EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

06.14.15

Office of Personnel Management (OPM) and Microsoft Windows

Posted in Microsoft, Windows at 6:07 pm by Dr. Roy Schestowitz

Server

Summary: A look at lesser-explored aspects of the so-called OPN hack [sic], especially the systems involved

IN AN EFFORT to understand what repeatedly happened in the undoubtedly significant Office of Personnel Management (OPM) data breach/es [2-8], leaving aside the lack of concrete evidence of Chinese role [1], we tried to understand which platform was to blame. In the case of Sony it was reportedly a Microsoft Windows machine acting as the culprit or attack vector, just like Stuxnet in Iran with similar attempts against North Korea (there are still more articles about it).

“Hundreds of millions of credit card numbers got snatched from Windows.”NSA leaks were due to Microsoft SharePoint (Snowden gained access to the so-called ‘crown jewels’). As we last noted in an article about words from Kaspersky (still in headlines for it [9-12]), Windows is inherently not secure. Commercial targets of data breached that we wrote about before serve to show this. We gave readers a lot of examples over the years. Hundreds of millions of credit card numbers got snatched from Windows. the cost was enormous, but the role of Windows wasn’t ever emphasised in the corporate press.

Rebecca Abrahams published an article co-authored by Dr. Stephen Bryen, Founder & CTO of FortressFone Technologies. Unlike many other articles which point a finger at China (with little to actually back this accusation with), Abrahams does call out Windows and sheds light on what OPM uses:

Second, the government is very slow to improve security on its computers and networks. Many of the computers the government is using are antique. For example OPM still has 12-year old Windows XT as an operating system for its computers. Microsoft no longer supports XT and any vulnerability that develops is the problem of the user, not of the supplier. But even if the old stuff was upgraded it won’t help much because the systems are really clumsy amalgams of disparate parts which as a “system,” have never been properly vetted for security.

So there we go. Windows. We’re hardly surprised to say the least. The author probably means NT or XP (14 years old, not 12, unlike Server 2003), but does it matter much? Any version of Windows, no matter how old, is not secure. It’s not even designed to be secure.

Related/contextual items from the news:

  1. US wronging of China for cyber breaches harm mutual trust

    Out of ulterior motives, some US media and politicians have developed a habit of scapegoating China for any alleged cyber attack on the United States. Such groundless accusations would surely harm mutual trust between the two big powers of today’s world.

  2. The Massive Hack on US Personnel Agency is Worse Than Everyone Thought

    Last week, the human resources arm of the US government, the Office of Personnel Management (OPM) admitted that it had been victim of a massive data breach, where hackers stole personal data belonging to as many as 4 million government workers.

  3. Feds Who Didn’t Even Discover The OPM Hack Themselves, Still Say We Should Give Them Cybersecurity Powers

    We already described how the recent hack into the US federal government’s Office of Personnel Management (OPM) appears to be much more serious than was initially reported. The hack, likely by Chinese state hackers, appear to have obtained basically detailed personal info on all current and many former federal government employees.

  4. China-linked hackers get data on CIA, NSA personnel with security-clearance: report

    China-linked hackers appear to have gained access to sensitive background information submitted by US intelligence and military personnel for security clearances that could potentially expose them to blackmail, the Associated Press reported on Friday.

    In a report citing several US officials, the news agency said that data on nearly all of the millions of US security-clearance holders, including the Central Intelligence Agency (CIA), National Security Agency (NSA) and military special operations personnel, were potentially exposed in the attack on the Office of Personnel Management (OPM).

  5. Second OPM Hack Revealed: Even Worse Than The First

    And yet… this is the same federal government telling us that it wants more access to everyone else’s data to “protect” us from “cybersecurity threats” — and that encryption is bad? Yikes.

  6. Dossiers on US spies, military snatched in ‘SECOND govt data leak’

    A second data breach at the US Office of Personnel Management has compromised even more sensitive information about government employees than the first breach that was revealed earlier this week, sources claim. It’s possible at least 14 million Americans have chapter and verse on their lives leaked, we’re told.

    The Associated Press reports that hackers with close ties to China are believed to have obtained extensive background information on intelligence-linked government staffers – from CIA agents and NSA spies to military special ops – who have applied for security clearances.

    Among the records believed to have leaked from a compromised database are copies of Standard Form 86 [PDF], a questionnaire that is given to anyone who applies for a national security position, and is typically verified via interviews and background checks.

  7. Officials: Second hack exposed military and intel data
  8. Senate Quickly Says ‘No Way’ To Mitch McConnell’s Cynical Ploy To Add Bogus Cybersecurity Bill To NDAA

    Earlier this week, we noted that Senator Mitch McConnell, hot off of his huge flop in trying to preserve the NSA’s surveillance powers, had promised to insert the dangerous “cybersecurity” bill CISA directly into the NDAA (National Defense Authorization Act). As we discussed, while many have long suspected that CISA (and CISPA before it) were surveillance bills draped in “cybersecurity” clothing, the recent Snowden revelations that the NSA is using Section 702 “upstream” collection for “cybersecurity” issues revealed how CISA would massively expand the NSA’s ability to warrantlessly wiretap Americans’ communications.

  9. “Don’t Hack Me! That’s a Bad Idea,” Says Eugene Kaspersky to APT Groups
  10. Russian Software Security Lab Hacked, Indirectly Links Attack To NSA
  11. Israel, NSA May Have Hacked Antivirus Firm Kaspersky Lab

    Moscow-based antivirus firm Kaspersky Lab, famous for uncovering state-sponsored cyberattacks, today dropped its biggest bombshell yet: Its own computer networks were hit by state-sponsored hackers, probably working for Israeli intelligence or the U.S. National Security Agency. The same malware also attacked hotels that hosted ongoing top-level negotiations to curb Iran’s nuclear program.

  12. Protocols of the Hackers of Zion?

    When Israeli Prime Minister Benjamin Netanyahu met with Google chairman Eric Schmidt on Tuesday afternoon, he boasted about Israel’s “robust hi-tech and cyber industries.” According to The Jerusalem Post, “Netanyahu also noted that ‘Israel was making great efforts to diversify the markets with which it is trading in the technological field.’”

    Just how diversified and developed Israeli hi-tech innovation has become was revealed the very next morning, when the Russian cyber-security firm Kaspersky Labs, which claims more than 400 million users internationally, announced that sophisticated spyware with the hallmarks of Israeli origin (although no country was explicitly identified) had targeted three European hotels that had been venues for negotiations over Iran’s nuclear program.

    Wednesday’s Wall Street Journal, one of the first news sources to break the story, reported that Kaspersky itself had been hacked by malware whose code was remarkably similar to that of a virus attributed to Israel. Code-named “Duqu” because it used the letters DQ in the names of the files it created, the malware had first been detected in 2011. On Thursday, Symantec, another cyber-security firm, announced it too had discovered Duqu 2 on its global network, striking undisclosed telecommunication sites in Europe, North Africa, Hong Kong, and Southeast Asia. It said that Duqu 2 is much more difficult to detect that its predecessor because it lives exclusively in the memory of the computers it infects, rather than writing files to a drive or disk.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. “Mention the War” (of Microsoft Against GNU/Linux)

    The GNU/Linux desktop (or laptops) seems to be languishing or deteriorating, making way for proprietary takeover in the form of Vista 10 and Chrome OS and “web apps” (surveillance); nobody seems too bothered — certainly not the Linux Foundation — by the fact that GNU/Linux itself is being relegated or demoted to a mere “app” on these surveillance platforms (WSL, Croûton and so on)



  2. The European Patent Office Does Not Care About the Law, Today's Management Constantly Attempts to Bypass the Law

    Many EPs (European Patents) are actually "IPs" (invalid patents); the EPO doesn't seem to care and it is again paying for corrupt scholars to toe the party line



  3. The US Supreme Court (SCOTUS) Once Again Pours Cold Water on Patent Maximalists

    Any hopes of a rebound or turnaround have just been shattered because a bizarre attack on the appeal process (misusing tribal immunity) fell on deaf ears and software patents definitely don't interest the highest court, which already deemed them invalid half a decade ago



  4. Links 17/4/2019: Qt 5.12.3 Released, Ola Bini Arrested (Political Stunts)

    Links for the day



  5. Links 16/4/2019: CentOS Turns 15, Qt Creator 4.9.0 Released

    Links for the day



  6. GNU/Linux is Being Eaten Alive by Large Corporations With Their Agenda

    A sort of corporate takeover, or moneyed interests at the expense of our freedom, can be seen as a 'soft coup' whose eventual outcome would involve all or most servers in 'the cloud' (surveillance with patent tax as part of the rental fees) and almost no laptops/desktops which aren't remotely controlled (and limit what's run on them, using something like UEFI 'secure boot')



  7. Reader's Claim That Rules Similar to the Code of Conduct (CoC) Were 'Imposed' on LibrePlanet and the FSF

    Restrictions on speech are said to have been spread and reached some of the most liberal circles, according to a credible veteran who opposes illiberal censorship



  8. Corporate Media Will Never Cover the EPO's Violations of the Law With Respect to Patent Scope

    The greed-driven gold rush for patents has resulted in a large pool of European Patents that have no legitimacy and are nowadays associated with low legal certainty; the media isn't interested in covering such a monumental disaster that poses a threat to the whole of Europe



  9. A Linux Foundation Run by People Who Reject Linux is Like a Children's Charity Whose Management Dislikes Children

    We remain concerned about the lack of commitment that the Linux Foundation has for Linux; much of the Linux Foundation's Board, for example, comes from hostile companies



  10. Links 15/4/2019: Linux 5.1 RC5 and SolydXK Reviewed

    Links for the day



  11. Links 14/4/2019: Blender 2.80 Release Plan and Ducktype 1.0

    Links for the day



  12. 'Poor' (Multi-Millionaire) Novell CEO, Who Colluded With Steve Ballmer Against GNU/Linux, is Trying to Censor Techrights

    Novell’s last CEO, a former IBMer who just like IBM decided to leverage software patents against the competition (threatening loads of companies using "platoons of patent lawyers"), has decided that siccing lawyers at us would be a good idea



  13. Guest Post: The Linux Foundation (LF) is “Putting the CON in Conference!” (Part 2)

    Calls for papers (CfP) and who gets to assess what's presented or what's not presented is a lesser-explored aspect, especially in this age when large corporate sponsors get to indirectly run entire 'community' events



  14. Patent Maximalists Are Enabling Injustices and Frauds

    It's time to come to grips with the simple fact that extreme patent lenience causes society to suffer and is mostly beneficial to bad actors; for the patent profession to maintain a level of credibility and legitimacy it must reject the deplorable, condemnable zealots



  15. Further Decreasing Focus on Software Patents in the United States as They Barely Exist in Valid Form Anymore

    No headway made after almost 4 months of Iancu-led stunts; software patents remain largely dead and buried, so we’re moving on to other topics



  16. Links 13/4/2019: Wine 4.6 and Emacs 26.2 Released

    Links for the day



  17. Links 12/4/2019: Mesa 19.0.2, Rust 1.34.0 and Flatpak 1.3.2 Released

    Links for the day



  18. Caricature: EPO Standing Tall

    A reader's response to the EPO's tall claims and fluff from yesterday



  19. The EPO is Slipping Out of Control Again and It's Another Battistelli-Like Mess With Disregard for the Rule of Law and Patent Scope

    The banker in chief is just 'printing' or 'minting' lots and lots of patents, even clearly bogus ones that lack substance to back their perceived value



  20. Global Finance Magazine Spreads Lies About the Unitary Patent and German Constitutional Court

    Alluding to the concept of a "unified European patent," some site connected to Class Editori S.p.A. and based in Manhattan/New York City tells obvious lies about the Unified Patent Court (UPC), possibly in an effort to sway outcomes and twist people's expectations



  21. New Building as Perfect Metaphor for the EPO Under the Frenchmen Battistelli and Campinos

    The EPO is in "propaganda mode" only 9 months after the latest French President took Office; the Office is seen as dishonest, even under the new leadership, which routinely lies to the public and to its own staff



  22. Links 11/4/2019: Twisted 19.2.0 Released, Assange Arrested

    Links for the day



  23. EPO Still Wasting Budget, Paying Media and Academics for Spin

    EPO money continues to flow like water into hands that are complicit in legitimising the EPO's management and policies; this highlights the grave dangers of lack of oversight at the EPO, not to mention lawlessness or lack of enforcement



  24. Links 10/4/2019: Microsoft's GDPR Trouble, New Fedora 29 Images

    Links for the day



  25. Linux Magazine is Run by Advertisers, Not GNU/Linux (and It's Hardly the Exception)

    Advertising is big money — so big in fact that publications no longer care what’s true but instead focus on what text brings them more income (from advertisers, of course)



  26. Guest Post: The Linux Foundation (LF) is “Putting the CON in Conference!” (Part 1)

    Proprietary software giants with their sponsorships and gifts are more like Trojan horses or parasites striving to infect the host; how can the LF be protected from them?



  27. EPO Benefits European Patent Trolls With Dodgy European Patents

    The EPO is a stepping stone for parasitic entities looking to leverage patents for exploitative extortion rackets all over Europe; if they get their way, companies that manufacture and sell things will pay a hefty tax to those who create nothing at all and are often not European, either



  28. The Myth of Quality of European Patents

    Mythology associated with superior quality of European Patents is an antiquated notion (it used to be true a long time ago) and this, along with other factors (such as disrespect for judges), is why the Unified Patent Court (UPC) is almost certainly doomed for good



  29. António Campinos is Already Paying a Lot of Money to Craft an Alternate Reality at the European Patent Office

    The difference between Battistelli and António Campinos is rapidly blurring; the communication style is largely the same and the lies too are consistent



  30. Links 9/4/2019: CRI-O/CNCF and Lutris 0.5.2 Released

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts