Cyber Breach of Office of Personnel Management Was Avoidable: Congress | NBC Bay Area
National & International News
The day’s top national and international news

Cyber Breach of Office of Personnel Management Was Avoidable: Congress

The attack compromised personal information of more than 21 million current, former and prospective federal employees



    Getty Images
    In this file photo, the Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown June 5, 2015 in Washington, DC. U.S. investigators have said that at least four million current and former federal employees might have had their personal information stolen by Chinese hackers.

    It was time to purge the hacker from the U.S. government's computers. After secretly monitoring the hacker's online movements for months, officials worried he was getting too close to critical information and devised a plan, dubbed "the Big Bang," to expel him.

    Trouble was, with all their attention focused in that case, they missed the other hacker entirely.

    A new congressional report provides previously undisclosed details and a behind-the-scenes chronology of one of the worst-ever cyberattacks on the United States, laying out missed opportunities before the break-in at the Office of Personnel Management exposed security clearances, background checks and fingerprint records.

    That attack — widely blamed on China's government — compromised personal information of more than 21 million current, former and prospective federal employees, led to the resignation of the OPM director and drew outrage over changing explanations about the hack's seriousness.

    Man Found Hiding Under Little Girl's Bed

    [NATL-NY] Man Found Hiding Under 11-Year-Old Girl's Bed

    Florida deputies have arrested a 24-year-old Naples man who allegedly hid under the bed of his 11-year-old neighbor and left her a sexually explicit note.

    Authorities took David Hanggigoble into custody for stalking after the girl and her mother explained how Hanggigoble's actions had escalated during recent days.

    The victim said she was in the bathroom getting ready for school. When she came out, she saw Hanggigoble hiding under the bed. She ran from her room and called her mother. Her mother then contacted the sheriff's office and came home.

    (Published 6 hours ago)

    The report by the House Committee on Oversight and Government Reform faulted the personnel agency for failing to secure sensitive data despite warnings for years that it was vulnerable to hackers. It concluded that the hacking revealed last year could have been prevented if OPM had put in place basic, required security controls and recognized from an earlier break-in that it was actually dealing with a sophisticated, persistent enemy.

    "We have literally tens of millions of Americans whose data was stolen by a nefarious overseas actor, but it was entirely preventable," Rep. Jason Chaffetz, a Utah Republican and committee chairman, said in an interview.

    "With some basic hygiene, some good tools, an awareness and some talent, they really could have prevented this," he added.

    OPM Acting Director Beth Cobert said in a statement the agency disagrees with much of the report and it "does not fully reflect where this agency stands today." She said the OPM hack "provided a catalyst for accelerated change within our organization," including hiring new cybersecurity experts and strengthening its security.

    Safe Pumpkin Carving Techniques for Halloween Weekend

    [NATL] Safe Pumpkin Carving Techniques for Halloween Weekend
    With Halloween upon us, here are some tips for avoiding pumpkin-carving injuries, from orthopedic hand surgeon Dr. Gregory Sobol. (Published Friday, Oct. 28, 2016)

    The government discovered the first OPM hacking in March 2014 when a specialized Homeland Security Department team noticed suspicious streams of data leaving its network between 10 p.m. and 10 a.m. — the online equivalent of moving trucks hauling away filing cabinets containing confidential papers in the middle of the night. The government's so-called Einstein intrusion warning system detected the theft.

    "DHS called us and let us know, hey, we think this is bad," Jeff Wagner, OPM's director of information security operations, told officials investigating the hack, according to the hack.

    For two months, the personnel office worked with the FBI, National Security Agency and others to monitor the hacker to better understand his movements. Officials developed a plan to expel the hacker over a three-day weekend in May 2014, dubbed "the Big Bang." The effort included resetting administrative accounts, building new accounts for users who had been compromised and taking offline compromised systems.

    "The risk of kicking them out too early had come and gone," Wagner said, "and now the risk was becoming having them in too long, and we didn't want to keep them around any longer than we had to."

    The problem was far from solved.

    Unknown to the experts focused on expelling the hacker, a second intruder posing as an employee of a federal contractor had infiltrated the system weeks before "the Big Bang." That hacker used a contractor's credentials to log into the system, install malicious software and create a backdoor to the network, according to the report.

    Over the next several months, roaming unchecked through the system, the hacker stole sensitive security clearance background investigation files, personnel files and, ultimately, fingerprint data.

    That breach was not detected until April 2015, when an OPM contract employee traced the flow of stolen material back to an Internet address that had been registered to Steve Rogers, the alter ego of Captain America, indicating a spoof account. By then, sensitive information on millions of American workers had already been compromised.

    Science Explains Why Fear Can Be Fun

    [NATL] Science Explains Why Fear Can Be Fun
    Every year around Halloween, millions of people all across the country pay to have other people scare the living daylights out of them, leading us to ask one very important question: Why? (Published Thursday, Oct. 27, 2016)

    The report also faulted the personnel office for failing to quickly deploy security tools from an outside firm to detect malicious code and other threats. Once deployed, the tool from Cylance Inc. of Irvine, California, "lit up like a Christmas tree," indicating it found malware throughout the federal computers, an engineer is quoted as saying in the report.

    "Could they have done better? Absolutely," Cylance founder and chief executive Stuart McClure, said in an interview. "But once they had been definitively convinced there was a breach, they took it very seriously."

    It said OPM officials misled the public about the scope of the breach and also by saying the two breaches were unrelated when, instead, "they appear to be connected and possibly coordinated," according to the congressional report.

    "The two attackers shared the same target, conducted their attacks in a similarly sophisticated manner, and struck with similar timing," the report said.

    Mark Ruffalo, Jesse Jackson Join Pipeline Protesters

    [NATL] Mark Ruffalo, Jesse Jackson Join Pipeline Protesters
    Actor Mark Ruffalo and civil rights leader Jesse Jackson join Native American protesters attempting to block construction of Dakota Access Pipeline. "The irony is they sent Native Americans out on these reservations to perish, only to find that there was great wealth beneath the soil," Jackson said. (Published Thursday, Oct. 27, 2016)

    Though the U.S. suspects the hack was an act of Chinese espionage, the House inquiry did not go into great detail about who was responsible. It mentions that the data breaches discovered in April 2015 were likely perpetrated by the group "Deep Panda," which has been linked to the Chinese military.