Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Office of Personnel Management Hacked Again

Posted by samzenpus on from the protect-ya-neck dept.

tranquilidad writes: According to a story in the Washington Post, China hacked into the computer system of the United States' Office of Personnel Management last December. This was the second major intrusion in less than a year. Personally identifiable information of approximately 4 million individuals may have been compromised. The compromised information was related to security clearances and employee records. "The FBI is working with our interagency partners to investigate this matter. We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace," an FBI spokesman said.

1 of 73 comments (clear)

  1. Trivial by Charliemopps · · Score: 5, Insightful

    So, I think that the word we need to get out to the uninformed public is that hackers do not have magic powers that are impossible to defend against. Governments and Corporations responsible for these breaches keep trying to portray the hackers as if they were mad-men flying planes into buildings. How can you stop a fully loaded 747 flying at 800mph right?!?!

    But that's not the case. Every single one of these breaches has been the result of mistakes made my the organization that was attacked as trivial as leaving keys in the lock of your safe with a big sign that says "Money inside!" These agencies and companies could easily, and with little monetary investment, make breaches like this nearly impossible.

    In most cases the mistakes aren't even technological, they're institutional. Usually those attacked had well qualified security folks on staff who were doing their best to prevent the attack. But when the "VP of operations" (or whatever) comes in and says "The project is late, everyone's telling me it's because you're department is insisting on two factor authentication. I'm going to sign off on that and we're going to move forward" there's not much they can do.

    Look at the Sony attack. You had executives of the company sitting there with the entire companies financial records down to the penny sitting on their windows desktop... WHILE their security department was telling them the entire network had an active virus infection running rampant. Basically nothing happened to any of the people responsible.