Wow – The Federal Cyber Breach Was Not Discovered By U.S. Govt., Was Discovered By Private Company During Product Demo…

A remarkable twist in the story of the biggest data breach in U.S. history. The Office of Personnel and Management (OPM) previously said they discovered the breach when it had “undertaken an aggressive effort to update its cybersecurity posture”.

However, that “update” claim is somewhat disingenuous. The hack was actually discovered by a cyber software company as it was running a product demo on the system. The company discovered embedded malware that existed inside the OPM for over a year…

United States Cyber CommandWASHINGTON DC – As officials of the Obama administration announced that millions of sensitive records associated with current and past federal employees and contractors had been exposed by a long-running infiltration of the networks and systems of the Office of Personnel Management on June 4, they claimed the breach had been found during a government effort to correct problems with OPM’s security.

An OPM statement on the attack said that the agency discovered the breach as it had “undertaken an aggressive effort to update its cybersecurity posture.” And a DHS spokesperson told Ars that “interagency partners” were helping the OPM improve its network monitoring “through which OPM detected new malicious activity affecting its information technology systems and data in April 2015.”

Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ’s Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. “CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network,” Paletta and Hughes reported.

And, according to federal investigators, that malware may have been in place for over a year. US intelligence agencies have joined the investigation into the breach. But it’s still not even clear what data was accessed by the attackers. (read more)

Advertisements
This entry was posted in Big Stupid Government, Conspiracy ?, Dem Hypocrisy, Professional Idiots, propaganda, Terrorist Attacks, White House Coverup. Bookmark the permalink.

85 Responses to Wow – The Federal Cyber Breach Was Not Discovered By U.S. Govt., Was Discovered By Private Company During Product Demo…

  1. Ziiggii says:

    oh this is classic

    Liked by 5 people

    • Lorra B. says:

      Yup. I heard about this and truly believe we are going to be in for much more attack soon…

      Liked by 1 person

      • Josh says:

        I agree with Mark Levin on this. One of the ultimate goals could be the electrical grid. Want to bring a country to a halt? Turn off its electricity. Timing is everything. Imagine the grid being hit in October of next year. Come on, think … Gee, how would we vote? I don’t believe “they” intend on ever giving up power.

        An additional think of mine: How can it be called a cyber attack when China probably just used the passwords given to them by the Clintons or someone else? The Clintons have been in bed with China for years.

        Like

    • doodahdaze says:

      US Cyber Command.
      HAHAHAHAHA! We are a laughingstock of PC dopeyness. Good thing we still have assets the government can put in the pot.

      Like

      • CoffeeBreak says:

        Anyone else remember the MSN chatrooms. Everytime I hear Cyber Command I think of chatting with someone privately and two minutes in, being asked what I was wearing.

        Like

        • doodahdaze says:

          Cyber dopes to the front. IMO the kids are going to make mincemeat out of this crap. I doubt they will be as “tolerant” as us old folks.

          Like

      • anub says:

        This is more of a criticism of affirmative action than the Obamacare website that had 3 asian/white guys in CA create everything it lacked over a weekend for free.

        Like

  2. Allen says:

    Like a good neighbor, state farm is there…in the Oval Office! Woops!

    Like

    • czarowniczy says:

      Not what my State Farm agent said – I have identity theft insurance from they, they were less than happy when I gave them the heads-up on Monday.

      Like

  3. manickernel says:

    So I guess CyTech got the contract, eh?

    Like

  4. bofh says:

    Long ago, in a galaxy far away, people might have demanded a bit better performance from their government. Sigh…

    Liked by 1 person

  5. TSA will catch a terrorist soon, I’m sure.

    Liked by 1 person

  6. 2bn3mr says:

    Free market solutions for mediocre government agencies.

    Liked by 1 person

  7. emet says:

    The fallout from this will create security problems for decades. For example, a Chinese-American Federal employee in a sensitive position, who has relatives in China who are now identified to Chinese authorities is now vulnerable to coercion. Ot the Chinese can simply replace a highly-placed Chinese-American Federal employee with one of their operatives who closely resembles him or her. Just pick one with no close family. Or, find those who are having problems (eg finances) and are thus vulnerable to being used by Chinese intelligence. Of course the most pressing question is if they now have the identities of CIA employees, and where they are located.

    Liked by 1 person

  8. Dr. Bogus Pachysandra says:

    The incompetence of this administration is just staggering!

    Liked by 3 people

    • Josh says:

      It is NOT incompetence, my friend. They are very competent in carrying out their goals. This is something that must be understood.

      Like

      • John Galt says:

        I think all the hacking reports are laying the groundwork for a total systems wipe just before Obozo & crew leave office.

        Like

  9. OP says:

    Beyond amazing…

    And the Empty Suit…fiddles…

    Liked by 1 person

  10. jetstream says:

    So this is what government is for.

    We the People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defense, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America.

    I don’t know, I’m just not feeling it.

    Liked by 2 people

  11. Videodrone says:

    I fear we are approaching watering time on the Tree of Liberty

    Liked by 3 people

    • Josh says:

      You are correct. It’s going to take a lot of water to dilute the urine.

      Like

    • chemman says:

      Remember the DOJ is looking at you now for saying things like that. 🙂
      See DOJ request to a judge to compel Reason to reveal anonymous posters who have said similar things

      Like

  12. I’m so glad my tax dollars are being used to keep our systems top notch – oh wait…

    Like

  13. czarowniczy says:

    Oh come on – I told you all that the breach was discovered in early April and wasn’t ‘reported’ (i.e., the ‘leak’ about the breach was confirmed) until early June. I’ll bet that my statement the intervening nearly eight weeks were constant CYA and damage control meetings – many on overtime pay. I am not trying to be smarmy, seen this too many times.
    First, you have to be able to speak Federal bureaucratese. You snigger (look it up…) at the idae BUT before you do please give me a subjective and iron-clad definition of the term ‘an aggressive effort to update its cybersecurity posture’. I say that to an OPM bureaucrat puke trying to save his/her (happy now?) job the act of having contractors come in and demonstrate their software IS ‘an aggressive effort to update its cybersecurity posture’. Were I on the OPM CYA Team I’d be out wordsmithing the hell out of an excuse to make the compost smell like roses.
    OPM is THE HRO for the Feds and if you cross them they’ll screw your operation up like ISIS only wish it could – Congress is even loath to tackle them and OPM repays the favor by kissing Congressional butt. OPM wants a law written so that it sounds like it’s protecting workers (USERRA comes immediately to mind) but actually lets OPM and Civil Service in general bend the employee over the barrel – OPM gets to load the poison into the pill. Normally a screw-up like this owuld be smoothed over in no time, perhaps even a minor human sacrifice (show of good faith) by having some superannuated hi-level bureaucrat throw himself on his sword and a fat retirement check and get a job (after a decent delay) as a Federal consultant or contractor. This time there may be blood and hair on the floor after the fight as they’veprobably schnitzeled Representatives, Senators and most likely their families.
    “…OPM’s outsourcing of the responsibility for handling questions about the breach “adds insult to injury,” That’s a laugh – they’ve contracted this mess to a cpompany and now it’s out of OPM hands. their take is likely going to be: ” Things are done, we can’t get the data back, there are active and aggressive efforts to upgrade its cybersecurity posture and we will extend credit and identity protection to effected (also ‘affected’ as per the POtuS) employees – there. problem over’. OK, so the data’s going to do what, evaporate after 18 months? What happens if The Evil Emperor Ming decides to use an employees’ personal data to open up am account at Sam’s Club at the 19 month mark? OPM punted the problem to a contractor so everything’s now THEIR business/fault while OPM salves over the wounded Congressional feelings. Remember my mentioning the Federal mantra: “An Action Passed Ids An Action Completed”? Now you know what I mean.
    As of today the Senators still are saying OPM’s not only still working on IDing those effected (whoops, it ain’t OPM it’s the contractor doing the IDing) but you can bet your posterior that the Congresspersons and families are getting the first and most thorough vetting as part of the ‘kiss Congress’s ass to make it all go away’ campaign. Still no word on my question to FOUR Senators a to whether the databases hacked also include the FEHB data and payroll data for Federal employees. I gave them specifications for my worries that made four staffers go “EEEEEEwwwwww”.
    As for AFGE and NAGE – useless. The Federal unions were eunuched by Reagan and si9nce then they’ve mostly dealt with self aggrandizement and dues collection. Worst they could do id threaten to withhold 2016 DemocRATic election support. OPM’s on damage control fulltime as they’ve passed the problem to a company that uses the official OPM line for cover and won’t answer the phone. At some point this will be ground into the dust, active employees will be threatened to go back into their shells and OPM will do to the retirees what it usually does – put them on hold for eight or more hours.
    Watch this carefully and with a jaundiced eye – it’s SOP and will be studied for points by bureaucrats for decades to come.

    Liked by 1 person

    • booger71 says:

      I have Federal Blue Cross and our medical records were breached 18 months ago and we just found out 3 months ago.

      Like

      • czarowniczy says:

        Are you active or retired>? Was the breach at the BC/BS in DC, your home state BC-BS office, at OPM, at NFC (if your HRO is done there) or at your medical facility? See how many places your Federal data’s held? If it were at a Federal facility then you family’s data on your SF 2809 ennoblement form was probably lost too.

        Liked by 1 person

      • czarowniczy says:

        ENROLLMENT form – blast you, spellchecker

        Like

        • CrankyinAZ says:

          I would hazard to guess “Enoblement Forms” are reserved for the “special” people amongst us… like Obama, Kerry, Pelosi and their ilk… but I digress. 😉

          Like

      • Les says:

        The JPAS breach has me concerned.

        Like

    • Josh says:

      If it is now being reported that the “breach” occurred a year ago, you can bet it has been over a year when it happened. I’m going to guess that it’s been happening even before Hussein was elected.

      Uhhh, I’ve been assuming that the Feds have ISIS among its ranks. Hello, Huma! Hello, Valerie!!

      I appreciate your pointing out that credit and identity protection is limited. And another question on that point – WHO makes up the credit and identity protection services? I won’t throw out names. There are many and some of the names are well known. Does anyone know who is at the helm of these companies? What happens when these companies are sold? It’s a matter of time before they are. Why do so many believe that the information in these companies cannot be breached? My head hurts.

      “An Action Passed Ids An Action Completed” = the “buck” has been passed = you can ask us no questions

      “Still no word on my question to FOUR Senators a[s] to whether the databases hacked also include the FEHB data and payroll data for Federal employees.” I have no inside knowledge but I’d assume most data has now been shared. Look at an employee application for, say, the TSA – look at the questions one must answer in order to simply apply for a position. One must give information not only on themselves but also family, friends, acquaintances … – it goes far beyond six degrees of separation. What of those employees who are stationed overseas in a covert fashion? The jig is up. Get out of there – yesterday!

      I’ve been wondering where the unions were. “Worst they could do id threaten to withhold 2016 DemocRATic election support.” Will they do even that? I doubt it. As long as their $ rolls in, I can’t see them taking a stand. The employees need to keep their $ from the unions if there is going to be any action taken by the unions.

      Liked by 1 person

      • czarowniczy says:

        Here’s another one that popped into my mind, completely forgot it: OPM now does just about all of the Federal employee security clearances from basic through Top Secret – how much data were stolen there? At the very least the employee’s level of access was compromised so they could data mine by what level of access an employee has. Need to find a USDA employee with top secret clearance,maybe working on crop disease resistance programs? Just pop in the search parameters and – poof – there you are.
        I have no doubt that the Feds have Moslem sympathizers amongst their ranks, were I a Religion of Peace spymaster I’d sure use the Federal EEO system to insinuate moles into the system, it’s a gimme.
        What I particularly like is they knew about the breach for eight weeks before the leak made them pony-up some half-truth but the day before they made the boilerplate CYA announcement OPM had two (T-W-O…2) announcements on its site celebrating LGBT Pride Month. Priorities, priorities, priorities…

        Like

        • Les says:

          There you go, there’s the real problem. Now they have all the financial information and dirt on the people who can-tell-you-but-then-they’d-have-to-kill-you.

          Seems funny to most because some gov’t workers were hired due to skin color, but the others do some stuff that needs to be done. And many gov’t workers are highly-skilled vets.

          We have to stop farming out so many sensitive positions. It’s dangerous.

          Like

          • czarowniczy says:

            When Clinton killed the DIS (remember how many people in his staff still refused security clearances after 8 years?) the job was farmed out to politically connected contractors. After that mess OPM ran in and snatched up the job – and problems with the clearance process have been around ever since. I had a DoD TS/SCI and 3was told by an OPM puke that I had to get a security clearance for my USDA job. When I told them I’d been working for USDA for over a decade without anything but my accepted-government-wide TS, a clearance accepted by DEA, ATF, Customs and DHS, the little squirrel told me that THEY were wrong and only an OPM clearance was acceptable and I had to fill out paperwork for a lower-level clearance at OPM. I contacted the proper DoD authorities who called the OPM dude and it still took weeks to get the fact through their little bureaucratic skulls.

            Like

          • czarowniczy says:

            Addendum: actually had one ‘expert’ tell me that even though I had a ‘Top Secret’ clearance I still needed a ‘Secret’ one as the TS was a separate level from the Secret one. Spot I banged into the wall with my forehead is probably still in that wall – this was an EXPERT in the subject matter mind you.

            Like

      • Jett Black says:

        “Hello, Huma! Hello, Valerie!!” Both Iran (Shia) shills, not ISIS (Sunni). Not that it matters much in terms of damage to the U.S.

        Like

  14. partyzantski says:

    The “China did it!” attribution is interesting…
    The proof will be in what measures are implemented and what people are forced/required to do with information after this episode. What solution to this are we driven to? That alone will indicate who benefits from the direction the control moves the target.

    Read http://20committee.com/2015/06/11/the-opm-hacking-scandal-just-got-worse/ for some insights beyond the scope of the Treehouse, but I am still skeptical of China & “Unit 61398”

    http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

    is an interesting report, about page 7 describes “61398”.

    I guess I’ll go check the mailbox for the usual “we lost control of the PII data we swore we’d safeguard and now must provide you with credit report monitoring for free” letter that I usually get from the pointy-headed clowns. Those letters always make me feel so much better!

    Like

  15. peppie says:

    Not hard to believe that these clowns in the WHITE HOUSE are this inept. I think they allow these breaches KNOWINGLY.

    Liked by 3 people

    • ytz4mee says:

      Winner winner chicken dinner.

      Like

    • springstreet says:

      They’re not “clowns” in the White House. Our “anti-colonialist” President is very effectively dismantling the Constitution … by whatever means available. And we have to put up with his smirk … because Liberal America will never let him be impeached.

      Liked by 1 person

    • partyzantski says:

      I might amend that from “allow” to “conceive of, plan, implement & command”.

      It just occurred to me… if one were to lose 4 million of anything, might it be difficult to ascertain exactly what was important (to the supposed attacker) to steal? Might this be the proverbial torching of the big box store after it was looted to cover up the real crime?

      There is some small detail that was worth the trouble for this.

      Liked by 1 person

      • ytz4mee says:

        Might this be the proverbial torching of the big box store after it was looted to cover up the real crime?

        ^^^^ THIS ^^^^

        Like

        • Josh says:

          ^^^THAT^^^
          Kind-of like trying to see what the other hand is up to.
          Those currently in the WH, and many of those before this bunch, are always thinking waaaaaaay ahead.

          “There is a “solution” already waiting, but the “problem” has to be created first.” ~ ytz4mee

          Like

    • Josh says:

      peppie, your comment is at odds with itself. inept vs. knowingly
      “I think …” You can stop thinking and start knowing 🙂

      Like

  16. doodahdaze says:

    SIMPLE. They are betting your Ranch. Holding a 7 of diamonds and Deuce of Clubs. ….Good luck on the flop. I wanna go to the Deuce Club in South Beach to get a Jack and watch the wildlife…Hi Lou.

    Liked by 1 person

  17. Sharon says:

    Those statements may not be entirely accurate.

    I’m sure the author of those words meant to say, “Now we realize those statements were flat out lies” and just got confused.

    Like

  18. Crystal says:

    Pretty soon this won’t be considered a crime anymore. I think it was Doug Hagmann at Canada Free Press who wrote that as part of the Pan Pacific Trade Agreement, our “partners” will be able to access our personal info.

    Like

  19. momseesall says:

    What an amazing spin cycle. What an embarrassment! It’s a dangerous world.

    Like

  20. Mr. Right says:

    And the NSA is able to shut down centrifuge that are unconnected to the internet…
    Why cant we also use our elite team for defense ?

    On that note, the ‘internet’ was never intended to be secure. So when company around me crumble from attacks, its never a shock. I was in the bay area for a while, and its amazing how many IT department react to attacks VS pro actively protect. BTW, the #1 attacker is China.

    China is running a cyber war (and they have won every single battle to date) but also corporate espionage at an ‘academic’ level. And of course wage an open economic war (government sponsored)
    Yet, US politician are taking their money to fund their unbalanced budget to fund our social destruction like HUD.. while China is buying prime land and property. Yet its absolutely illegal for an American to buy property in China.

    And look at what they did to google . infiltrated their system to copy their IP, and banned them from operating in mainland china. Free market? what a joke…

    Like

  21. TRONGOD2000 says:

    Here is the real problem here:
    This department is awful. At the top is Obama appointee Katherine Archuleta. “On May 23, 2013, President Obama appointed Director Archuleta to lead the U.S. Office of Personnel Management (OPM), the agency responsible for attracting and retaining an innovative, diverse and talented workforce to make the Federal government a model employer for the 21st century. Director Archuleta began her career in public service as a teacher in the Denver public school system. She left teaching to work as an aide to Denver Mayor Federico Peña. When Mayor Peña became Secretary of Transportation during the Clinton Administration, Archuleta continued her public service as his Chief of Staff. Later, Peña was appointed to head the Department of Energy and Archuleta served as a Senior Policy Advisor in the Office of the Secretary”
    Do you see anything here that would qualify her to keep over 4 Million people’s records safe?

    Chris Canning, Senior advisor to the Director; Prior to being appointed to OPM, he served for eight years in the Office of the Chair and in the Political Department at the Democratic National Committee. In 2012, Canning coordinated campaign activity for Cabinet officials and other high-level surrogates as part of the Obama-Biden reelection effort. Translation, a political hack is placed as the senior advisor to another political hack.

    Ann Marie Habershaw, Chief of Staff. Before joining OPM, Ann Marie served as the Chief Operating Officer of the President’s re-election campaign, Obama for America. There she built a nationwide infrastructure to meet the demands of a national campaign plan, including managing a $1 billion budget, over 4,000 team members and more than 800 offices nationwide. Quite a jump I would say. From 4,000 people to over 4,000,000. So we have another political hack in charge of something. She is an accountant so she probably helped spend the $25,000,000 used just to audit, investigate and assess the OPM’s programs and activities.
    DID you catch that? over $25 MILLION to inspect the computer systems that failed to keep data safe! That is a pretty steep bill for some firewall that doesn’t work.

    Liked by 1 person

  22. John Gardner says:

    These hackers are obviously far more competent than any of the government’s computer folks. Let’s offer them a pardon for the hacking provided they will recover Hillary’s e-mails, Obamas college records and evidence of Lois Lerner’s complicity in the illegal suppression of conservative 501s!

    Liked by 2 people

  23. kc10lvr says:

    I’m curious to see who is going to notify me first as to whether my information was compromised…the government…or the company I work for who employs more than 50% former/retired military and has vowed to find out for us expediently! Hmmmm…..

    Like

  24. west1890 says:

    No, I don’t believe this was anything other than an inside job. What better way for whomever is actually in charge in DC to loot the country of what they haven’t gotten via “Stimulus” etc. without having to close down banks and take your piggy bank. Occam’s Razor.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s