Tag Archives: OPM

Cyber breach at the Australian Bureau of Meteorology

5 December 2015

When I read the headline of Warwick Ashford’s report ‘Australia blames China for cyber-attack on supercomputer’ my first thought was: Why would anyone go after a number cruncher? It can’t be all that bad, because under normal conditions number crunchers don’t store business critical information.

In the evening I started gathering information about the attack and found some really worrying details.

In Ashford’s report we read ‘The BoM supercomputer contains a lot of research, but could be viewed as a potential gateway to a host of government agencies that have even more sensitive information.’

In an ABC report one reads ‘In the event of a conflict, compromising Australia’s ability to accurately forecast weather would affect the operation of military and commercial aircraft. Beyond that, the bureau provides a gateway to other agencies.’

The Bureau of Meteorology (BoM) provides services to other agencies. Since a login is required, it is very likely that login credentials have been compromised. This makes attacks on other agencies very likely because login credentials are frequently re-used across services.

In addition both sources report that the BoM provides a gateway to other services. Hopefully the networks of the Australian government agencies are better isolated from each other than the OPM network from other U.S. agency networks. If properly isolated it’s much harder for the attackers to move across the gateways into other networks.

In ‘Cyber breach at the Bureau of Meteorology: the who, what and how, of the hack’ we read

‘The damage is actually … to then make sure that the hackers have not left behind any software that is continuing to spy or providing hackers with renewed access, …’

The author talks only about confidentiality issues, but what about integrity issues? Who checks whether the results of the computations are still the same as before the attack? Slight changes to algorithms may have a major impact on forecast information and could end up in the worst case in a plane crash.

Have a good weekend.

OPM May Have Exposed Security Clearance Data

7 June 2015

When I read David Sanger’s report ‘Hacking Linked to China Exposes Millions of U.S. Workers’ in the New York Times about the Office of Personnel Management (OPM) attack I was shocked on both, the large number of stolen records and the obviously inadequate protection measures and processes.

‘The intrusion came before the personnel office fully put into place a series of new security procedures that restricted remote access for administrators of the network and reviewed all connections to the outside world through the Internet’.

Are basic protection measures like Two Factor Authentication for all employees for access from the internet to federal computer networks really not in place, not even for the NSA:

‘In acting too late, the personnel agency was not alone: The N.S.A. was also beginning to put in place new network precautions after its most delicate information was taken by Edward J. Snowden.’

And why does it take such a long time until an investigation starts? From a LIFARS blog we learn:

‘The possibility of a data breach was first detected back in April, by the Department of Homeland Security. An internal investigation conducted in May, confirmed that the breach had indeed occurred.’

In the New York Times article we find the reason for this delay:

‘Administration officials said they made the breach public only after confirming last month that the data had been compromised and after taking additional steps to insulate other government agencies from the intrusion.’

Again, it seems to me that basic protection measures like proper network segmentation are not in place. In addition to effective communication processes and business continuity management, which could cut the Mean Time To Identify (MTTI) a breach dramatically due to the Ponemon 2015 Cost of Data Breach Study, page 24, figure 24.

Take care!