The Office of Personnel Management knew that its computer security system could be exploited by outside act, but the issue still wasn't spotted in time. The OPM is expected to roll out two-step authentication to better protect its networks.
It was still too late - tens of thousands of files were already stolen before the inspector general's report last November. After a breach was detected last summer, cybercriminals were able to launch a broader attack that likely began in December. So far, more than 4 million people have been exposed by the breach, and it's likely that number will rise.
Cybercriminals tend to be very patient while browsing compromised networks, especially organized cyber hackers. It's possible the OPM hack was carried out by those responsible for breaching Anthem, as personal information is lucrative.
Cybersecurity issues are getting worse, President Barack Obama admitted recently, as the United States remains a lucrative target of foreign cybercriminals. Obama wants Congress to pass new cybersecurity legislation to help address mounting digital threats.
"We have known for a long time that there are significant vulnerabilities, and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector," Pres. Obama said during a Group of Seven summit.
It's a stark realization that the US government has been aware of cybersecurity issues, but favored the need on bulk surveillance activities. If nothing else, it looks like some private sector security firms and defense contractors will make a fortune helping the government upgrade.
The US government has confirmed that records of current and former federal employees are at risk, following news that the Office of Personnel Management (OPM) suffered a series of cyberattacks. Despite reportedly beginning in late 2014, it took until April before the intrusions were detected.
Here is some expert cybersecurity input regarding the breach:
There is a changing cybercriminal landscape that the United States has been relatively slow to adapt to:
"Cyber espionage by state-sponsored actors is in fact cybercrime," said Jason Polancich, founder and chief architect at SurfWatch Labs. "China and Russia signed a no-hack agreement last month likely, in part, because one is the produce (China) and the other is the marketer (Russia) of today's cybercrime, now a world-sized cottage industry."
Authorities believe that a breach in US government data was thanks to a "foreign entity" and the Federal Bureau of Investigation has launched a full inquiry into who exactly stole the data on approximately four million workers.
This hacking spree took place through the US's Office for Personnel Management (OPM) and began in April 2015, with The Department of Homeland Security concluding that this attack had finished by the beginning of May - announcing the data as compromised.
Despite the implementation of EINSTEIN, private information on four million employees was stolen directly from the human resource systems, affecting OPM IT systems as a whole.
Computex 2015 - Adding something a little different to the Computex 2015 trade show is the ASUS series of SmartHome devices, designed to keep yourself and your technology safe at home.
Also winning a BC award as per the ASUS ROG GR6 mini gaming PC, these products are coupled with the tagline "Smart, Simple, Secure" and are aimed at everyone from the general consumer to the complete computer mastermind.
Pictured is the black circle-like object named the ASUS Smart Home Gateway, this sets out to let you control your home through one simple app installed on a smartphone or tablet and can work with third-party products - meaning you aren't locked into ASUS branded components only.
The NSA and GCHQ continue to face significant backlash of their widespread surveillance activities, largely due to Edward Snowden's spying disclosures. However, the UK intelligence agency is defending itself by saying it couldn't spy on all its citizens in an unlawful manner, even if it actually wanted to.
"One of the things that has almost flippantly been said in our defense is that even if we wanted to do such things we don't have enough people to engage in such unlawful mass intrusion," said Ciaran Martin, director general of cybersecurity for the GCHQ, while speaking at the InfoSecurity conference.
The GCHQ has conducted mass collection of user data inside the UK, which was disclosed by Snowden a couple of years ago. Not surprisingly, there has been increased debate - both in the US and UK - regarding the effectiveness of these programs.
Independent researcher George Tankersley and CloudFlare security team member Filippo Valsorda again showed how Tor users are not as secure as they wish.
Speaking during the Hack in the Box conference in Amsterdam, the researchers said motivated users can subvert anonymous access to the service. Hackers can identify the original location of users by operating rogue HSDir (hidden service directory) nodes that are required - with two sets of three needed to connect to the hidden service - with four days of operation to be marked as a "trusted" HSDir node.
A malicious HSDir instead of an exit node can be used in the process, making it easy to attack hidden service users.
The United States and the rest of the "Five Eyes" group, which also includes the UK, Australia, Canada and New Zealand, aimed to infect apps available in the Google Play store with spyware.
Even though the US and UK are well known for spying on their own citizens, among foreign nationals, it looks like this spying campaign was designed to target non-US residents. The effort reportedly began in late 2011 with an effort to infect the Alibaba-owned UC Browser, which runs on Google Android, Apple iOS, Microsoft Windows Phone, Symbian, Java ME, and BlackBerry.
The idea that Five Eyes wanted to spy on users isn't overly surprising, but possible ramifications don't leave users at ease.
Apple co-founder Steve Wozniak described former NSA contractor Edward Snowden as "a hero," as he "gave up his own life... to help the rest of us." Wozniak previously met with Snowden in Moscow sometime in 2014, though it's unknown what the two men discussed.
"Total here to me; total hero," Wozniak recently said in an interview with ArabianBusiness. "Not necessarily [for] what he exposed, but the fact that he internally came form his own heart, his own belief in the United States Constitution, what democracy and freedom was about. And now a federal judge has said that NSA data collection was unconstitutional."
The Woz obviously is a great fan of technology, but has admitted early innovators "didn't realize that in the digital world there were a lot of ways to use the digital technology to control us." That interview was published by CNN in 2013, before Snowden unveiled a widespread NSA surveillance program.
The IRS recently suffered a data breach that left thousands of Americans at risk, and more attention is now focused on government mismanaged. Utilizing a $10.9 billion budget, either the agency is greatly mismanaged and/or the IRS just isn't ready to try to protect taxpayer information.
There seems to be a lot of problems with the IRS, and that has certainly trickled down to its cybersecurity protocols. The agency still uses Microsoft Windows XP - and while the IRS originally paid Microsoft for support - that support has ended. To make matters worse, some fraud identification software is almost 20 years old.
The IRS previously had 410 cybersecurity team personnel, but that has been slashed down to 363 workers. The idea that IRS personnel are unable to keep up with identity theft is a huge problem, especially as cybercriminals get cleverer.