Slashdot Mirror
California Hax0red
rochlin writes "200,000 California state workers burned! According to the Sacramento Bee, personal and financial info for 200,000 workers was accessed by a team of hackers "working secretly over the past several months." Stolen info included "the perfect mix of information to allow identity theft" according to the Sacramento Valley Hi Tech Task Force."
Stolen info included "the perfect mix of information to allow identity theft" according to the Sacramento Valley Hi Tech Task Force."
Where the heck did this quote come from? Am I reading the wrong article? The article isn't nearly as exciting as the posting made it out to be.
Hackers had access to SS#
Great.. unfortunately the SS Administration won't give you a new number unless you can PROVE that your number is being used illegally or against you. Great! So now we have to wait until someone steals our identity to get a new number. Something's kinda fishy with that. If your credit card is stolen you report it right away and get a new one. But no.. if your SS# is stolen you keep it unless someone is hurting you. EEEK! BAH!
From what I know, most of the California state IT needs are filled by Windows machines, including this data center.
Just my $0.02.
--
I Hit the Karma Cap, and All I Got Was This Lousy
More to the point, did anyone wonder how it can possibly require 265,000 people to run the state of California? According to the California Department of Finance's numbers, that's one state employee for every 124 Californians...
I wonder if the employees union will sue the state for damages? While I may get trashed for suggesting such a legal "solution" (or maybe praised, who cares), I think that's the only way large organizations will know why it's worth it to maintain security.
I say don't underestimate how much this sucks for those employees.
-pyrrho
I actually do tech support for a field office. I've never been impressed by the security mindset of state network admins. They are paranoid about giving access to those who really need it, while ignoring much of the easier ways people can break in (such as proper use of passwords, account maintenance and monitoring, etc..). But I'm sure this would be true of any network admin who's paid and supervised as little as they are.
Interesting side note: Our last chief of IT was hired even though his resume revealed not one shred of experience with information technology. His degree was in finance, and from what it appeared he had no experience running a network. That's just how it goes when you have a governor who needs to bestow favors on those who supported him during his campaign.
Go Lakers!
I know several guys that used to work at the Teale data center (where the compromise occured). They say it's the most anti-unix place they have ever worked. Chances are those records were sitting on unpatched NT/SQL Server boxes. If by some small chance they were on non MS boxes, knowledgable *nix folk are non-existent there (according to them).
They went further to say the level of qualified security savvy personnel is pathetic and that any deployed IDSs are poorly managed...
I know it's all second hand, but I thought their insight was interesting.
Maybe its a conspiracy to cover the huge CA debt during the next budget cycle.
Step 1) Hack own site and steal info on employees.
Step 2) Blame hackers / terrorists (everyone hates them).
Step 3) Take out credit cards in employee's names (excluding judges and politicians.
Step 4) Purchase goods from 'contributing' business leaders. Collect taxes from purchases. Get kick-backs from businesses.
Step 5) Lay off employees because of budget crisis.
From my calculations, this could save California millions! And we thought government heads were so dull. Their brilliant!!!
This may sound paranoid, but what are the chances that, in the future, terrorists will be able to/are going to use identity theft of state employees to help gain access to files and information that would assist in the planning of a terrorist attack? Or worse yet, physical access to locations such as nuclear powerplants? How hard would it be to create a fake identification, get copies of government documents, and drive into a nuclear powerplant's "secure" facilities?
Probably just paranoia talking about the physical access, but I wouldn't be surprised about the documents part.
--
http://nemilar.net - Not your grandmother's soup kitchen
I'm so thoroughly disgusted with this type of crime, I wanted to know. . . how seriously does the average slashdot reader take this.
Personally, I think that crimes like this are _worse_ than grand theft auto (not the game. . . keep up) and much worse than dealing crack for $5 a rock on the street corner. You get serious time for those offenses, but I'm not sure how much you get for this type of hacking theft.
Personally, I'd like to see this type of thing get 20 years or more of some type of community service in conjunction with jail time. I know it sounds harsh, but this just seems to be major theft to me -- and precisely the type of crime that holds back our industry and the potential for us to finally move to reasonable electronic record-keeping.
[Note: For those of you who think that people "deserve" to be hacked and that punitive measures shouldn't be necessary should consider this: Is it ok for people to throw bricks through shopwindows just because the store-owners didn't invest in bullet/bomb/brick-proof glass?
At some point we are part of society, and I think this crime is especially bad and should have especially bad repercussions]
"Inuit" are found in Canada. Alaskan Eskimos are Inupiat or Yu'pik.
Of course they're mainly found in *Northern* and *Western* Alaska, not Southern Alaska, in which the indigenous population mainly consists of Indian groups such various Tlingit and Athabascan related tribes, as well as Aleuts who are yet another separate group.
If you're going to be all PC and shit by avoiding the word "Eskimo", at least find out what the hell you're talking about. It's like calling a German a Frenchman.
The Bee also ran a story that despite a state-wide hiring freeze, as many as 9,000 people have been hired at the state.
Interestingly, several highly qualified information security candidates I know haven't even been able to get even contract work at the state.
And don't even get me started on the governors "cyberterrorism task force".