents also both received letters in my mail within a couple days. My mom has never had a job, and my father has never had a government job. I have a security clearance, so maybe that's related or something. ETA till chinamen come after me?

  64. #64

  65. #65
    Registered User Elurin's Avatar
    Join Date
    Dec 2012
    Location
    California
    Posts
    7,578
    Tuconots
    57
    I figured they just said fuck it with the letters since it "hit everyone." I guess maybe I should still be expecting one?

  66. #66
    Team Mormont Faltigoth's Avatar
    Join Date
    Dec 2012
    Location
    PA Backwoods
    Posts
    1,067
    Tuconots
    12
    Quote Originally Posted by Big Phoenix View Post
    Snowden.
    Snowden was the ultimate example of, 'never hire a guy to do sensitive government work when he has a Vote Ron Paul sticker on his laptop'.

    Saw one of the phishing email related to this go to a co-worker of mine, who used to work for OPM. That shit was very slickly done, not like your usual phishing email with fucked up grammar and misspelled words and Nigerian princes and such. More than a few of the large amount of age 55+ government workers are going to see that, start clicking shit, and get totally fucked over. Younger folks would likely see something amiss with it, but younger folks do not really make up the majority of federal employees.

  67. #67
    Registered Yiffer Furry's Avatar
    Join Date
    Dec 2012
    Posts
    2,691
    Tuconots
    -39
    Quote Originally Posted by Faltigoth View Post
    Snowden was the ultimate example of, 'never hire a guy to do sensitive government work when he has a Vote Ron Paul sticker on his laptop'.

    Saw one of the phishing email related to this go to a co-worker of mine, who used to work for OPM. That shit was very slickly done, not like your usual phishing email with fucked up grammar and misspelled words and Nigerian princes and such. More than a few of the large amount of age 55+ government workers are going to see that, start clicking shit, and get totally fucked over. Younger folks would likely see something amiss with it, but younger folks do not really make up the majority of federal employees.
    Yea, I have a feeling the letters I got are fishing. They're smooth, really smooth. I can't figure out what the fuck is wrong with them, but I simply know theres no fucking way in hell my mom should be getting one. I was too lazy to look all that close before tossing them in the trash.

  68. #68
    MEDIOCRE! Big Phoenix's Avatar
    Join Date
    Dec 2012
    Posts
    11,323
    Tuconots
    0
    Quote Originally Posted by Furry View Post
    Yea, I have a feeling the letters I got are fishing. They're smooth, really smooth. I can't figure out what the fuck is wrong with them, but I simply know theres no fucking way in hell my mom should be getting one. I was too lazy to look all that close before tossing them in the trash.
    <div style="background-color:#000000;width:520px;"><div style="padding:4px;"><iframe src="http://media.mtvnservices.com/embed/mgid:arc:video:comedycentral.com:98f72476-ed00-11e0-aca6-0026b9414f30" width="512" height="288" frameborder="0"></iframe><p style="text-align:left;background-color:#FFFFFF;padding:4px;margin-top:4px;margin-bottom:0px;font-family:Arial, Helvetica, sans-serif;font-size:12px;">Get More: <a href="http://www.cc.com">Comedy Central</a>,<a href="http://www.cc.com/funny-videos">Funny Videos</a>,<a href="http://www.cc.com/shows">Funny TV Shows</a></p></div></div>

  69. #69
    Registered Hutt Agraza's Avatar
    Join Date
    Dec 2012
    Location
    Florida
    Posts
    6,410
    Tuconots
    40
    Quote Originally Posted by ZyyzYzzy View Post
    Now some chinaman knows where I lived 6 years ago. RIP old roommates.
    Dude, chinaman is not the preferred nomenclature. Asian-american. Please.

    Points deducted for failing to mention your rug.
    Quote Originally Posted by brekk View Post
    In all reality I take pride in peoples surprise that I have mod powers at all.

  70. #70
    MEDIOCRE! Big Phoenix's Avatar
    Join Date
    Dec 2012
    Posts
    11,323
    Tuconots
    0
    So do people just not monitor their network traffic for breaches like this? You would think someone would see someone downloading all 4 million records.

    Also I heard on the radio that this was finally caught due to opm changing their security procedures. How long had this been going on?

  71. #71
    Registered Hutt Agraza's Avatar
    Join Date
    Dec 2012
    Location
    Florida
    Posts
    6,410
    Tuconots
    40
    The chinese have a sick compression algorithm they infected the host servers with to make it faster?
    Quote Originally Posted by brekk View Post
    In all reality I take pride in peoples surprise that I have mod powers at all.

  72. #72
    Registered User Borzak's Avatar
    Join Date
    Dec 2012
    Posts
    8,603
    Tuconots
    26
    Quote Originally Posted by Agraza View Post
    Dude, chinaman is not the preferred nomenclature. Asian-american. Please.

    Points deducted for failing to mention your rug.
    I don't think we refer to Chinamen in China who have never left China as Asian-American.

  73. #73
    Registered Hutt Agraza's Avatar
    Join Date
    Dec 2012
    Location
    Florida
    Posts
    6,410
    Tuconots
    40
    Forget it Donny. You're out of your element!
    Last edited by Agraza; 06-17-2015 at 01:17 AM.
    Quote Originally Posted by brekk View Post
    In all reality I take pride in peoples surprise that I have mod powers at all.

  74. #74
    Registered User Borzak's Avatar
    Join Date
    Dec 2012
    Posts
    8,603
    Tuconots
    26
    Quote Originally Posted by Big Phoenix View Post
    So do people just not monitor their network traffic for breaches like this? You would think someone would see someone downloading all 4 million records.

    Also I heard on the radio that this was finally caught due to opm changing their security procedures. How long had this been going on?
    We would notice at work because we don't have that much bandwith lol. But we do look at certain records from time to time to see when they were last looked at. Not sure if a hacker downloading shows up the same as an employee just snooping around on a local computer.

  75. #75
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    You would think you would notice, and yet every day very intelligent people fail to notice it happening on their network, people with million dollar tools designed by geniuses. Blue team is hard, bros.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  76. #76
    HE A GOOD BOY Iannis's Avatar
    Join Date
    Dec 2012
    Location
    Jack's Wasted Life
    Posts
    15,187
    Tuconots
    67
    Can't you just fix this by opening an enhanced socket?

  77. #77
    Registered User Neki's Avatar
    Join Date
    Dec 2012
    Location
    UK
    Posts
    2,479
    Tuconots
    27
    What's the general feeling like down there at ground zero, Chaos. Concerned? Anger? Frustration?

  78. #78
    HE A GOOD BOY Iannis's Avatar
    Join Date
    Dec 2012
    Location
    Jack's Wasted Life
    Posts
    15,187
    Tuconots
    67
    Is the saying, "Good enough for guvmint work" getting used a lot?

  79. #79

  80. #80
    Banned
    Join Date
    Dec 2012
    Posts
    1,622
    Tuconots
    -26
    This has nothing to do with the government filling IT jobs with ex military.

    At ground zero in government, the overwhelming feeling, even before this was apathy. It's still apathy.

  81. #81
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    Quote Originally Posted by Neki View Post
    What's the general feeling like down there at ground zero, Chaos. Concerned? Anger? Frustration?
    I agree with LachiusTZ. I have been a contractor for a while now, and government workers are the boot on the throat of America, slowly choking the life out of her. They just don't give a fuck, they fail upward habitually, and there is ZERO accountability. As a contractor, it is beyond frustrating when I work with a group of talented, smart people who are shit hot and on the ball, and then some government lackey can't even take the time to read what we give them. Or even more fun is when they do a lateral transfer of some GS-13 into infosec because their old job went away. But hey they have Security+ so I guess it's fine.

    I expect my information to be stolen, no matter where it is, but I expect the bare minimum in security to keep me from being exposed. LastPass is a good example of this. They are some little startup, comparably, and they are doing it right. OPM has resources that LastPass could never dream of and they fucked us through negligence.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  82. #82
    Registered Yiffer Furry's Avatar
    Join Date
    Dec 2012
    Posts
    2,691
    Tuconots
    -39
    Quote Originally Posted by chaos View Post
    ...
    I'll admit I don't know shit about the situation, but what I see is yet another government contractor hacked. Are you claiming that the government contractor getting hacked is a direct result of government negligence? My experience with government and gov contractors has taught me that contractors are even more worthless and useless than federal employees. What insider knowledge do you have to place the blame of the contractor getting hacked on the government? Serious question.

  83. #83
    Iannis didn't do anything ZyyzYzzy's Avatar
    Join Date
    Dec 2012
    Location
    NoVa
    Posts
    5,710
    Tuconots
    29
    Quote Originally Posted by Furry View Post
    I'll admit I don't know shit about the situation, but what I see is yet another government contractor hacked. Are you claiming that the government contractor getting hacked is a direct result of government negligence? My experience with government and gov contractors has taught me that contractors are even more worthless and useless than federal employees. What insider knowledge do you have to place the blame of the contractor getting hacked on the government? Serious question.
    I support a GS-15 and a SES that can't fucking use excel.

  84. #84
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    Quote Originally Posted by Furry View Post
    I'll admit I don't know shit about the situation, but what I see is yet another government contractor hacked. Are you claiming that the government contractor getting hacked is a direct result of government negligence? My experience with government and gov contractors has taught me that contractors are even more worthless and useless than federal employees. What insider knowledge do you have to place the blame of the contractor getting hacked on the government? Serious question.
    I'm talking about the situation in general. It is fucking frightening how straight up unqualified much of government leadership seems to be.

    If you want to blame KeyPoint for the OPM hack, I think that's bullshit. When government agencies put out the RFP for their contracts they get very specific about what they will pay for, and they have a system that rewards underbidding. When you go with the lowest bidder, you get what you pay for. Keypoint wrote to the RFP and they worked to the contract, this is a leadership failure. When you still have SolarWinds even after every hacker conference on Earth has been lolling for years about how broken it is, you have a problem. The government leadership sets the pace and the direction, the contractors just follow it. If the leadership is broken everything is fucked.

    At the end of the day, DHS is going to step in and take control of OPM's IT support. They have been fucking up too much for too long.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  85. #85
    Registered User Elurin's Avatar
    Join Date
    Dec 2012
    Location
    California
    Posts
    7,578
    Tuconots
    57
    Quote Originally Posted by chaos View Post
    When government agencies put out the RFP for their contracts they get very specific about what they will pay for, and they have a system that rewards underbidding. When you go with the lowest bidder, you get what you pay for.
    Not necessarily. The majority of the contracts we (my office) awards are best value tradeoff. Lowest price technically acceptable should be used for shit that doesn't matter much (quality of service isn't as important, you just want someone doing it; e.g. janitors, landscapers). It sounds like maybe whatever office is writing up your contracts isn't worth a shit, but that doesn't mean everyone else is just as retarded.

  86. #86
    Registered Yiffer Furry's Avatar
    Join Date
    Dec 2012
    Posts
    2,691
    Tuconots
    -39
    Quote Originally Posted by ZyyzYzzy View Post
    I support a GS-15 and a SES that can't fucking use excel.
    Im not defending government works. They are mostly retarded and useless members of the ex military job programs. Its just that contract government workers in my experience are the people who couldn't even make that cut.

  87. #87
    Registered User grumblethorn's Avatar
    Join Date
    Dec 2012
    Posts
    1,820
    Tuconots
    4
    I worked at DHS/ICE doing security shit for two years. GS13 fuckhead physical security chief can suck my dick. incompetent buncha chimps

  88. #88
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    Quote Originally Posted by Elurin View Post
    Not necessarily. The majority of the contracts we (my office) awards are best value tradeoff. Lowest price technically acceptable should be used for shit that doesn't matter much (quality of service isn't as important, you just want someone doing it; e.g. janitors, landscapers). It sounds like maybe whatever office is writing up your contracts isn't worth a shit, but that doesn't mean everyone else is just as retarded.
    My experience has been that even on "best value" contracts most of the time it ends up fucked up. Last contract I was on was bid best value, the RFP was so incredibly fucked up that they expected us to eat 50% pay cuts because they didn't write the positions as technical. Again it goes back to government incompetence.

    I feel bad even generalizing, some of my good friends are government, my current government PM is good, there are a lot of good people. Then there are the chucklefucks.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  89. #89
    Registered User Borzak's Avatar
    Join Date
    Dec 2012
    Posts
    8,603
    Tuconots
    26
    Reading this makes me glad 90% of the contracts I am involved in are cost plus. The percentage over cost is on a sliding scale set by how quickly they need it. Either way you're going to make money. Labor + materials + profit are built in.

    Part of the project I'm working on now is funded by the EPA. We're at a standstill now. You would think before they sign a billion dollar contract and are part way thru construction would be a little late to study if it's going to work. Now they're upset we (we're not the only contractor involved) pointed out they only got a specific opening in our schedule to build it. Wait too long and go to the back of the line 2 years from now.

    At least it's only partially funded. I can't imagine doing something fully funded by them.
    Last edited by Borzak; 06-17-2015 at 11:24 PM.

  90. #90
    MEDIOCRE! Big Phoenix's Avatar
    Join Date
    Dec 2012
    Posts
    11,323
    Tuconots
    0
    Quote Originally Posted by chaos View Post
    My experience has been that even on "best value" contracts most of the time it ends up fucked up. Last contract I was on was bid best value, the RFP was so incredibly fucked up that they expected us to eat 50% pay cuts because they didn't write the positions as technical. Again it goes back to government incompetence.

    I feel bad even generalizing, some of my good friends are government, my current government PM is good, there are a lot of good people. Then there are the chucklefucks.
    But did the contract go to a business ran by native american women who are also lesbians?

  91. #91
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    Fucking Alaskan native company. NEVER AGAIN, FUCKERS
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  92. #92
    Registered User Borzak's Avatar
    Join Date
    Dec 2012
    Posts
    8,603
    Tuconots
    26
    Encryption ā€œwould not have helpedā€ at OPM, says DHS official | Ars Technica

    Guessing soon they will throw more money at with no real improvement.

    Some of the contractors that have helped OPM with managing internal data have had security issues of their own—including potentially giving foreign governments direct access to data long before the recent reported breaches. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project "was in Argentina and his co-worker was physically located in the [People's Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is 'so what's new?'"
    Last edited by Borzak; 06-19-2015 at 06:51 AM.

  93. #93
    Team Mormont Faltigoth's Avatar
    Join Date
    Dec 2012
    Location
    PA Backwoods
    Posts
    1,067
    Tuconots
    12
    Quote Originally Posted by chaos View Post
    I'm talking about the situation in general. It is fucking frightening how straight up unqualified much of government leadership seems to be.
    This is a huge goddamn problem. This is my 10th year of federal employment 5th in federal IT, and holy shit, the leadership is fucked. Sure, you get good ones every now and then - but the good ones don't stay, they do their year and move on to a higher position, or they chase the $$$ in the real world. My command's IT department is a bloated pack of fuckwits who are there either because they sucked the right dicks, got out of the military at the right time, or were there during the NSPS fiasco a few years ago (long story short - our HQs went under a new pay system, they immediately gave themselves huge raises, and when that system got yanked, their raises stayed, so they all got ranks/positions far beyond their actual experience). Shit, even when I got hired in 2005, my main IT experience was 'World of Warcraft guildleader'; I just happened to be very knowledgeable about the specific applications our command used, so I got in.

    We have around 150 IT personnel in our headquarters; I would guess 15 or 20 of them are worth more than a sack of shit. There are a couple of CISSPs who know their shit; a database admin who is a total bitch but a wizardess with the horribly outdated database we use; a handful of desktop support people who can actually solve common issues without Google. Other than that, you got a bunch of ex-military 'IT' people (like working a year in the fucking S6 shop qualifies you to perform upper-level IT tasks) or woefully unqualified people who lucked out.

    It is pretty much a farce. I love working for the federal government and the mission I am involved with is important; but christ, the lack of competence from the senior leadership and IT folk is appalling.

  94. #94
    Registered Yiffer Furry's Avatar
    Join Date
    Dec 2012
    Posts
    2,691
    Tuconots
    -39
    Quote Originally Posted by Faltigoth View Post
    ...
    In my experience, there's four types of people who work for the government. Ex military make up about 50% of the workforce. They are completely useless through and through to the last man- but they tend to love their country. After that you have the old people who are incapable of change. These people are almost always incredibly angry and incredibly unhappy. They also are almost always incredibly republican and hate their jobs, but also wouldn't do anything to hurt their country. Then you have incredibly smart and overqualified people who have an incredibly sick and dying kid/wife. These people get government jobs to rape the teat of the free good healthcare system, and there tends to be one or two out of every 50 or so that carry the whole system. And then you have the blacks job program, which honestly is the biggest bag of hard to understand. You have everything from people who straight up don't work and care to very intelligent/skilled employees. Usually their military experience decides what end of the spectrum they're on.

    The biggest commonality between all these people as 99.999% of them will not be traitors to their country. All of these situations with hackers and data being leaked appear so far to be because of contractors going traitor, and possibly even because contractors were straight up spies. As useless as all these people are, wouldn't they be superior to having our security done by a huge security thread?

  95. #95
    Low Information Janitor chaos's Avatar
    Join Date
    Dec 2012
    Posts
    13,413
    Tuconots
    70
    Bro, I'm ex military and I don't mind saying that I am a bad motherfucker. I work real hard. But, also not a federal employee. Almost everyone I work with is ex military and some of these guys are on what is, for the government, the bleeding edge of infiltration detection and vulnerability/malware analysis.

    Really I agree with what Bejtlich and others have said. For this one breach, we shouldn't be too hard on them. LastPass and Kaspersky got owned just as bad as OPM did and they don't have any of the excuses of the huge bureaucracy or inexperienced users holding them down. The government gets owned because the government is an enormous, complex target and securing such a target 100% while maintaining any kind of usability is impossible. The problem specifically with OPM is the pattern of breaches and infiltrations while management just fucked the football rather than making shit happen. Even then, they were trying, that is how this got found, they were demoing full pcap/analysis software. And according to Ron Gula, this happens quite a bit where product demos expose infiltrations/vulnerabilities in networks.

    But that doesn't mean that the status quo is ok. The government needs a fundamental shakeup in the way hiring, retention, training, and spending are managed.
    Last edited by chaos; 06-19-2015 at 07:19 PM.
    Quote Originally Posted by tad10 View Post
    This place has gone to shit.

  96. #96
    Registered User Malakriss's Avatar
    Join Date
    Dec 2012
    Location
    USA
    Posts
    4,713
    Tuconots
    54
    The way I look at it is: they didn't get owned by North Korea or Iran, this was China and not a random Chinese hacking group. So based on that I assume Russia already had it all 10 years ago and hopefully they're fixing their shit so random hacktivists aren't getting it in the next 5.

  97. #97
    Team Mormont Faltigoth's Avatar
    Join Date
    Dec 2012
    Location
    PA Backwoods
    Posts
    1,067
    Tuconots
    12
    There are alot of good places for ex-military in the federal government. LOTS of them.

    Upper level IT tends to not be one of them except in exceptional circumstances, because until very recently, there was no focus on it. 'IT' meant fixing radios and shit, not managing networks.

  98. #98
    Registered User Frenzied Wombat's Avatar
    Join Date
    Dec 2012
    Location
    Tejas
    Posts
    5,686
    Tuconots
    22
    I've worked in IT for 20 years and these hacks will become the new "normal" unless the internet is fundamentally re-architected to focus on security. When you combine the staggering pace of advancement in network technologies that are riddled with bugs/exploits and marry it to an incompetent or uncaring base of end-users, preventing hacks becomes an exercise in futility. Even if we were to only focus on externally facing hacks coming from your WAN, the pace of disclosed vulnerabilities exceeds most IT department's capability to patch then in any expedient manner. If a TLS exploit is revealed on day 0, by day 1-2 some hacker has already build a GUI based tool allowing any script kiddy with a $300 e-machine sitting in China to pwn a 300 million dollar corporate network that isn't conceivably capable of patching 30+ mail gateways across the globe in 48hrs. Even if the vendor has released a security patch in record time, you just can't roll that shit out across the globe without aggressive testing first.

    Then you've got the far easier path of simple social engineering. Why even bother exploiting the network when you can bribe the cleaning guy to install one of these innocuous devices under an employee's desk? I'm now sniffing passwords and will be in your network within 24 hrs. Or randomly call federal workers pretending to be the new helpdesk guy that "needs your password to test something" until some idiot gladly divulges it?

    Anybody that wants into a network and is willing to dedicate some time/money towards the effort WILL get in. The best thing you can hope for in any decently sized corporate network is to keep out "hackers of opportunity" that run scanners against random IP blocks looking or vulnerabilities to exploit.

  99. #99
    Font of Positivity Mist's Avatar
    Join Date
    Dec 2012
    Posts
    11,005
    Tuconots
    14
    Maybe it's not the network but all the applications running on it that need re-engineering. The internet itself was supposed to be assumed vulnerable at all times.
    Calling me a Cunt is a lot like calling Hitler a Nazi, it's not exactly received as the insult you were intending.

    Star Citizen referral code - [STAR-C3G4-2XMJ]

  100. #100
    Registered User Palum's Avatar
    Join Date
    Jan 2013
    Location
    ReRe
    Posts
    9,162
    Tuconots
    66
    Again, no one fucking learns besides Big Bill.

    bsg_chars_william-adama_01_web-300x168.jpg

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •