New US 'Secret' Clearance Unit Hires Firm Linked To 2014 Hacks

An anonymous reader quotes a report from Reuters: A U.S. government bureau set up to do "secret" and "top secret" security clearance investigations has turned for help to a private company whose login credentials were used in hack attacks that looted the personal data of 22 million current and former federal employees, U.S. officials said on Friday. Their confirmation of the hiring of KeyPoint Government Solutions by the new National Background Investigations Bureau (NBIB) comes just days ahead of the bureau's official opening, scheduled for next week. Its creation was spurred, in part, by the same hacks of the Office of Personnel Management that have been linked to the credentials of KeyPoint, one of four companies hired by the bureau. The officials asked not to be named when discussing sensitive information. A spokesman for OPM said the agency in the past has said in public statements and in congressional testimony that a KeyPoint contractor's stolen credentials were used by hackers to gain access to government personnel and security investigations records in two major OPM computer breaches. Both breaches occurred in 2014, but were not discovered until April 2015, according to investigators. One U.S. official familiar with the hiring of KeyPoint said personnel records were hacked in 2014 from KeyPoint and, at some point, its login credentials were stolen. But no evidence proves, the official said, that the KeyPoint credentials used by the OPM hackers were stolen in the 2014 KeyPoint hack. OPM officials said on Thursday one aim for NBIB is to reduce processing time for "top secret" clearances to 80 days from 170 days and for "secret" clearances to 40 days from 120 days.

I'm confused

[networkBoy]

did they just spin up a new government branch because of the OPM leak and said new branch just contracted with the same company responsible for the OPM breach?

Yo dawg, I heard you liked government in your breaches, so I added government to your government breaches.

Re:I'm confused

[AHuxley]

Think of it from the US gov, mil and other agency daily usage side.
Say the CIA needs a cleared flight crew with loading experience to help re "supply" some pro US "freedom fighters" to remove a bad dictator and install a new US backed theocracy.
Asking for the decryption keys, been logged for the search and having a record of the crew found to fly a CIA mission is not the quick result needed.
So keep the entire database of serving staff and still cleared skilled staff in plain text and have no logging is the needed database.
Every other agency can then do a text search without a worry, find staff and get on with their mission, saving paper work, access requests and FIOA issues.
A vast pool of easy to find contractors and gov workers that has no usage logging, is plain text and needs no keys or key requests been logged.
As a bonus its all bait to see who globally will try and get a look and who they search for :) A real honeypot.

those crazy Russians

[turkeydance]

reducing processing time again.

Unnamed officials

The officials asked not to be named when discussing sensitive information.

No problem, we'll figure out their identities when KeyPoint gets hacked again.

Re:Unnamed officials

[BlueStrat]

The officials asked not to be named when discussing sensitive information.

No problem, we'll figure out their identities when KeyPoint gets hacked again.

Why wait for all that?

Just look at who the top execs at KGS donated/bundled campaign/PAC/lobby/'Foundation' money to/for.

Easy-peasy!

Strat

Wouldn't it be ironic if...

[JustNiz]

...their first task was to evaluate Hillary for security clearance.

What actually happens if you get elected as POTUS but can't qualify for Top Secret security clearance?

Re:Wouldn't it be ironic if...

[Joe_Dragon]

No person except a natural born citizen, or a citizen of the United States, at the time of the adoption of this Constitution, shall be eligible to the office of President; neither shall any person be eligible to that office who shall not have attained to the age of thirty-five years, and been fourteen years a resident within the United States.

Re:Wouldn't it be ironic if...

Elected officials in the U.S. aren't evaluated for security clearance, they are granted access to the information by virtue of being in the position. More info here and here.

Re:Wouldn't it be ironic if...

[rmdingler]

Nothing. You're automatically cleared as soon as you take office. (Actually you start getting intel briefings as soon as you're nominated.)

Although no one's imagined first act as President is to pardon herself...

Re:Cyber is hard

[Joe_Dragon]

the kick backs are so nice now show you face before you get the horse

The government really screws things up

[plopez]

But to turn into a total fuck up requires the private sector. See also http://www.wsj.com/articles/ep...

Well In Their Defence

[Greyfox]

To be fair to them, there really aren't that many companies that want to do business with the US government and all the companies that do are probably equally as incompetent. So whether you hire this incompetent company to manage what should be some of the most secure assets in the country or another incompetent company, the outcome will most likely still be the same. It's not like there are any sort of... "laws," dictating their security, quality control or processes. Well, I guess there are, but it seems like the most profitable thing to do is ignore them and hope you don't get caught.