Earlier this month, it was reported that the personnel records of 4 million federal employees had been compromised in a cyber attack on the Office of Personnel Management (OPM). OPM is the US Government's HR department. As events unfold, it now appears that this breach was much worse than first reported. The Washington Times is reporting that the breach may involve records of 32 million Americans. Office of Personnel Management Called Before Congress All indications are that the attack was done by the same Chinese team that stole records from Anthem, the health insurance company, and that this attack [...]
Last week it was revealed the about 4 million former and current federal employees were impacted by a data breach at the Office of Personnel Management. Yesterday morning at a press conference in Germany, the President said, "We have known for a long time that there are significant vulnerabilities, and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector." As if acting on cue, a few hours after the President's prediction that things would get worse, things got worse. Brig. Gen. Malcolm B. Frost, U.S. Army, announced that the Army's official [...]
We attended the RSA Conference in San Francisco this week. There are two giant convention halls filled with latest in information security. In addition to the in-booth presentations, there are continuous presentations and panels discussing security. Jeh Johnson, the Secretary of the Department of Homeland Security, was a keynote speaker. Yet, in this sea of the new, the most interesting thing was something patented almost a century ago. In the NSA’s booth (yes, that NSA) was this: A wooden box about the size of a toaster oven — an Enigma machine. The Enigma machine was patented in 1919. The Germans [...]
The personnel records of about 4 million current and former federal employees were compromised in a cyberattack on the Office of Personnel Management. This attack is being attributed to China. Citing iSight Partners, the Washington Post attributes the attack to the group that compromised Anthem. This group uses spearphishing, highly targeted deceptive emails, to deceive people into compromising their systems. Deception takes place in the mind of the person who is being attacked. Users will decide which emails to trust. That decision can be guesswork or it can be guided by IT using SP Guard.