Group items tagged

The Office of Personnel Management (OPM) had known since 2012 about security flaws in its online submission system, roughly three years before the agency finally shut down the system to repair it.“OPM has known about vulnerabilities in the system for years, but has not corrected them,” Michael Esser, the assistant inspector general for audits at the OPM, told a House subcommittee on Wednesday.ADVERTISEMENTIn late June, the OPM said it was suspending the Web-based platform, known as e-QIP, after a security review conducted in the wake of massive hacks at the agency uncovered significant defects.The OPM data breach has likely exposed upwards of 18 million people’s sensitive information and is raising pointed questions about why the agency hasn't moved more expediently over the years to correct glaring problems with its networks.The agency’s inspector general has said OPM officials repeatedly failed to heed its warnings, even refusing to shut down several of its weakest computer systems as recommended.

On Wednesday, Esser accused the agency of also not responding to alerts about the e-QIP system, which is used to file the background checks for security clearances.  The agency’s oversight arm detailed 18 security vulnerabilities starting in 2012, he said.“I do not know if those vulnerabilities were related to the reason the system was shut down last week,” Esser added.OPM Director Katherine Archuleta has maintained she always takes into account the watchdog’s recommendations. The agency kept the deficient computer systems running, she said, in order to avoid gaps in delivering employee's paychecks and benefits.

It was already being described as the worst hack of the U.S. government in history. And it just got much worse.A senior U.S. official has confirmed that foreign hackers compromised the intimate personal details of an untold number of government workers. Likely included in the hackers’ haul: information about workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity.Those details, which are now presumed to be in the hands of Chinese spies, are found in the so-called “adjudication information” that U.S. investigators compile on government employees and contractors who are applying for security clearances. The exposure suggests that the massive computer breach at the Office of Personnel Management is more significant and potentially damaging to national security than officials have previously said.

Three former U.S. intelligence officials told The Daily Beast that the adjudication information would effectively provide dossiers on current and former government employees, as well as contractors. It gives foreign intelligence agencies a roadmap for finding people with access to the government’s most highly classified secrets.Obama administration officials had previously acknowledged the breach of information that applicants voluntarily disclose on a routine questionnaire, called Standard Form 86, but the theft of the more detailed and wide-ranging adjudication information appears to have gone overlooked.

“Whoever compromised the adjudication information is going to have clear knowledge, beyond what’s in the SF86, about who the best targets for espionage are in the United States,” Michael Adams, a computer security expert who served more than two decades in the U.S. Special Operations Command, told The Daily Beast. “This is the most successful cyber attack in the history of the United States,” owing to the amount and quality of the information that was stolen, Adams said. U.S. intelligence officers spend years trying to recruit foreign spies to gather the kinds of details and insights that are contained in adjudication information, one former senior U.S. official said. This official, who requested anonymity, added that adjudication information would give foreign intelligence services “enormous leverage” over U.S. personnel whom they might forcibly interrogate for information or try to recruit.