China Targeting USG Employees Via Anthem Hack

The recent indictment of two Chinese nationals for the 2015 hack on Anthem that compromised more than 78 million health records, including 4 million U.S. government employees, moves the provenance of the intrusion from the theoretical to reality: Chin… Continue reading China Targeting USG Employees Via Anthem Hack

Lawmakers demand answers in wake of strange OPM identity fraud lawsuit

With mystery swirling around an identity theft case where prosecutors have claimed the perpetrators used personal information included in the Office of Personnel Management breach, two lawmakers are pushing the government for more information. A pair of letters sent this week by Sen. Mark Warner, D-Va., and Rep. Gerry Connolly, D-Va., to the heads of the Department of Justice and OPM issues a number of questions about the alleged identity fraud charges. The Virginia lawmakers are especially interested in learning how the defendants acquired the data. On June 18, the Eastern District of Virginia announced that a Maryland woman had pleaded guilty to identity theft charges. That press release initially said the data used in that crime was from the OPM breach. On June 21, the district issued a correction to their press release, stripping any mention of the breach. Virginia is home to the single largest population of federal […]

The post Lawmakers demand answers in wake of strange OPM identity fraud lawsuit appeared first on Cyberscoop.

Continue reading Lawmakers demand answers in wake of strange OPM identity fraud lawsuit

GAO dings DHS for failing to share info on cybersecurity workforce efforts

Among the many things the Department of Homeland Security is required to report on from time to time is its cybersecurity workforce challenges. Yet, according to the Government Accountability Office, it has failed to do so in a timely manner. GAO says DHS did not complete efforts to identify and assign codes to all its cybersecurity positions. In August 2017, DHS reported to Congress that it had coded 95 percent of the department’s cybersecurity positions but in fact, it was discovered that the department only coded 79 percent of the cybersecurity positions, the report states. GAO is not denying that DHS has taken some steps to identify the gaps but in a new the report, the office is calling out DHS for falling short on reporting these cybersecurity efforts regularly. These specialized codes help define roles and tasks for specific cybersecurity areas. The codes have not been fully assigned since September […]

The post GAO dings DHS for failing to share info on cybersecurity workforce efforts appeared first on Cyberscoop.

Continue reading GAO dings DHS for failing to share info on cybersecurity workforce efforts

More than two years after historic breach, OPM continues to struggle with cybersecurity

The Office of Personnel Management continues to struggle with cybersecurity more than two years after the agency first publicly acknowledged they were breached due to poor security practices, according to a newly released Office of the Inspector General report. The report, which focuses on the state of systems during fiscal year 2017, concludes that while OPM has “made improvements in its Security Assessment and Authorization (Authorization) program,” inspectors were nonetheless able to find a “significant deficiency in OPM’s information security management structure.” This translated to a poor overall cybersecurity score, as defined by the National Institute of Standards and Technology, of two out of five for OPM. The score from the OIG is supposed to define the “maturity” level of an organization in relation to the security of information systems. This lackluster rating is due in large part to inaction by the agency regarding prior security recommendations referenced in other audits. “OPM is not […]

The post More than two years after historic breach, OPM continues to struggle with cybersecurity appeared first on Cyberscoop.

Continue reading More than two years after historic breach, OPM continues to struggle with cybersecurity

Arrest of Chinese malware suspect highlights DOJ’s strategy against foreign hackers

The recent arrest of a Chinese national in connection with the development of high-profile malware serves to highlight the Justice Department’s modern and expansive efforts to prosecute foreign hackers in spite of extradition challenges, former U.S. officials told CyberScoop. “I see this indictment as part of trend by DOJ to indict foreign actors that are aligned with governments,” said Joe Whitley, a former senior Justice Department official. “The issuance of warrants of arrest on these individuals can have a huge impact on alleged criminals who may find international travel and money transfers no longer available. Plus, there is a certain stigma that accompanies indictment.” The Justice Department last week publicly released a criminal complaint alleging that Yu Pingan of Shanghai was involved in the creation and distribution of malware used to hack into multiple U.S. companies. The unique malware is known as “Sakula.” CNN reported that this same code was used […]

The post Arrest of Chinese malware suspect highlights DOJ’s strategy against foreign hackers appeared first on Cyberscoop.

Continue reading Arrest of Chinese malware suspect highlights DOJ’s strategy against foreign hackers

After 2015 breach, OPM overpaid for identify theft protections, report finds

The Office of Personnel Management appears to be overpaying for an identity theft insurance program it rolled out to protect more than 20 million current and former U.S. government employees whose personal information was exposed in the agency’s massive 2015 data breach, a government watchdog said. A newly released report by the Government Accountability Office notes that OPM is providing coverage at a level that is “likely unnecessary” because “claims paid rarely exceed a few thousand dollars.” Exasperating costs further is also the fact that the government know how many affected individuals might have signed up for two different government identify theft monitoring programs that essentially offer the same thing. Shortly after the breach was first publicly acknowledged, OPM contracted two firms, Winvale Group and ID Experts, to protect government employees that had their personal information exposed in the personnel records breach and separate breach of background investigation data. “OPM has estimated […]

The post After 2015 breach, OPM overpaid for identify theft protections, report finds appeared first on Cyberscoop.

Continue reading After 2015 breach, OPM overpaid for identify theft protections, report finds