New US 'Secret' Clearance Unit Hires Firm Linked To 2014 Hacks

An anonymous reader quotes a report from Reuters: A U.S. government bureau set up to do "secret" and "top secret" security clearance investigations has turned for help to a private company whose login credentials were used in hack attacks that looted the personal data of 22 million current and former federal employees, U.S. officials said on Friday. Their confirmation of the hiring of KeyPoint Government Solutions by the new National Background Investigations Bureau (NBIB) comes just days ahead of the bureau's official opening, scheduled for next week. Its creation was spurred, in part, by the same hacks of the Office of Personnel Management that have been linked to the credentials of KeyPoint, one of four companies hired by the bureau. The officials asked not to be named when discussing sensitive information. A spokesman for OPM said the agency in the past has said in public statements and in congressional testimony that a KeyPoint contractor's stolen credentials were used by hackers to gain access to government personnel and security investigations records in two major OPM computer breaches. Both breaches occurred in 2014, but were not discovered until April 2015, according to investigators. One U.S. official familiar with the hiring of KeyPoint said personnel records were hacked in 2014 from KeyPoint and, at some point, its login credentials were stolen. But no evidence proves, the official said, that the KeyPoint credentials used by the OPM hackers were stolen in the 2014 KeyPoint hack. OPM officials said on Thursday one aim for NBIB is to reduce processing time for "top secret" clearances to 80 days from 170 days and for "secret" clearances to 40 days from 120 days.

I'm confused

[networkBoy]

did they just spin up a new government branch because of the OPM leak and said new branch just contracted with the same company responsible for the OPM breach?

Yo dawg, I heard you liked government in your breaches, so I added government to your government breaches.

Re:I'm confused

[AHuxley]

Think of it from the US gov, mil and other agency daily usage side.
Say the CIA needs a cleared flight crew with loading experience to help re "supply" some pro US "freedom fighters" to remove a bad dictator and install a new US backed theocracy.
Asking for the decryption keys, been logged for the search and having a record of the crew found to fly a CIA mission is not the quick result needed.
So keep the entire database of serving staff and still cleared skilled staff in plain text and have no logging is the needed database.
Every other agency can then do a text search without a worry, find staff and get on with their mission, saving paper work, access requests and FIOA issues.
A vast pool of easy to find contractors and gov workers that has no usage logging, is plain text and needs no keys or key requests been logged.
As a bonus its all bait to see who globally will try and get a look and who they search for :) A real honeypot.

Re:I'm confused

... spin up a new government branch ...

So the US government can outsource work it already does, to itself. At least the NBIB employees promise to work faster and better than the OPM employees, or did they just move OPM employees to a different floor?

I wonder where the NBIB sits on the chain of command.

In the past, the government has also internalized private sector jobs (airport security) in the name of National Security; with no improvement in security. Why can't the US government internalize jobs when private sector jobs have been proven to reduce security? Ahh, the benefits of 'small government'.

... no evidence proves, the official said, that the KeyPoint credentials used by the OPM hackers were stolen ...

Translation: Because we can't prove their security procedures failed more than once, we will employ them again.

Did KeyPoint or the government, audit KeyPoint security procedures? This is not the time for giving them the benefit of doubt. Just add pork-barreling to the government's policies.

those crazy Russians

[turkeydance]

reducing processing time again.

Re:those crazy Russians

I'm not sure what they mean by reducing clearance times. When I got my secret clearance, it took less than a week from the time I submitted the form to when I was working in sensitive areas on an Air Force base in Japan.

Re: those crazy Russians

Clearancee come in two phases. They first do some basic checks and give you an interim clearance, that is currently taking less than 2 weeks. Then they do the full blown investigation and give you your full clearance, ehich is currently taking many months. With an interim clearance you are treated the same as someone with a full clearance for most things, you just can't access classified nato stuff. So most people can do their jobs while they wait for the full clearance.

Cyber is hard

Tell me again how private servers were the problem, grandpa.

Re:Cyber is hard

[Joe_Dragon]

the kick backs are so nice now show you face before you get the horse

Unnamed officials

The officials asked not to be named when discussing sensitive information.

No problem, we'll figure out their identities when KeyPoint gets hacked again.

Re:Unnamed officials

[BlueStrat]

The officials asked not to be named when discussing sensitive information.

No problem, we'll figure out their identities when KeyPoint gets hacked again.

Why wait for all that?

Just look at who the top execs at KGS donated/bundled campaign/PAC/lobby/'Foundation' money to/for.

Easy-peasy!

Strat

Wouldn't it be ironic if...

[JustNiz]

...their first task was to evaluate Hillary for security clearance.

What actually happens if you get elected as POTUS but can't qualify for Top Secret security clearance?

Re:Wouldn't it be ironic if...

Elected officials automatically get them. Not to mention the president gets to determine what is and is not classified and who has access...

Re:Wouldn't it be ironic if...

Nothing. You're automatically cleared as soon as you take office. (Actually you start getting intel briefings as soon as you're nominated.)

Re:Wouldn't it be ironic if...

[Joe_Dragon]

No person except a natural born citizen, or a citizen of the United States, at the time of the adoption of this Constitution, shall be eligible to the office of President; neither shall any person be eligible to that office who shall not have attained to the age of thirty-five years, and been fourteen years a resident within the United States.

Re:Wouldn't it be ironic if...

Elected officials in the U.S. aren't evaluated for security clearance, they are granted access to the information by virtue of being in the position. More info here and here.

Re:Wouldn't it be ironic if...

[rmdingler]

Nothing. You're automatically cleared as soon as you take office. (Actually you start getting intel briefings as soon as you're nominated.)

Although no one's imagined first act as President is to pardon herself...

Re: Wouldn't it be ironic if...

A couple of things.

First, Hillary CLinton has not been charged with a crime, unless you count all the people screaming "Benghazi" and "email server" all day every day. Fortunately their opinions don't count for much.

Second, the president can technically pardon themselves for a crime, but congress can respond with impeachment and removal from office. So it's kind of a dangerous game for a president to just pardon thsmselves to get congress off its back.

Finally, the power of the president in the US is radically overestimated. Congress can remove the president but not vice-versa. If congress wasn't such a bunch of infighting little brats they would be running the country, possibly competently. Instead, they'd rather endlessly horse-trade, campaign, and stack the deck against election loss while simultaneously bemoaning the overreach of the executive branch.

The executive branch enforces the laws established by the legislature, and acts on its own (read:executive orders) whenever the law is not clear. Every executive order could be shot down overnight if congress really wanted to do it. They just don't want to do it badly enough.

The legislature has ceded power to the executive branch because it's good for business (being elected, taking paid board seats at universities and huge multinational corporations, etc.). The executive branch reacts by taking advantage of the situation and becoming its own legislative body by default. You can hardly blame them.

Back to Hillary. Neither the legislature (who has no jurisdiction AFAIK) nor the executive (FBI) has opted to press charges. Why? Because conviction is vey unlikely. Also, the charge is flimsy. "You were unsafe with sensitive information." Really? Everything else the government touches gets hacked, so why not go outside their bounds and be safer? Is there a law against protecting sensitive data? Easy to get reasonable doubt in a case like this anyway.

If she were convicted she'd likely not be elected president, right? And if she is elected, it's the will of the people that she be president regardless. It's the highest form of jury nullification, really.

So the whole self-pardoning thing is completely asinine. It's not going to happen because it will never need to happen.

Besides, the real crime according to the haters is that she's planning to rig the election so she can win against Donald Trump's huuuuuuuge leads in the polls.

That's what she'll NOT pardon herself for.

Just as expected

New organization with a new head, appointed by the administration, that will hire 90% or more of the people who did the job previously to oversee the same contractor who couldn't do it correctly causing the need for the new organization. Your tax dollars at work!

The government really screws things up

[plopez]

But to turn into a total fuck up requires the private sector. See also http://www.wsj.com/articles/ep...

Funny

Security of the entire U.S.A. government is just an ... Ass Grab Game!

Meaning, everything ... is compromised!

Thank You Barrak Hussein Obama and your ... Kissing Cousins!

Very bad.

Re: Funny

Mod parent up FUNNY!

Typical

A check of the real, i.e. "Classified TOP SECRET RUFF" bios will show the "Officials" of the company are former DoD and State Dept. Hacks.

Ha ha

Well In Their Defence

[Greyfox]

To be fair to them, there really aren't that many companies that want to do business with the US government and all the companies that do are probably equally as incompetent. So whether you hire this incompetent company to manage what should be some of the most secure assets in the country or another incompetent company, the outcome will most likely still be the same. It's not like there are any sort of... "laws," dictating their security, quality control or processes. Well, I guess there are, but it seems like the most profitable thing to do is ignore them and hope you don't get caught.