American Elephants

It’s All Falling Apart. Chapter Ten. by The Elephant's Child

The hack of the Office of Personnel Management is far more massive and problematic than has been publicly acknowledged, and not only that, it went undetected for more than a year.. The hackers are believed to be from China. It started with an initial intrusion into the OPM systems more than a year ago, and once they had successfully intruded, they were able to work their way through four different “segments” of OPM’s systems.

At first the breach was said to expose the personal information of approximately four million people, such as Social Security numbers, birthdates and addresses of current and former federal workers.

It’s far worse than that. The hackers accessed what are called SF-86 forms, documents used for conducting background checks for worker security clearances. The forms can contain sensitive data about workers seeking security clearances, but also about their friends, spouses and family members. They can include information about the applicant’s interactions with foreign nationals, information that could be used against those nationals.

Homeland Security initially claimed the government’s EINSTEIN detection program was responsible for uncovering the hack. Not so. The EINSTEIN system failed. The Wall Street Journal reported the breach was actually discovered during a sales pitch demonstration by a security company named  CYTech Services showing the OPM its security program.

This is not just someone accessing your credit card number, but blackmail, diplomats with access to classified information are required to list their contacts.The OPM actually had no IT security staff until 2013. They’re not sure that they have discovered the full extent of the intrusion.

The Wall Street Journal pointed out that that local unions made it harder to protect files. “In early 2011 ICE noticed a significant uptick in “mail infections and privacy spills” in its networks The spike was due to ICE employees accessing their personal webmail accounts from office computers. Senior managers terminated webmail access in September 2011 as a security precaution.

The American Federation of Government Employees promptly filed a grievance with a federal arbitrator, claiming that any change in access to private email must first be collectively bargained with the union

ICE argued security, dangers, Federal Information Security Management Act, security threats, usual arguments, arbitrator said “the Agency may not take any action to reduce security risks to its IT systems without first providing the Union an opportunity to bargain. (the arbitrator’s italics.)

The White House late Friday tried to catch up by launching a “30 day Cyber Security Sprint” to beef up cybersecurity protocol across the government. (Fix everything right now!)

Those steps include: to fix any cybersecurity vulnerabilities immediately; tighten policies and practices for privileged users who can access sensitive information; implement multi-factor authentication procedures for accessing federal networks; and employ electronic “indicators” provided by the Department of Homeland Security that show when there has been a malicious cyberattack.

Well, it’s only fourteen million current and former government employees. This is the same government that could not manage to roll out their health care program, They’ve had a remarkable number of hints that their computer  programs were not up to snuff,  that security procedures were not being followed.Think of all those missing emails and supposedly destroyed hard drives that prevent information required to be produced by Freedom of Information Act requests and nobody can find it. Departments that have installed hugely expensive new computer systems only to find that they don’t work. You would think that someone might notice that they’re not technically apt, and not half as smart as they think they are.

In Britain, the Guardian reports that “Downing Street and the Home Office are being challenged to answer to claims that Russia and China have broken into the secret cache of Edward Snowden files and that British agents have had to be withdrawn from live operations as a consequence.”

Snowden, a former NSA contractor, handed over tens of thousands of leaked documents to the Guardian in Hong Kong two years ago. He left Hong Kong with flights booked to Latin America but was stopped in Russia when the US revoked his passport, and has been living in Moscow in exile since.

He has repeatedly said he handed over all the documents to journalists in Hong Kong and no longer has access to them, making it impossible for either China or Russia to get to them through him. The Sunday Times and BBC do not say where China or Russia allegedly gained access to the files.

A “senior Home Office source” claimed that Putin didn’t give Snowden asylum for nothing. His documents were encrypted but not secure and British agents are being targeted. A British “intelligence source” said Snowden has done incalculable damage, and Russian and Chinese officials will be examining Snowden’s material for year to come.

That’s all very iffy and unconfirmed, but interesting if true. There is a battle going on both in Britain and here between privacy zealots and government secrecy. It would be nice to think that there could be no secrets, but we don’t live in that kind of world. In the real world, the bigger the federal bureaucracy gets, the more it wants to protect itself from embarrassment and from the living proof that it is not composed of smarter, kinder people who are working assiduously on our behalf.

Everybody wants to know the other guy’s secrets. The dividing line between what can be public and what cannot is very fuzzy. The government needs to seriously protect that which will harm the public if released, and to stop trying to make everything that might embarrass a little into a state secret. Clearly a case of wishful thinking.

%d bloggers like this: