EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

06.14.15

Office of Personnel Management (OPM) and Microsoft Windows

Posted in Microsoft, Windows at 6:07 pm by Dr. Roy Schestowitz

Server

Summary: A look at lesser-explored aspects of the so-called OPN hack [sic], especially the systems involved

IN AN EFFORT to understand what repeatedly happened in the undoubtedly significant Office of Personnel Management (OPM) data breach/es [2-8], leaving aside the lack of concrete evidence of Chinese role [1], we tried to understand which platform was to blame. In the case of Sony it was reportedly a Microsoft Windows machine acting as the culprit or attack vector, just like Stuxnet in Iran with similar attempts against North Korea (there are still more articles about it).

“Hundreds of millions of credit card numbers got snatched from Windows.”NSA leaks were due to Microsoft SharePoint (Snowden gained access to the so-called ‘crown jewels’). As we last noted in an article about words from Kaspersky (still in headlines for it [9-12]), Windows is inherently not secure. Commercial targets of data breached that we wrote about before serve to show this. We gave readers a lot of examples over the years. Hundreds of millions of credit card numbers got snatched from Windows. the cost was enormous, but the role of Windows wasn’t ever emphasised in the corporate press.

Rebecca Abrahams published an article co-authored by Dr. Stephen Bryen, Founder & CTO of FortressFone Technologies. Unlike many other articles which point a finger at China (with little to actually back this accusation with), Abrahams does call out Windows and sheds light on what OPM uses:

Second, the government is very slow to improve security on its computers and networks. Many of the computers the government is using are antique. For example OPM still has 12-year old Windows XT as an operating system for its computers. Microsoft no longer supports XT and any vulnerability that develops is the problem of the user, not of the supplier. But even if the old stuff was upgraded it won’t help much because the systems are really clumsy amalgams of disparate parts which as a “system,” have never been properly vetted for security.

So there we go. Windows. We’re hardly surprised to say the least. The author probably means NT or XP (14 years old, not 12, unlike Server 2003), but does it matter much? Any version of Windows, no matter how old, is not secure. It’s not even designed to be secure.

Related/contextual items from the news:

  1. US wronging of China for cyber breaches harm mutual trust

    Out of ulterior motives, some US media and politicians have developed a habit of scapegoating China for any alleged cyber attack on the United States. Such groundless accusations would surely harm mutual trust between the two big powers of today’s world.

  2. The Massive Hack on US Personnel Agency is Worse Than Everyone Thought

    Last week, the human resources arm of the US government, the Office of Personnel Management (OPM) admitted that it had been victim of a massive data breach, where hackers stole personal data belonging to as many as 4 million government workers.

  3. Feds Who Didn’t Even Discover The OPM Hack Themselves, Still Say We Should Give Them Cybersecurity Powers

    We already described how the recent hack into the US federal government’s Office of Personnel Management (OPM) appears to be much more serious than was initially reported. The hack, likely by Chinese state hackers, appear to have obtained basically detailed personal info on all current and many former federal government employees.

  4. China-linked hackers get data on CIA, NSA personnel with security-clearance: report

    China-linked hackers appear to have gained access to sensitive background information submitted by US intelligence and military personnel for security clearances that could potentially expose them to blackmail, the Associated Press reported on Friday.

    In a report citing several US officials, the news agency said that data on nearly all of the millions of US security-clearance holders, including the Central Intelligence Agency (CIA), National Security Agency (NSA) and military special operations personnel, were potentially exposed in the attack on the Office of Personnel Management (OPM).

  5. Second OPM Hack Revealed: Even Worse Than The First

    And yet… this is the same federal government telling us that it wants more access to everyone else’s data to “protect” us from “cybersecurity threats” — and that encryption is bad? Yikes.

  6. Dossiers on US spies, military snatched in ‘SECOND govt data leak’

    A second data breach at the US Office of Personnel Management has compromised even more sensitive information about government employees than the first breach that was revealed earlier this week, sources claim. It’s possible at least 14 million Americans have chapter and verse on their lives leaked, we’re told.

    The Associated Press reports that hackers with close ties to China are believed to have obtained extensive background information on intelligence-linked government staffers – from CIA agents and NSA spies to military special ops – who have applied for security clearances.

    Among the records believed to have leaked from a compromised database are copies of Standard Form 86 [PDF], a questionnaire that is given to anyone who applies for a national security position, and is typically verified via interviews and background checks.

  7. Officials: Second hack exposed military and intel data
  8. Senate Quickly Says ‘No Way’ To Mitch McConnell’s Cynical Ploy To Add Bogus Cybersecurity Bill To NDAA

    Earlier this week, we noted that Senator Mitch McConnell, hot off of his huge flop in trying to preserve the NSA’s surveillance powers, had promised to insert the dangerous “cybersecurity” bill CISA directly into the NDAA (National Defense Authorization Act). As we discussed, while many have long suspected that CISA (and CISPA before it) were surveillance bills draped in “cybersecurity” clothing, the recent Snowden revelations that the NSA is using Section 702 “upstream” collection for “cybersecurity” issues revealed how CISA would massively expand the NSA’s ability to warrantlessly wiretap Americans’ communications.

  9. “Don’t Hack Me! That’s a Bad Idea,” Says Eugene Kaspersky to APT Groups
  10. Russian Software Security Lab Hacked, Indirectly Links Attack To NSA
  11. Israel, NSA May Have Hacked Antivirus Firm Kaspersky Lab

    Moscow-based antivirus firm Kaspersky Lab, famous for uncovering state-sponsored cyberattacks, today dropped its biggest bombshell yet: Its own computer networks were hit by state-sponsored hackers, probably working for Israeli intelligence or the U.S. National Security Agency. The same malware also attacked hotels that hosted ongoing top-level negotiations to curb Iran’s nuclear program.

  12. Protocols of the Hackers of Zion?

    When Israeli Prime Minister Benjamin Netanyahu met with Google chairman Eric Schmidt on Tuesday afternoon, he boasted about Israel’s “robust hi-tech and cyber industries.” According to The Jerusalem Post, “Netanyahu also noted that ‘Israel was making great efforts to diversify the markets with which it is trading in the technological field.’”

    Just how diversified and developed Israeli hi-tech innovation has become was revealed the very next morning, when the Russian cyber-security firm Kaspersky Labs, which claims more than 400 million users internationally, announced that sophisticated spyware with the hallmarks of Israeli origin (although no country was explicitly identified) had targeted three European hotels that had been venues for negotiations over Iran’s nuclear program.

    Wednesday’s Wall Street Journal, one of the first news sources to break the story, reported that Kaspersky itself had been hacked by malware whose code was remarkably similar to that of a virus attributed to Israel. Code-named “Duqu” because it used the letters DQ in the names of the files it created, the malware had first been detected in 2011. On Thursday, Symantec, another cyber-security firm, announced it too had discovered Duqu 2 on its global network, striking undisclosed telecommunication sites in Europe, North Africa, Hong Kong, and Southeast Asia. It said that Duqu 2 is much more difficult to detect that its predecessor because it lives exclusively in the memory of the computers it infects, rather than writing files to a drive or disk.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 2/1/2017: Neptune 4.5.3 Release, Netrunner Desktop 17.01 Released

    Links for the day

  2. Teaser: Corruption Indictments Brought Against Vice-President of the European Patent Office (EPO)

    New trouble for Željko Topić in Strasbourg, making it yet another EPO Vice-President who is on shaky grounds and paving the way to managerial collapse/avalanche at the EPO

  3. 365 Days Later, German Justice Minister Heiko Maas Remains Silent and Thus Complicit in EPO Abuses on German Soil

    The utter lack of participation, involvement or even intervention by German authorities serve to confirm that the government of Germany is very much complicit in the EPO's abuses, by refusing to do anything to stop them

  4. Battistelli's Idea of 'Independent' 'External' 'Social' 'Study' is Something to BUY From Notorious Firm PwC

    The sham which is the so-called 'social' 'study' as explained by the Central Staff Committee last year, well before the results came out

  5. Europe Should Listen to SMEs Regarding the UPC, as Battistelli, Team UPC and the Select Committee Lie About It

    Another example of UPC promotion from within the EPO (a committee dedicated to UPC promotion), in spite of everything we know about opposition to the UPC from small businesses (not the imaginary ones which Team UPC claims to speak 'on behalf' of)

  6. Video: French State Secretary for Digital Economy Speaks Out Against Benoît Battistelli at Battistelli's PR Event

    Uploaded by SUEPO earlier today was the above video, which shows how last year's party (actually 2015) was spoiled for Battistelli by the French State Secretary for Digital Economy, Axelle Lemaire, echoing the French government's concern about union busting etc. at the EPO (only to be rudely censored by Battistelli's 'media partner')

  7. When EPO Vice-President, Who Will Resign Soon, Made a Mockery of the EPO

    Leaked letter from Willy Minnoye/management to the people who are supposed to oversee EPO management

  8. No Separation of Powers or Justice at the EPO: Reign of Terror by Battistelli Explained in Letter to the Administrative Council

    In violation of international labour laws, Team Battistelli marches on and engages in a union-busting race against the clock, relying on immunity to keep this gravy train rolling before an inevitable crash

  9. FFPE-EPO is a Zombie (if Not Dead) Yellow Union Whose Only de Facto Purpose Has Been Attacking the EPO's Staff Union

    A new year's reminder that the EPO has only one legitimate union, the Staff Union of the EPO (SUEPO), whereas FFPE-EPO serves virtually no purpose other than to attack SUEPO, more so after signing a deal with the devil (Battistelli)

  10. EPO Select Committee is Wrong About the Unitary Patent (UPC)

    The UPC is neither desirable nor practical, especially now that the EPO lowers patent quality; but does the Select Committee understand that?

  11. Links 1/1/2017: KDE Plasma 5.9 Coming, PelicanHPC 4.1

    Links for the day

  12. 2016: The Year EPO Staff Went on Strike, Possibly “Biggest Ever Strike in the History of the EPO.”

    A look back at a key event inside the EPO, which marked somewhat of a breaking point for Team Battistelli

  13. Open EPO Letter Bemoans Battistelli's Antisocial Autocracy Disguised/Camouflaged Under the Misleading Term “Social Democracy”

    Orwellian misuse of terms by the EPO, which keeps using the term "social democracy" whilst actually pushing further and further towards a totalitarian regime led by 'King' Battistelli

  14. EPO's Central Staff Committee Complains About Battistelli's Bodyguards Fetish and Corruption of the Media

    Even the EPO's Central Staff Committee (not SUEPO) understands that Battistelli brings waste and disgrace to the Office

  15. Translation of French Texts About Battistelli and His Awful Perception of Omnipotence

    The paradigm of totalitarian control, inability to admit mistakes and tendency to lie all the time is backfiring on the EPO rather than making it stronger

  16. 2016 in Review and Plans for 2017

    A look back and a quick look at the road ahead, as 2016 comes to an end

  17. Links 31/12/2016: Firefox 52 Improves Privacy, Tizen Comes to Middle East

    Links for the day

  18. Korea's Challenge of Abusive Patents, China's Race to the Bottom, and the United States' Gradual Improvement

    An outline of recent stories about patents, where patent quality is key, reflecting upon the population's interests rather than the interests of few very powerful corporations

  19. German Justice Minister Heiko Maas, Who Flagrantly Ignores Serious EPO Abuses, Helps Battistelli's Agenda ('Reform') With the UPC

    The role played by Heiko Maas in the UPC, which would harm businesses and people all across Europe, is becoming clearer and hence his motivation/desire to keep Team Battistelli in tact, in spite of endless abuses on German soil

  20. Links 30/12/2016: KDE for FreeBSD, Automotive Grade Linux UCB 3.0

    Links for the day

  21. Software Patents Continue to Collapse, But IBM, Watchtroll and David Kappos Continue to Deny and Antagonise It

    The latest facts and figures about software patents, compared to the spinmeisters' creed which they profit from (because they are in the litigation business)

  22. 2016 Was a Terrible Year for Patent Trolls and 2017 Will Probably be a Lot Worse for Them

    The US Supreme Court (SCOTUS) is planning to weigh in on a case which will quite likely drive patent trolls out of the Eastern District of Texas, where all the courts that are notoriously friendly towards them reside

  23. Fitbit’s Decision to Drop Patent Case Against Jawbone Shows Decreased Potency of Abstract Patents, Not Jawbone’s Weakness

    The scope of patents in the United States is rapidly tightening (meaning, fewer patents are deemed acceptable by the courts) and Fitbit’s patent case is the latest case to bite the dust

  24. The EPO Under Benoît Battistelli Makes the Mafia Look Like Rookies

    Pretending there is a violent, physical threat that is imminent, Paranoid in Chief Benoît Battistelli is alleged to have pursued weapons on EPO premises

  25. Links 29/12/2016: OpenELEC 7.0, Android Wear 2.0 Smartwatches Coming

    Links for the day

  26. Links 28/12/2016: OpenVPN 2.4, SeaMonkey 2.46

    Links for the day

  27. Bad Service at the European Patent Office (EPO) Escalated in the Form of Complaints to European Authorities/Politicians

    A look at actions taken at a political level against the EPO in spite of the EPO's truly awkward exemption from lawfulness or even minimal accountability

  28. No “New Life to Software Patents” in the US; That's Just Fiction Perpetuated by the Patent Microcosm

    Selective emphasis on very few cases and neglect of various other dimensions help create a parallel reality (or so-called 'fake news') where software patents are on the rebound

  29. Links 27/12/2016: Chakra GNU/Linux Updated, Preview of Fedora 26

    Links for the day

  30. Leaked: Letter to Quality Support (DQS) at the European Patent Office (EPO)

    Example of abysmal service at the EPO, where high staff turnover and unreasonable pressure from above may be leading to communication issues that harm stakeholders the most

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts