Bonum Certa Men Certa

Office of Personnel Management (OPM) and Microsoft Windows

Server



Summary: A look at lesser-explored aspects of the so-called OPN hack [sic], especially the systems involved

IN AN EFFORT to understand what repeatedly happened in the undoubtedly significant Office of Personnel Management (OPM) data breach/es [2-8], leaving aside the lack of concrete evidence of Chinese role [1], we tried to understand which platform was to blame. In the case of Sony it was reportedly a Microsoft Windows machine acting as the culprit or attack vector, just like Stuxnet in Iran with similar attempts against North Korea (there are still more articles about it).



"Hundreds of millions of credit card numbers got snatched from Windows."NSA leaks were due to Microsoft SharePoint (Snowden gained access to the so-called 'crown jewels'). As we last noted in an article about words from Kaspersky (still in headlines for it [9-12]), Windows is inherently not secure. Commercial targets of data breached that we wrote about before serve to show this. We gave readers a lot of examples over the years. Hundreds of millions of credit card numbers got snatched from Windows. the cost was enormous, but the role of Windows wasn't ever emphasised in the corporate press.

Rebecca Abrahams published an article co-authored by Dr. Stephen Bryen, Founder & CTO of FortressFone Technologies. Unlike many other articles which point a finger at China (with little to actually back this accusation with), Abrahams does call out Windows and sheds light on what OPM uses:

Second, the government is very slow to improve security on its computers and networks. Many of the computers the government is using are antique. For example OPM still has 12-year old Windows XT as an operating system for its computers. Microsoft no longer supports XT and any vulnerability that develops is the problem of the user, not of the supplier. But even if the old stuff was upgraded it won't help much because the systems are really clumsy amalgams of disparate parts which as a "system," have never been properly vetted for security.


So there we go. Windows. We're hardly surprised to say the least. The author probably means NT or XP (14 years old, not 12, unlike Server 2003), but does it matter much? Any version of Windows, no matter how old, is not secure. It's not even designed to be secure.

Related/contextual items from the news:


  1. US wronging of China for cyber breaches harm mutual trust
    Out of ulterior motives, some US media and politicians have developed a habit of scapegoating China for any alleged cyber attack on the United States. Such groundless accusations would surely harm mutual trust between the two big powers of today’s world.


  2. The Massive Hack on US Personnel Agency is Worse Than Everyone Thought
    Last week, the human resources arm of the US government, the Office of Personnel Management (OPM) admitted that it had been victim of a massive data breach, where hackers stole personal data belonging to as many as 4 million government workers.


  3. Feds Who Didn't Even Discover The OPM Hack Themselves, Still Say We Should Give Them Cybersecurity Powers
    We already described how the recent hack into the US federal government's Office of Personnel Management (OPM) appears to be much more serious than was initially reported. The hack, likely by Chinese state hackers, appear to have obtained basically detailed personal info on all current and many former federal government employees.


  4. China-linked hackers get data on CIA, NSA personnel with security-clearance: report
    China-linked hackers appear to have gained access to sensitive background information submitted by US intelligence and military personnel for security clearances that could potentially expose them to blackmail, the Associated Press reported on Friday.

    In a report citing several US officials, the news agency said that data on nearly all of the millions of US security-clearance holders, including the Central Intelligence Agency (CIA), National Security Agency (NSA) and military special operations personnel, were potentially exposed in the attack on the Office of Personnel Management (OPM).


  5. Second OPM Hack Revealed: Even Worse Than The First
    And yet... this is the same federal government telling us that it wants more access to everyone else's data to "protect" us from "cybersecurity threats" -- and that encryption is bad? Yikes.


  6. Dossiers on US spies, military snatched in 'SECOND govt data leak'


    A second data breach at the US Office of Personnel Management has compromised even more sensitive information about government employees than the first breach that was revealed earlier this week, sources claim. It's possible at least 14 million Americans have chapter and verse on their lives leaked, we're told.

    The Associated Press reports that hackers with close ties to China are believed to have obtained extensive background information on intelligence-linked government staffers – from CIA agents and NSA spies to military special ops – who have applied for security clearances.

    Among the records believed to have leaked from a compromised database are copies of Standard Form 86 [PDF], a questionnaire that is given to anyone who applies for a national security position, and is typically verified via interviews and background checks.
  7. Officials: Second hack exposed military and intel data
  8. Senate Quickly Says 'No Way' To Mitch McConnell's Cynical Ploy To Add Bogus Cybersecurity Bill To NDAA
    Earlier this week, we noted that Senator Mitch McConnell, hot off of his huge flop in trying to preserve the NSA's surveillance powers, had promised to insert the dangerous "cybersecurity" bill CISA directly into the NDAA (National Defense Authorization Act). As we discussed, while many have long suspected that CISA (and CISPA before it) were surveillance bills draped in "cybersecurity" clothing, the recent Snowden revelations that the NSA is using Section 702 "upstream" collection for "cybersecurity" issues revealed how CISA would massively expand the NSA's ability to warrantlessly wiretap Americans' communications.


  9. “Don’t Hack Me! That’s a Bad Idea,” Says Eugene Kaspersky to APT Groups


  10. Russian Software Security Lab Hacked, Indirectly Links Attack To NSA
  11. Israel, NSA May Have Hacked Antivirus Firm Kaspersky Lab
    Moscow-based antivirus firm Kaspersky Lab, famous for uncovering state-sponsored cyberattacks, today dropped its biggest bombshell yet: Its own computer networks were hit by state-sponsored hackers, probably working for Israeli intelligence or the U.S. National Security Agency. The same malware also attacked hotels that hosted ongoing top-level negotiations to curb Iran's nuclear program.


  12. Protocols of the Hackers of Zion?
    When Israeli Prime Minister Benjamin Netanyahu met with Google chairman Eric Schmidt on Tuesday afternoon, he boasted about Israel’s “robust hi-tech and cyber industries.” According to The Jerusalem Post, “Netanyahu also noted that ‘Israel was making great efforts to diversify the markets with which it is trading in the technological field.'”

    Just how diversified and developed Israeli hi-tech innovation has become was revealed the very next morning, when the Russian cyber-security firm Kaspersky Labs, which claims more than 400 million users internationally, announced that sophisticated spyware with the hallmarks of Israeli origin (although no country was explicitly identified) had targeted three European hotels that had been venues for negotiations over Iran’s nuclear program.

    Wednesday’s Wall Street Journal, one of the first news sources to break the story, reported that Kaspersky itself had been hacked by malware whose code was remarkably similar to that of a virus attributed to Israel. Code-named “Duqu” because it used the letters DQ in the names of the files it created, the malware had first been detected in 2011. On Thursday, Symantec, another cyber-security firm, announced it too had discovered Duqu 2 on its global network, striking undisclosed telecommunication sites in Europe, North Africa, Hong Kong, and Southeast Asia. It said that Duqu 2 is much more difficult to detect that its predecessor because it lives exclusively in the memory of the computers it infects, rather than writing files to a drive or disk.


Recent Techrights' Posts

UEFI 9/11 Aftermath - Part III: Mr. 'Secure Boot' (Shim) and His Fake 'Holiday' (Sending My Wife and I Threatening E-mails on 9/11)
despite being on holiday, according to him, he finds time to instruct lawyers to contact my wife
Ron Wyden: Microsoft Should be Held Accountable for Security Breaches (He Has Said This for Years Already, It Never Happens)
Negative media coverage isn't a fine and it does nothing to compensate Microsoft's billions of victims
Disable 'Secure Boot' (If It Lets You)
it doesn't put you in control
Longtime Red Hat Staff: Maybe Just Disable 'Secure Boot'
A refreshing take from Adam Williamson
A Dozen Observations About "UEFI 9/11" Deflections
What we are expected to see, tentatively
The World's Richest Ponzi Scheme (Faking Value Using Net Waste)
The higher they go the harder they fall
We Could Dual-Boot Back in the 1990s, Why Has This Become So Difficult?
And prone to breakage
Slopwatch: Google News is Still Promoting Many Fake Articles About "Linux", in Effect Rewarding Misinformation and Plagiarism
things continue to deteriorate
 
Links 11/09/2025: Windows TCO and Russian Drones Invading Poland (EU/NATO)
Links for the day
Gemini Links 11/09/2025: xkcd, misfin, and Alhena 5.3.2
Links for the day
Repetition of Last Summer (Microsoft Breaking Dual-Boot Systems)
UEFI 9/11 is about to kick in
UEFI 'Secure Boot' Boiling Frogs (Cannot Turn Off 'Secure Boot')
"MSI laptop is locked on Secure Boot and doesn't allow me to turn it off"
UEFI 9/11 Aftermath - Part IV: The 'Hulk Hogan of UEFI' and His 'Hideout' Holiday (Retreat From Reality)
Let's keep an eye on what matters
UEFI 9/11 Aftermath - Part II: "The SecureBoot Thing Got Out of Hand."
The next few weeks might be... interesting
UEFI 9/11 Aftermath - Part I: "I Believe This Affects Thousands of Devices... Because Multiple Devices I Checked, Whether Client or Server [...] Affected."
Most people aren't even aware that this is happening or about to happen
The UEFI 9/11 - Part X - An Outline of the Series About Microsoft Sabotaging GNU/Linux (With Ramifications to Unfold Online in Coming Weeks as People Reboot)
Today is UEFI 9/11 (9/11/2025)
Culture of silence: Ubisoft harassment convictions, Mozilla, Sylvestre Ledru & Debian make no comment
Reprinted with permission from Daniel Pocock
Links 11/09/2025: "Hey Hi" Ponzi Schemes at Oracle (Unpaid Contracts) and Cindy Cohn is Leaving the EFF
Links for the day
Gemini Links 11/09/2025: Playdate Console, Dichotomy between the Real and the Digital
Links for the day
The Microsoft AstroTurfing and Microsoft-Led Blame-Shifting Tactics Are Ahead of Us
Of course it has nothing to do with security, it's about control, i.e. them controlling everything
Celebrating Assassination is Bad Because It Legitimises Assassination of the People You Like, Too
Condoning or even celebrating political assassinations is bad optics (and taste)
Being Conditioned to Accept Unreliable Computer Systems That Fail With Black Screen of Death (BSoD)
Welcome to 2025
New Series: The Coup Against GNU/Linux Has Begun
today, this year in particular, we shall also focus on Secure Boot, which is sold based on a lie and tortures many computer user
New Paper on "BYOVD, but in firmware. Signed UEFI shells, vulnerable modules offer new paths for Secure Boot bypasses."
One might say digital "security theatre"
Links 11/09/2025: Oracle Layoffs, Drunk Pilots in Japan Airlines, US-Korea Tensions Grow
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 10, 2025
IRC logs for Wednesday, September 10, 2025
Xubuntu Site Compromised
Let's hope it is not a security breach
Links 10/09/2025: Retaliation at Facebook and Microsoft Reveals Almost 100 Security Holes
Links for the day
Gemini Links 10/09/2025: Annihilation of Self, The Future Eaters, and Leaving Academia
Links for the day
They Say That People Are Afraid of or Worried About "Hey Hi", But the Worriers Should be the Fools Who Invested in It
At the end of the day nobody should worry more than those who invested their money in this bubble
Harassment evidence: franceinfo's Clara Lainé report on Ubisoft prosecution
Reprinted with permission from Daniel Pocock
Links 10/09/2025: Microsoft Layoffs in "RTO" Clothing and Windows TCO, GitHub TCO
Links for the day
Blaming Everything on China
TikTok works for China. GAFAM works for fascists.
People Get Tired of "Hey Hi" (AI), Unlike the Subservient Money-Obsessed Media That Gets Paid to Pretend This Bubble Still Matters
"crash will be way bigger than dot.com burst in 90s. and that was Internet, actually transformative technology, not this expensive AI toy with direct dependency on the energy input which is not scalable"
Brett Wilson LLP Accepts That the Serial Strangler From Microsoft Filed a Case That Also Implicates My Wife (Everything is Connected)
They used to pretend that there were two separate cases
10 Reasons to Disable (or Enable) UEFI Secure Boot
Tomorrow the "trusted corporation" Microsoft will see a certificate expire
Gemini Links 10/09/2025: Hospital and Large Feeds
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 09, 2025
IRC logs for Tuesday, September 09, 2025
The Bluewashing of Red Hat is Being Completed, Many Staff Understand They'll be Made Redundant
Jim AllowHurst (Whitehurst) is meanwhile promoting Microsoft's agenda from within other companies
Throwing Away "Old" Computers (Mozilla and Other Climate Deniers)
Mozilla is not leftist
statCounter Sees GNU/Linux Exceeding 10% in Bulgaria This Month
What can Microsoft still do to stop GNU/Linux?
Dark Patterns
Microsoft saying "security" is like a Convicted Felon in the White House saying "law and order".
It's Almost Fall (Autumn)
To "Facebook prison" you are bound
Bruce Schneier About "Secure Boot"
Bruce Schneier isn't a fan of "Secure Boot"
Links 09/09/2025: Microsoft Mass Layoffs Again and "RTO" (Timed Like It Serves as a Distraction From the Mass Layoffs)
Links for the day
RMS Told Microsoft to Stop 'Secure Boot' (He Even Went There to Say That), But They Didn't Listen
Dr. Stallman (RMS) assumed that speaking to sociopaths would work
What Richard Stallman Told Me About 'Secure' Boot in 2012
"if the user doesn't control the keys, then it's a kind of shackle"
Those Who Helped Microsoft Weaponise "Secure Boot" Against GNU/Linux and BSDs Are Fleeing
Microsofters doing what they do best: they evade accountability
Simple is Better, Simplicity is Power
That is "the advantage of having commodity GNU/Linux systems," an associate notes
Much Ado About Nonsense
Microsoft Lunduke is still all dramatisation and sensationalism
Current Events in France
It needs to dump Microsoft and other GAFAM (US) giants, move to Free software
Further Media Cut-downs
media reporting about the media being cut
Links 09/09/2025: US-Korea Tensions and Meta Whistleblowers
Links for the day
Gemini Links 09/09/2025: Moon Eclipse and ROOPHLOCH Reports
Links for the day
Links 09/09/2025: “Torrents of Hate” and Political Crisis in France
Links for the day
Gemini Links 09/09/2025: "Dedigitizing" and Forgejo on FreeBSD
Links for the day
Google News (Not Just Google Search) Lets Itself by Gamed by One Slopfarm - to the Point Almost Half of "Linux" News is Bot-Produced Plagiarism (LLM Slop With Slop Images)
That says a lot about what Google thinks of quality, even in Google News
Bill Gates-Funded Media Inadvertently Refutes the Microsoft Lie That in 2025 Microsoft Had Just Two Waves of Layoffs
There were about 12 rounds of layoffs so far in 2025
Official SUSE Blog Still Uses LLM Slop (Bots) to Make Fake Articles (Marketing)
The company is all about sound bites
Companies Realise That Slop Doesn't Work as Advertised, Accordingly Dump It
"Hype dims as a country-wide survey of US corporations shows a sudden drop-off in AI use among firms with more than 250 employees."
Microsoft-Funded Lawsuits Against Critics of UEFI 'Secure Boot'
Remember that no company (or law firm) ever survives collaborations with Microsoft
From theregister.co.uk to theregister.com (US) to The Register MS (Run by Microsoft Operatives) and theregister.ai
The best way to break this racket (or cycle of hype and harm) is to break the chains of funding
Open Source Initiative (OSI) Culture of Censorship Necessitates More Speech
The OSI bans dissent or people who merely point out that the OSI is abusive
How to Reach Us Discreetly (Other Than Encrypted E-mail)
We're still managing to maintain a 100% source protection record. We soon turn 19.
LLMs Are Vastly Worse Than a Waste of Energy and the Externalities Are Huge
Worse than just higher power bills for everybody
LLMs Versus Search (Not Replacing Search But Engaging in DDoS Attacks Against Web Sites That Permit Searching)
The state of the Web isn't just bad; it's utterly terrible
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, September 08, 2025
IRC logs for Monday, September 08, 2025
It's Only the Second Week of September and Already Two Waves of Layoffs at Microsoft, Slopfarms and Microsoft-Funded Sites Spin It as "AI Investments" Rather Than Commercial Failure
A very large third one expected next week
The UEFI 9/11 - Part IX - Shunning Old Computers (in 2023 the Certificate Was Updated/Overridden, Underlying Aim May Be Herding/Forcing People to Get TPM and Other 'Novel' Restrictions)
the "upgrade treadmill"