So, if you’ve paid attention, amid all the noise about Donald Trump and Rachel Dolezal, there was this little thing called the hack of the Office of Personnel Management. It was a hack allegedly by Chinese government operatives, and they have gotten just about everything you could imagine with regard to personal information on a huge chunk of American citizens, among others. It’s the type of data breach that should be covered wall-to-wall because of the sheer scope of the hack, but it’s not.
Worse yet, those who are reporting on it are finding out things are even worse than the apocalyptic nightmare scenarios we’ve been thinking. First, we were informed that there was no notable encryption to speak of at OPM, and there was very little security training… if any. Now? Turns out OPM had given root access (for the less technically inclined, that means access to everything from the ground up) to contractors in foreign nations like Argentina and China.
A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is ‘so what’s new?'”
Do you understand what this means? This means that contractors in China, a nation that is not the biggest fan of the U.S., had access to all of the databases OPM had. The blame is laid on Congress for budget cuts in the ArsTechnica piece (which is hilarious), and does in fact say that the problems with the management of OPM date back to at least the Bush years, but here’s the thing, and it’s something I said last time I posted on this: This is the enviroment cultivated by the Obama Administration. You know how I know this is an administrative culture issue? Look at this tweet, posted on the account of the OPM Director, on the same day the breach was announced by the government.
Actually, just in case it gets deleted, here you go (h/t to Noted National Treasure @iowahawk on Twitter):
On the day they announce a massive data breach (which means not necessarily the day they discovered it), this goes up. If your office is going to announce a massive security breach that could affect every single government employee (in the best case scenario), you might want to delete the scheduled tweets and just not focus on social causes while your office sorts out your bonus and extended vacation.
As I and others have said and will continue to say on Twitter, no one is going to be fired over this. People will be allowed to step down or resign, sure, but there will be no visible consequences for anyone who had a hand in any of this. Especially those who outsourced the work to hostile nations. Everything is just going to keep trucking along.
The VA is directly responsible for the deaths of Veterans, and OPM is directly responsible for the data breach of the personal files and lives of millions.
This is government, and the Democrats want more of it.
This post was heavily inspired by the mouth-frothing outrage tweeted by Jeff over at Ace of Spades, who you should be following on Twitter (There is no specific tweet in this link. The entire timeline is worth a read.). You may recognize Jeff as the guy that mysteriously appeared on the Bureau of Alcohol, Tobacco, and Friends (hosted by our own Leon Wolf) and never left.