Fall out from a slew of breaches continued for the Office of Personnel Management (OPM) Monday with the announcement that it plans to temporarily shut down its e-QIP background security check system. The agency found the IT system contained a vulnerability during a comprehensive review. The good news, according to eWeek, is that there is currently no evidence the vulnerabilities led to an exploitation of e-QIP.
“This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted,” OPM Director Katherine Archuleta said.
However, the suspension of the system will pose at least two serious problems for the OPM.
First, shutting down such a program can negatively affect the security forensics operation. Cavirin Systems CEO JD Sherry said, “Typically, it is always a best practice to leave systems running during a cyber-forensic investigation so you can truly capture the evidence required to determine the overall attack signature and impact.”
Whether the shut down is a good move or not, it certainly will now create a significant backlog for those seeking security clearances across the federal government.
The news for the agency could get worse, too. The Daily Beast reports on whether U.S. intelligence agencies failed to take their own advice and not merge a database containing highly classified personnel records of intelligence employees with the OPM’s database. In 2010, the Government Accountability Office said intelligence officials should not go along with a post-9/11 plan to combine all security clearance checks data into one database “due to concerns related to privacy, security and data ownership.”
Yet, a report from 2014 says the Office of the Director of National Intelligence started working with the OPM “to set the stage for the upload of active, completed clearance records.” Though one official told The Daily Beast there is “no connection” between the intelligence database and the OPM hack, officials will not confirm or deny whether there are links between the intelligence database, called Scattered Castles, and the OPM.
Michael Adams, who once served in the U.S. Special Operations Command, said, “Based on my understanding of U.S. government databases and networks, as well as recent conversations with U.S. government officials, I have high confidence that the agencies do not have a clear understanding of the architecture of their systems and how they’re interconnected,” adding, “I further believe that the U.S. government either doesn’t understand or is obfuscating the national-security implications of this cyberattack. These people either need serious help or need to come clean now.”
Many current and former federal employees are concerned about their coverage in the event their data is used for fraudulent purposes. According to Federal Times, no information has yet been disclosed to those affected on who will provide the actual anti-fraud coverage. A spokesman for CSID, the third party hired by to help the OPM with the breach response, said those who’ve been offered liability protection will be covered.
There are conflicting reports about whether stolen OPM data is currently for sale on the dark web. A report from Vocativ claims data from the hack “might be” for sale on the criminal websites, including Agora, Alpha Bay and Nucleus, and that the entire trove of data may be worth as much as $140 million.
A report for Motherboard, however, is seriously calling into question the report from Vocativ.
Plus, if the OPM was indeed hacked by the Chinese, as the Obama administration suspects, it would likely be used to create a database for the government’s use and not for money.
The Wall Street Journal reports that no OPM data is currently for sale online. In line with its breach response, CSID has also scanned supposed dark web sites and found no OPM data. CSID President Joe Ross said his company is currently enrolling thousands of people in its services and quadrupling the number of employees for its call centers. CSID started with approximately 100 call center staffers, and is now up to 400.
“No one in the breach industry sits around with a 300-person call center waiting for a breach to happen,” he said.
If you want to comment on this post, you need to login.