Dan on Security
Register | Login
How OPM hackers tapped the mother lode of espionage data

Update on the OPM hack, 14 million people affected by the breach - details from nearly everyone who works for the US government are in the hands of the Chinese government now. Worse is the absolute lack of security controls in their core systems:

- Of the 47 major IT systems at OPM, 22 of them are currently run by contractors.
- While OPM instituted security monitoring of some systems, those tools covered only 80 percent of OPM's systems and did not include contractor-operated systems.
- Seven major systems out of 25 had inadequate documentation of security testing, three out of the 22 contractor-operated systems had not been tested in the last year; the remainder had only been tested once a year.
- None of the agency's 47 major applications required two-factor authentication.

Tags: china espionage hack
More from: arstechnica.com

show/hide source |


No comments found :-( To post a comment, please log in