OPM Data Breach: IT Operations Outsourced To Foreign Nationals

Posted: June 20, 2015 in Tech

circuit-lock

The massive breach of OPM’s database — made public by the Obama administration this month — prompted speculation over why the agency hadn’t encrypted its systems, which contain the sensitive security clearance and background information for intelligence and military personnel.

Encryption, however, according to Ars, would not have helped in this case because administrators responsible for managing these records had root access to the system, Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified yesterday at a two-hour hearing before the House Oversight and Government Reform Committee.

And it turns out that a systems administrator responsible for handling the agency’s records “was in Argentina and his co-worker was physically located in the [People’s Republic of China],” a consultant who worked with an OPM-contracted company told ArsTechnica.

“Both had direct access to every row of data in every database: they were root.”

Experts and politicians are now lambasting the US government for the way agency handled IT security.

Full Story @ [businessinsider]

Advertisements
Comments
  1. […] Fisher and Mike Mimoso talk about the Cisco default SSH keys, more details of the OPM data breach, the Adobe 0-day and why we never hear about bad APT groups, only the really good […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s