http://www.wired.com/2015/07/senator-sasse-washington-still-isnt-taking-opm-breach-seriously/
By Senator Ben Sasse
Security
Wired.com
07.09.15
AS A NEWLY elected Senator, I am here to tell you a hard truth: Washington
does not take cybersecurity seriously.
But you probably already knew that if you’ve read anything about the
massive OPM data breach. To recap today’s news from OPM, since 2013, a
malicious attacker—likely the Chinese government—breached government
databases and stole information on some 21 million federal employees. This
included personal information like addresses and Social Security numbers.
Most of these people held security clearances and for them it also
included nearly 150 pages of material in what are called Standard Form 86s
(SF-86), which detail nearly every aspect of their lives.
Here’s the kicker: despite today’s jaw-dropping news, the attackers were
in our networks so long that it may still be a while before we figure out
everything they stole. Most news coverage has centered on federal
employees. But that’s an incomplete picture because it’s now clear many
victims never worked for the federal government. When applying for a
security clearance with the SF-86, applicants list their family members,
neighbors, co-workers, foreign contacts, and even college roommates.
What this means is that not only do the hackers know lots of sensitive
information about millions of government employees, they also know a great
deal about many of the people they know and love. The implications for
threats, intimidation, and blackmail are chilling. “Oh, you don’t want to
sell out your country? OK, we get it. By the way, your parents still live
at 2911 Rainbow Drive, right?”
China may now have the largest spy-recruiting database in history.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
