Perhaps we should outsource all our cybercrime detection solutions, databases and their management, software development and hardware design etc. to the Chinese. They seem to be better at it that the US and it would save everyone a lot of trouble.
Hope the "starve the beast" crowd is happy with the all too predictable "un-intended" consequences of failing to properly fund our government. Perhaps Congress could outsource their legislative duties to contractors in India so that they could spend ALL of their time turning tricks for billionaires.
On a serious note, let's start by doing a full and complete audit of the actual realistic capabilities of companies that are routinely awarded usually large dollar Federal IT contracts. next,only allow fully-vetted US citizens to serve as providers/consultants/designers/developers/maintainers of critical government IT infrastructure projects and operations. We have a sufficiently large pool of the necessary talent right here. Start utilizing it.
On a serious note, let's start by doing a full and complete audit of the actual realistic capabilities of companies that are routinely awarded usually large dollar Federal IT contracts. next,only allow fully-vetted US citizens to serve as providers/consultants/designers/developers/maintainers of critical government IT infrastructure projects and operations. We have a sufficiently large pool of the necessary talent right here. Start utilizing it.
2
There is general agreement among Commenters -- well expressed by Christopher Lawson's comment -- that the U.S. needs to push back against cyber espionage from China (and, by implication, against other state actors as well.)
The agreement is merited, but the devil is in the details. I have no doubt that each segment of our country is for pushing back against China: except in those areas where their own interests might then be affected by China's response. Various elements of the business community have and hope for different levels of involvement and, thus, vulnerability to Chinese reprisals. By and large, China's actions in the Malaccan Straits does not concern them. The Department of Defense, on the other hand, is concerned about the Straits, but not so much if Apple gets to sell an extra ten million iPhones in China. Meanwhile, the Department of Agriculture understandably is trying to get China to cooperate more on cleaning up the food it sends us. And on and on.
What is needed is leadership from the top, from the U.S. itself, as incarnated in our Presidents. Only at that level can we stand in the way of parochial interests that effectively sabotage an appropriate response. Only at that level can we enforce the common good. Only at that level, at the level of the Presidential bully pulpit, can we bring America together to define and deal with the national interest.
The agreement is merited, but the devil is in the details. I have no doubt that each segment of our country is for pushing back against China: except in those areas where their own interests might then be affected by China's response. Various elements of the business community have and hope for different levels of involvement and, thus, vulnerability to Chinese reprisals. By and large, China's actions in the Malaccan Straits does not concern them. The Department of Defense, on the other hand, is concerned about the Straits, but not so much if Apple gets to sell an extra ten million iPhones in China. Meanwhile, the Department of Agriculture understandably is trying to get China to cooperate more on cleaning up the food it sends us. And on and on.
What is needed is leadership from the top, from the U.S. itself, as incarnated in our Presidents. Only at that level can we stand in the way of parochial interests that effectively sabotage an appropriate response. Only at that level can we enforce the common good. Only at that level, at the level of the Presidential bully pulpit, can we bring America together to define and deal with the national interest.
2
No doubt the hackers are more interested in the names of Chinese friends, relatives etc. of those American government employees, whose data had been stolen. The hackers wouldn't be bothered about personal relationships, bankruptcies, debts and other financial queries of the employees.
Nevertheless it's scary for everyone, whose personal details have been stolen by strangers. One never knows what they would do with them.
Nevertheless it's scary for everyone, whose personal details have been stolen by strangers. One never knows what they would do with them.
1
China is a serious threat to our present and future economic wellbeing. The Chinese do not play by the same rules that we do. We need to stop pretending that they do.
8
As a government employee / China analyst who is among the many victims of this attack, what is perhaps equally disappointing to the failure to prevent this cyber intrusion is the inability or unwillingness of the US government to impose costs on China for their trespasses.
Through their vast cyber apparatus, China has pilfered untold levels of trade and defense secrets from America, and has not stopped there. Wherever Beijing stands to benefit, there is sure to be a cyber platform prepared to surreptitiously act. Up until now, US policy and decision makers have not pushed back hard enough to actually stop what China is doing. Rhetorical and legal devices are systematically manipulated and routinely mocked by Chinese officials.
China's cooperation on a number a fronts is important to our strategic interests, so upsetting relations is obviously undesirable to US officials and the business community. But unless we send an unmistakable message to Beijing now that these types of attacks will not be tolerated, they will continue and even accelerate their program against us. Because, at this juncture, China still has much to gain and little to lose from their cyber activities against the US.
Time to change that dynamic.
Through their vast cyber apparatus, China has pilfered untold levels of trade and defense secrets from America, and has not stopped there. Wherever Beijing stands to benefit, there is sure to be a cyber platform prepared to surreptitiously act. Up until now, US policy and decision makers have not pushed back hard enough to actually stop what China is doing. Rhetorical and legal devices are systematically manipulated and routinely mocked by Chinese officials.
China's cooperation on a number a fronts is important to our strategic interests, so upsetting relations is obviously undesirable to US officials and the business community. But unless we send an unmistakable message to Beijing now that these types of attacks will not be tolerated, they will continue and even accelerate their program against us. Because, at this juncture, China still has much to gain and little to lose from their cyber activities against the US.
Time to change that dynamic.
7
It is like I have been saying for a while China is beating America while we waste trillions of dollars in useless wars in Iraq and Afghanistan while they pilfering us like no other. Americans needs to wake up and start worrying about that. That will be the next war it will not be a conventional but a cyber war and America right now is losing badly.
2
Being a big stakeholder in the US treasury and nursing ambitions to surpass the US status as the global super power don't the Chinese have a right to know the inner workings of the US government, if not through friendly channels then through theft of the data? As for hacking, it seems to have become a common global headache now for the governments all over the world, and needs global protocol on mutually agreed and enforceable norms for cybersecurity, along with separate cybersecurity laws to be adopted by the individual countries.
1
I must wonder, professor, if you were being facetious when you suggested the "Chinese have a right to know the inner workings of the U.S. government... through the theft of data?" Really?
While theft may be a tool of petty crooks and governments alike, it is never a "right."
While theft may be a tool of petty crooks and governments alike, it is never a "right."
3
SsC, Thanks for pointing out an inappropriate use of the term"right"in the context of the Chinese hacking of data and questioning the same. In fact the term was not employed with the same caution as it really warranted. Thanks.
The computer system of a government that is being 'starved' by its corporate and wealthy elite will always fall prey to nations that fully fund their governmental infrastructure. If you've ever been to a U.S. agency's office and looked at the computers on the desks, you'd realize that this cyber war is already over.
5
China has pried jobs away from Americans through the greed of corporations to capture top profits. Now China has the personal information and paths to money of American citizens as well. Who's going to stop them while we are off fighting pointless wars in Iraq, Afghanistan, and if a republican is elected president, Iran. If we don't come out of our stupor soon, how long do you think it will be before China takes control of whatever's left? They have had a winning strategy so far and we have boots on the ground and a congress that wants to continue and expand our wars and further bloat our corporations with military orders. The powers in our country have become obsessed with greed and it's killing us.
4
The thing is China has long term strategies and goals while we Americans can only think short term profits. China will beat America to the punch if this country does not wake up. China has a brilliant strategy and I commend them.
3
This all sounds like an NSA Clapper/Alexander fantasy. He sold the weak mind at the head of the table the idea of listening in to every conversation in the world and tapping into all emails. HThey spent billions of empty promises and uncompleted systems. Why? Who got the money? All we know so far is that the system doesn't work, because they bought such a big toy they can't handle it.
The rest is classic DC gibberish.
The rest is classic DC gibberish.
1
China has pried jobs away from Americans through the greed of corporations to capture top profits. Now China has the personal information and paths to money of American citizens as well. Who's going to stop them while we are off fighting pointless wars in Iraq, Afghanistan, and if a republican is elected president, Iran? If we don't come out of our stupor soon, how long do you think it will be before China takes control of whatever's left? They have had a winning strategy so far and we have boots on the ground and a congress that wants to continue and expand our wars and further bloat our corporations with military orders. The powers in our country have become obsessed with greed and it's killing us.
3
If the smartest IT guys with the biggest budgets are not guarding our government's secrets, then who do they work for? And what do they do?
2
So we fire everyone with Chinese sounding names the same as we did with Japanese immigrants and citizens born in this country for being Japanese descent. Who's next after Chinese?
Paranoia reigns supreme. Or maybe just another "tit for tat" with the Chinese government.
Paranoia reigns supreme. Or maybe just another "tit for tat" with the Chinese government.
2
Somebody is in charge of cyber security or should be. Ultimately it is Obama's responsibility. This isn't the first time another country hacked into databases. The Army, the U.S. Office of Personnel Management, the IRS, are some. There are also companies like Sony and Anthem. Has anyone been fired? We have Russia, China and Iran blamed. We're to blame for not doing something that stops this. We should be hearing that another attempt was stopped rather than hearing the latest agency or company that has been hacked. We don't have any righteous legs to stand on. We're doing the same thing. Not only that but listening in on everyone's phone call including those of heads of state, supposedly our allies and companies like Petrobas.. Instead of telling of the latest blame game country responsible, we need to get busy firing people until we have those who can protect us, Otherwise, one day the grid will be shut down or there will be a disaster at a nuclear facility.
1
The information was not encrypted, but federal officials argued that the attacks were so sophisticated that encryption might not have helped. Well, we'll never know, will we, since the data wasn't encrypted to begin with. How in this day and age can the federal government not encrypt important information that foreign governments would like to have? It's just another in a long line of examples that display the incompetence of one federal department or agency after another. The larger, more powerful, and more intrusive the federal government gets, the less effective it is. That conception has risen to the level of scientific fact.
The US govt's personnel office is a sitting duck because it chose to be a sitting duck. So the Chinese now have all the names of many Chinese in contact with US govt. officials and they can use this info to blackmail. And we give China "most favored nation" status in trade and we are forever fascinated by the Orient and its mystique. The only mystique about the Orient when it comes to China is that we don't know when exactly the Chinese govt. is going to break into our nuclear facilities and our power grid to shut them down.
1
Whenever there is hacking discovered in the US the gov immediately says it is "likely" or "suspected" or some such weasel word but making clear the accusation that it was China or Russia. But where is the evidence??? The press prints this stuff and the gov offers -0- proof just accusations without any evidence. If Snowden came to the press with -0- proof you would have laughed in his face but if the gov says something it might as well have come from above. SHAME
The more crooked government gets, the more vulnerable the performers are to blackmail. The US Supreme Court has united the citizens who buy power by populating government with self indulgent fools.
Poor Denny Hastert.
Poor Denny Hastert.
1
The US government needs to stop using foreign consulting companies for
IT support.
Hire back the highly qualified AMERICAN IT professionals replaced by the spoiled upper middle class Indian kids and our nation would be much better off in the private and public sector.
IT support.
Hire back the highly qualified AMERICAN IT professionals replaced by the spoiled upper middle class Indian kids and our nation would be much better off in the private and public sector.
Obviously - the Internet is not safe. It can be patched for the next 100 years - and it still will not be safe. It takes only a single digit IQ to realize that your confidential information should not be connected to the public internet. It's not that expensive to have a second separate private internal network that is electrically isolated from the public Internet.
Could we start a thread of a discussion here? Do you know why institutions resist this simple solution? Could it be that perhaps half of the IT employees in many companies are engaged in cyber security and would be unemployed if their information was secured behind a private isolated network?
Could we start a thread of a discussion here? Do you know why institutions resist this simple solution? Could it be that perhaps half of the IT employees in many companies are engaged in cyber security and would be unemployed if their information was secured behind a private isolated network?
Hackers May Have Obtained Names or may be not. Investigation is idle last most special services like NSA, CIA or FBI in our country. Investigating difficult international crimes is not the the as collecting phone data of simple Americans.
1
Meanwhile, the US, and quite a few other countries, are doing the same all over the world.
No reason to cry foul game when you are deep in it too.
And BTW, the way it looks, sooner or later China will do with the US simply what it has done with other countries, purchase them.
Which may be frightening for some but is in fact a much less bloody way to win a war.
No reason to cry foul game when you are deep in it too.
And BTW, the way it looks, sooner or later China will do with the US simply what it has done with other countries, purchase them.
Which may be frightening for some but is in fact a much less bloody way to win a war.
6
"...*may* be in the hands of Chinese hackers?
Ha, ha, ha. Good one.
The entire Chinese state, including all "private" businesses, is owned, run and controlled by the Central Committee of the Chinese Communist Party.
Ha, ha, ha. Good one.
The entire Chinese state, including all "private" businesses, is owned, run and controlled by the Central Committee of the Chinese Communist Party.
10
The CCP functions as an interlocked directorship does. One espouses particular viewpoints and agrees to particular terms as conditions of access to power and resources.
When are the U.S going to learn the chinese aren't your friend. They are slowly building themselves with uncle sam own cash that they make via free trade with the U.S....
3
Apple manufactures most of its products in sweat shops in communist China, where there are no such things as workers´rights or laws to protect health, safety or the environment (sounds a lot like the platform of the U.S. Republican Party). No wonder that China hacks our computers with such ease. My only question is, Will I still be alive on the day China turns off our power grid?
4
"...The scope of the breach is remarkable, experts say, because the personnel office apparently learned little from earlier government data breaches..."
What is truly remarkable is that the Times continues to support the Obama Administration's questionable contention that larger Government is the solution, rather than the problem.
If there is anything history has shown us is that while the world may be turning on a dime, career bureaucrats tend to turn on crop circles.
What is truly remarkable is that the Times continues to support the Obama Administration's questionable contention that larger Government is the solution, rather than the problem.
If there is anything history has shown us is that while the world may be turning on a dime, career bureaucrats tend to turn on crop circles.
1
Government is a contract negotiated by influential people who see a need for a floor under human conduct to prevent the bad from driving out the good in virtually any human pursuit.
Once the bad takes over government, they abuse its power in the fashion we are seeing now.
Once the bad takes over government, they abuse its power in the fashion we are seeing now.
On what denomination of coin, or crop circle, is the gargantuan behemoth of Chinese government turning? Nimble? Say it ain't so, Tim. There is no government in the world bigger than China's.
I wonder if the Chinese hackers are simply the only ones who got caught here. It's not like the level of security in the personnel office suddenly dropped last Dec. I bet Mr Putin must be laughing now: "we have all this info for years..."
While performing forensics on these cyber theft and intrusions usually takes time. The timing of releasing the news is obviously chosen carefully (look at all the fuss in south China sea right now).
Then I find the fact that the government capable of listening to every American's phone conversation and bypass their email security, failed to protect its own secrets, is laughable. Of course we were told what the Chinese hackers got was real data. It is very common for security researchers to setup honeypots to lure hackers. This is how they learn about new attack/malware. Counter intelligence could work in a similar way.
Finally, assuming every other country/government plays nicely while our government spies on its own people along with every other nation (ally and enemy alike) is beyond naive. At the end of the day I just hope we (and our government) are actually serious about our own defenses.
While performing forensics on these cyber theft and intrusions usually takes time. The timing of releasing the news is obviously chosen carefully (look at all the fuss in south China sea right now).
Then I find the fact that the government capable of listening to every American's phone conversation and bypass their email security, failed to protect its own secrets, is laughable. Of course we were told what the Chinese hackers got was real data. It is very common for security researchers to setup honeypots to lure hackers. This is how they learn about new attack/malware. Counter intelligence could work in a similar way.
Finally, assuming every other country/government plays nicely while our government spies on its own people along with every other nation (ally and enemy alike) is beyond naive. At the end of the day I just hope we (and our government) are actually serious about our own defenses.
6
So what do we do with the hundreds of thousands of Chinese living, studying and working here legally on visas? How do we screen their connections with the Chinese government?
4
Don't worry. NSA already monitors everyone in the country including those Chinese, Russians, Europeans, you name it.
Why no comment from or even about the NSA? Last I heard, part of their job (kind of big part) was protecting the government networks. Are we really just throwing up our hands now and saying, protecting government networks is difficult? By the way, it seems like it would be more edifying to hear Adam B. Schiff's view on the new female viagra...
We are already in a cold war, which we didn't start. We need to stop bickering among ourselves and start protecting ourselves from foreign governmental and non-governmental cyber assaults, before they cause a cataclysm to the US, and we will be at a total loss. We need to worry less about governmental intrusion of our rights, and more about our government enforcing our protections, and responding to their intrusions. A couple weeks after they shut down our power grid, due to the lack of corporate help, and we are unable to withdraw our funds from our banks to pay for necessaries, we'll get the message, but it'll be too late.
4
If we do not worry "about governmental intrusion of our rights," pretty soon we will not have any.
2
I fail to see the connection to ISIS. We need to stay focused on true threats to national security and not just Red meat.
4
Pretty soon the Edward Snowdens of America will be out of a job. Other countries and non-state actors will do the job for them.
Why is the American government so slow to realize and act on what every Target customer, every Chase customer, every non-self-deluding American knows: nothing connected to the internet is secure? Or is it simply that Members of Congress, like kids in a toy store at Christmas, are so enamored of their gadgets, that they refuse to see past the little, blinking screens and do what America needs done?
Why is the American government so slow to realize and act on what every Target customer, every Chase customer, every non-self-deluding American knows: nothing connected to the internet is secure? Or is it simply that Members of Congress, like kids in a toy store at Christmas, are so enamored of their gadgets, that they refuse to see past the little, blinking screens and do what America needs done?
7
Why aren't they teaming with the best and brightest of our techies, maybe even teenagers who are being recruited at Silicon Beach?? Hire some, push the bureaucracy aside, they're obviously not getting it. Bring in the talent.
Stunning dysfunction to not have this encrypted, saying it wouldn't matter.
This is National Defense and the dinosaurs running the Big Top in DC ignore it at their own (& everyone's) peril. We saw with net neutrality how so many fearless leaders don't understand the internet.
Can't blame Snowden or Wikileaks or your contractors who find a breach five months later(!) when the system itself is wide open.
The Establishment needs to stop rattling sabres for a minute at Iran and Russia and, here, China and get on 2015 footing. It will be hard as it doesn't involve bombs or billion $ jets.
New eyes on our old muscular ways or we're literally history.
Stunning dysfunction to not have this encrypted, saying it wouldn't matter.
This is National Defense and the dinosaurs running the Big Top in DC ignore it at their own (& everyone's) peril. We saw with net neutrality how so many fearless leaders don't understand the internet.
Can't blame Snowden or Wikileaks or your contractors who find a breach five months later(!) when the system itself is wide open.
The Establishment needs to stop rattling sabres for a minute at Iran and Russia and, here, China and get on 2015 footing. It will be hard as it doesn't involve bombs or billion $ jets.
New eyes on our old muscular ways or we're literally history.
15
They fired all their tech talent (or likely it left or never joined on) with all the sequesters and other job insecurity, low salaries. Wake up.
2
Same reason the TSA doesnt work
2
This is the fault of us Americans for outsourcing all our technical and computer parts to the Chinese we were truly naive to do that. That is the one thing you don't give up is your country cyber parts up.
14
'We' were naive? Our big money guys outsourced our 'technical and computer parts' to China to fatten their bank accounts. They weren't naive, just selfish. The same can be said about our public officials that they bribed to allow this.
I sense a back and forth between China and the U.S., to win the information/propaganda award for what and of whom we should be frightened.
That frightens me somewhat.
That frightens me somewhat.
3
Let me leave you with a thought that ought to keep you awake later than usual. Remember the massive NY blackouts in the 60s and 70s? Those were largely software problems and our infrastructure from power lines to pipelines and from water purification plants to sewage treatment plants are all run by a family of software known as SCADA. Check in Wikipedia.
Do you know what platform SCADA runs on? That's it; Microsoft Windows.
Sleep well or resume watching the Kardashians as you wish.
Do you know what platform SCADA runs on? That's it; Microsoft Windows.
Sleep well or resume watching the Kardashians as you wish.
11
...there goes another night's rest...but thanks. The info. is a service to us.
2
And folks wonder why we don't trust the government with health care.
4
do you trust insurance companies with this data? they've been hacked just as much if not more.
6
Blue Cross, one of the largest private health insurers was recently hacked. "Incompetent big government" narrative does not apply here.
6
This is a largely an irrelevant dig.
I don't trust big pharma, big insurers or the so-called private sector to provide us all with health care we need. We are getting overcharged for nearly everything health care. How about a single payer system for anybody that wants it and those that don't want it can go buy their insurtance privately
I don't trust big pharma, big insurers or the so-called private sector to provide us all with health care we need. We are getting overcharged for nearly everything health care. How about a single payer system for anybody that wants it and those that don't want it can go buy their insurtance privately
2
Time to reinstate the draft and draft hackers.
8
Foreign nationals who at risk of their lives have entrusted themselves to American security have not always done too well. The past few wekks have seen a number of high level government bureaucrats resign due to incompetence. One should think long nd hard before assigning a greater role to the federal government as an agent of social change.
To be honest the US government, and western nations in general, are between a rock and a hard place. The best IT people can make a much better salary working in the private sector than for their governments. That's not the case in China, and Russia, and other East Bloc countries, where a blind eye is directed towards cyber criminals who support the status quo, or IT employees of the government which offers very rewarding benefits.
Moving forward, I agree with Richard Clarke, a controversial intelligence expert in both the Bush 1 and Clinton administration, that we need a unique department with a cyber-security "Czar" as part of our homeland security program.
Moving forward, I agree with Richard Clarke, a controversial intelligence expert in both the Bush 1 and Clinton administration, that we need a unique department with a cyber-security "Czar" as part of our homeland security program.
3
Just what we need; another czar and another layer of bureaucracy! Instead of having all this sensitive information accessible digitally and via' the Internet, how about recording it as hard copy and putting it in a vault with very tightly controlled access.
Back in the 70s, certain members of the NYPD Intelligence and Organized Crime Divisions were issued "confidential" license plates for our personal cars as we used them for surveillance and tailing various suspects. The identity of the owner of the license plates was kept in a vault up in Albany where only a few people had access. Guess what; it might have been old fashioned, but it worked and not one of us was ever "burned."
I am sure that there is a cliche about "the old ways being....." Still, it does warrant consideration.
Back in the 70s, certain members of the NYPD Intelligence and Organized Crime Divisions were issued "confidential" license plates for our personal cars as we used them for surveillance and tailing various suspects. The identity of the owner of the license plates was kept in a vault up in Albany where only a few people had access. Guess what; it might have been old fashioned, but it worked and not one of us was ever "burned."
I am sure that there is a cliche about "the old ways being....." Still, it does warrant consideration.
6
No, that's the same in China. Many of my classmates friends are doing pretty well in IT companies. A few are multimillionaires (> 10 million US$). One person I kind of knew founded Xiaomi, the 2nd most popular smartphone after iPhone. He should be or will be a billionaire.
No IT person gets rich with a government job. It's the same in the U.S. and China.
No IT person gets rich with a government job. It's the same in the U.S. and China.
Another reading, the same conclusion, the article is speculative. There is simply no reason given to conclude this was a Chinese government sponsored hacking. The anger that this will foster toward the Chinese is unfortunate and unwarranted.
21
Other country's military brags and yearns for the chance to fight America?
3
The Times is reporting classified briefings from the US government to Congress. Seems like that's more than speculation.
12
Speculation? In times of war, this is known as espionage and treason!
3
Where is our backbone, why are we letting the Chinese humiliate us, this hacking is just the tip our the iceberg. They have become the bully of the Far East, & a threat to peace in that region.They have taken away our Industries & now they spit in our eye.Neither China or Russia & our so called Nato allies, have any respect for Obama who has consistently demonstrated weakness. & a lack of resolve.
11
Don't get all upset - the US is just getting the taste of its own medicine.
7
This is a continual reminder that a failed presidency like obama's has real consequences for people around the world and not just the lack of respect our friends, allies and enemies now have for the US.
2
No respect for Obama???
China has lost respect for the US over 40 years ago after the fiasco in Vietnam and Dick Nixon going to Beijing on his knees (ping pong paddle in hand)
So please stop blaming Obama for failed policies and doctrines that were enacted even before this President was born!!!
China has lost respect for the US over 40 years ago after the fiasco in Vietnam and Dick Nixon going to Beijing on his knees (ping pong paddle in hand)
So please stop blaming Obama for failed policies and doctrines that were enacted even before this President was born!!!
4
Imagine what is going out the door right now that the 9 to 4:30 bureaucrats have no clue about.
4
We're not safe anywhere are we? If it isn't trying not to make enemies we are trying to entice them. The Hackers whoever they may be will do so with the informaition they gain like wikileaks and Julian Assange what they want. The world wide web was intended for national defense but with personal computers it's at your front doorstep without actually being there. If and when there will be employees who are at risk in a corporations or those working as entrepenuers the next big thing will be how to keep our secrets secret and not disclose them as Edward Snowden did. But the majority at this moment think Edward Snowden did us a big favor. Big Brother or not the U.S. Government has it's hands tied behind it's back even if they have the NSA they have employees who may need to think twice about working for the Federal Government be it here in the U.S. or abroad. But it only happens when you give your personal information out to a prospective employer be it here in the U.S. or abroad. Now the Hackers are one step ahead of government employees, corporate employees and even entrepreneurs.
2
Guess those blundering, stilted, corrupt, doctrinaire Chinese might be a bit smarter than we think, huh?
If we don't want to tighten up our security and start paying attention, we'd better start learning Chinese, because one day we're going to wake up and there's going to be a new man in charge, and not a shot will have been fired.
If we don't want to tighten up our security and start paying attention, we'd better start learning Chinese, because one day we're going to wake up and there's going to be a new man in charge, and not a shot will have been fired.
9
Yep America had better wake up now or it will be too late. China is playing the long term game while Americans are short sighted.
10
"the Department of Homeland Security has been telling outside experts and members of Congress that it regards the detection of the attack as a success."
That's like putting a positive spin on the burglary of your house because you got the perpetrator's fingerprints.
That's like putting a positive spin on the burglary of your house because you got the perpetrator's fingerprints.
17
If only it were that. It's more like you've been getting 5 dollars stolen out of your dresser every night while you were sleeping, and only just realised that someone has been breaking into your house every evening for the past year.
1
Not even encryption? We deserve to be hacked. The cyber-security in the government is run by amateurs living in 1980. Get the SOS who is in charge in front of congress and promptly fire him or her. Get them all up there. Fix this above all else. Look for other vulnerable areas etc.
32
Depending on the specifics of the attack which do not yet seem to be publicly available, data encryption might have made a large or small difference, or no difference at all. Those who judge with all the authority of ignorance should consider whether their personal systems would be secure (assuming their storage is encrypted) against an attacker who can implant a keystroke logger that captures the pass phrase for their disk encryption key. We know such things are possible from published research, we think we know the NSA can do them, and we should not be surprised if either criminal hackers or other nation states also can.
To conclude that government IT security is run by incompetents or amateurs would be an error; it would be closer to the truth to note that the federal government has quite a few million computers, each of which needs protection of operating system and dozens of programs, each with potential vulnerabilities; and that the government has several million employees who may receive, and in a moment of distraction, open a cleverly crafted email, apparently from a colleague, that contains a malicious payload.
OPM's administrators might have done a better job, and its employees might have been more careful. In the end, however, short of entirely disconnecting the personnel systems from the internet, it may be only a matter of time before they are breached. But as Stuxnet teaches, even that may be inadequate against a clever and diligent enough attacker.
To conclude that government IT security is run by incompetents or amateurs would be an error; it would be closer to the truth to note that the federal government has quite a few million computers, each of which needs protection of operating system and dozens of programs, each with potential vulnerabilities; and that the government has several million employees who may receive, and in a moment of distraction, open a cleverly crafted email, apparently from a colleague, that contains a malicious payload.
OPM's administrators might have done a better job, and its employees might have been more careful. In the end, however, short of entirely disconnecting the personnel systems from the internet, it may be only a matter of time before they are breached. But as Stuxnet teaches, even that may be inadequate against a clever and diligent enough attacker.
1
Did you say Raise my taxes? I can't hear you....
This is a direct attack on our gov't and gov't employees. This is very serious and this information should have been marked "SECRET" and encrypted because this surely does serious damage to our National Security. What will Washington do about this once the investigation is over? Sanctions? Probably nothing.
22
Sanctions for . . . China? Keep dreaming. Check where most of the stuff. low and high tech that you have is made. Not in ol' US of A.
8
Washington is too busy getting their boys elected and paying back their benefactors to be concerned about the security of employees' personal information. It's just collateral damage. Now, if their benefactors were at risk, you'd see immediate action.
Consider this admission:
"Officials have conceded in the briefings that most of the compromised data was not encrypted, though they have argued that the attacks were so sophisticated and well hidden that encryption might have done little good."
Such data handling is a gross violation of the federal government's own data protection standards, and really now, we are supposed to believe that encryption can be defeated, so why do it? No group serious about data security would make such a claim.
"Officials have conceded in the briefings that most of the compromised data was not encrypted, though they have argued that the attacks were so sophisticated and well hidden that encryption might have done little good."
Such data handling is a gross violation of the federal government's own data protection standards, and really now, we are supposed to believe that encryption can be defeated, so why do it? No group serious about data security would make such a claim.
23
encrypted data has to be decrypted to be used. if its used by automated systems, such as database searches, then the systems themselves need the decryption keys... and if the keys are in the system, they can be lifted with the data, rendering the decryption useless.
1
Encryption is not a panacea. Even data that are encrypted can be accessed in the clear by those who are authorized to do so - and by anyone who can impersonate an authorized user by presenting stolen credentials. Insecurity of personal credentials usually is a greater problem than insecurity of even unencrypted data.
1
Just another example of "I can't win by your rules. So I'm changing the rules." China is doing that; ISIS is doing that.
If the US cannot enforce its own rules that keep the US winning, then perhaps We had better consider changing our own rules.
I think we have the same problem domestically - the rules that keep Wall Street in power are defeating the average American citizen. Washington politicians know this - half are for changing the rules and the other half against it.
An insoluble situation.
If the US cannot enforce its own rules that keep the US winning, then perhaps We had better consider changing our own rules.
I think we have the same problem domestically - the rules that keep Wall Street in power are defeating the average American citizen. Washington politicians know this - half are for changing the rules and the other half against it.
An insoluble situation.
10
I thought spying was kind of expected and somewhat "within" the rules. Are we not most likely spying on the Chinese government as well? The fact that we got hacked, is that the fault of the Chinese or our fault? I would suggest that it is our fault.
19
American rules that now other powers have ability to pursue are now defeating it. These guys don't behave any worse than NSA, so we should stop whining.
6
Funny how decades ago, before the internet and the dismissal of paper records as archaic, stealing this sort of information would have required boots on the ground: A flesh and blood human spy, armed perhaps with a Leica camera. Be assured that no one spy could ever have stolen millions of pieces of information this way. In our rush to embrace new technology, we've made ourselves grossly susceptible to exploitation, and in some cases our government (at both federal and state levels) has legislated it. Remind me again why so many aspects of medical care and banking are going "paperless"?
3
This is mere speculation, speculation directed against China and the Chinese government, speculation that will foster fear of and anger towards the Chinese which is saddening and frightening for a country that needs to have a fair foreign policy and not turn yet again to the Cold War.
14
Speculation? Where have you been in the last ten years? or more? Don't tell me you were born yesterday, because if that's the case I would like to speculate as well that you may be a chinese spy, how about that!
19
lol, Doris. Most Americans that breach the topic of our *over-the-top, and obvious, domestic propaganda machine* are labeled "spy" by naive compatriots.
President Eisenhower warned us about the emerging military-industrial-congressional complex and we wouldn't listen. Now creating wars is our biggest industry by far.
Our citizens are just as indoctrinated by our government as the North Koreans are by their government; and most Americans don't even know it. Go to work slaves, 'Metropolis' needs your labor.
President Eisenhower warned us about the emerging military-industrial-congressional complex and we wouldn't listen. Now creating wars is our biggest industry by far.
Our citizens are just as indoctrinated by our government as the North Koreans are by their government; and most Americans don't even know it. Go to work slaves, 'Metropolis' needs your labor.
It is time America wake up. China is getting ready to set America up for the big one. China is beating us in the cyberspace while we waste trillions of dollars in the desert. Wake up Americans China can see us acting like brats.
43
Calm down please. Did you read this: “They are pumping this through their databases just as the N.S.A. pumps telephone data through their databases,” said James Lewis. We are spying China, and expect China not to do the same.
15
china has all our treasury bills. they're hardly likely to crash our economy when this would in turn crash theirs...
US telephone meta data isn't the same as gov't employee personnel data.
For the OPM to say their IDS was effective though the exploit occurred and harvested data for 5 months is disheartening.
As someone familiar with IT security, my inclination is that there are IDS platforms available right now that could have provided real time reporting on potential exploits. Much sooner than 5 months. But they are not cheap nor are the highly skilled IT folks needed monitor them. The OPM folks better try harder and think smarter about this topic, or others will "eat our lunch."
As someone familiar with IT security, my inclination is that there are IDS platforms available right now that could have provided real time reporting on potential exploits. Much sooner than 5 months. But they are not cheap nor are the highly skilled IT folks needed monitor them. The OPM folks better try harder and think smarter about this topic, or others will "eat our lunch."
11
This is what drowning the govt in a bathtub looks like.
The Chinese know all too well that they can not outspend the U.S. on weapons systems and military hardware. Conventional warfare between competing nations is a thing of the past. These attacks are a brilliant tactic on their part and we may not realize the value gained from them until some time in the future.
45
Too bad that US where hacking techniques are originated and are the most sophisiticated, did not patent its 'invention'. Now every country is following US' footsteps, and China is becoming more and more like US
What attacks are the Chinese carrying out right now that we don't know about?
Why exactly are we not going into overdrive to beef up Internet security in this country? In 2003, all it took was a computer glitch to knock out power up and down the East Coast - imagine what a few hackers could do.
35
Sequestration? Budget constraints due to excessive expenditures for multiple wars and ongoing conflicts with no end in sight?
1
Because we are shrinking govt to drown it, not paying more to get more.
Not quite the good 'ol days when one just had to log one's contacts into a book, eh? Isn't progress wonderful?
Do you think they have done this for sport? Nothing has happened yet, but soon the blackmail will begin, along with the disruptions in payroll and the adjustments to employment records. Someday your ATM and your lights will not work and perhaps then you might take this seriously.
25