是时候从美国政府的计算机中清除黑客了。在秘密监视黑客的在线运动数月之后,官员们担心他离关键信息太近了,并制定了一个被称为“大爆炸”的计划,以驱逐他。
麻烦的是,他们所有的注意力都集中在这种情况下,他们完全错过了其他黑客。
A new congressional report provides previously undisclosed details and a behind-the-scenes chronology of one of the worst-ever cyberattacks on the United States, laying out missed opportunities before the break-in at the Office of Personnel Management exposed security clearances, background checks and fingerprint records. That attack — widely blamed on China’s government — compromised personal information of more than 21 million current, former and prospective federal employees, led to the resignation of the OPM director and drew outrage over changing explanations about the hack’s seriousness.
众议院监督和政府改革委员会的报告使人事机构犯下了未能确保敏感数据的责备,尽管多年来警告说这很容易受到黑客的影响。它得出的结论是,如果OPM建立了基本,要求安全控制并从较早的闯入中认识到,去年揭示的黑客可能会被阻止,并从较早的闯入中认识到它实际上是在处理一个持久的,坚持不懈的敌人。
犹他州共和党人兼委员会主席众议员贾森·查菲茨(Jason Chaffetz)在接受采访时说:“我们实际上有数千万美国人的数据被邪恶的海外演员偷走了,但这是完全可以预防的。”
“With some basic hygiene, some good tools, an awareness and some talent, they really could have prevented this,” he added.
OPM代理总监贝丝·科伯特(Beth Cobert)在一份声明中说,该机构不同意该报告的大部分内容,“并不能完全反映该机构今天的位置”。她说,OPM黑客“为我们组织内部加速变化提供了催化剂,包括雇用新的网络安全专家并加强其安全性。
政府发现了2014年3月的第一次OPM黑客攻击,当时一个专业的国土安全部团队注意到可疑数据流在晚上10点之间留下其网络。和上午10点 - 在线搬运档案柜的在线卡车在深夜拖走了包含机密文件的档案柜。政府所谓的爱因斯坦入侵警告系统检测到了盗窃案。
“DHS called us and let us know, hey, we think this is bad,” Jeff Wagner, OPM’s director of information security operations, told officials investigating the hack, according to the hack.
For two months, the personnel office worked with the FBI, National Security Agency and others to monitor the hacker to better understand his movements. Officials developed a plan to expel the hacker over a three-day weekend in May 2014, dubbed “the Big Bang.” The effort included resetting administrative accounts, building new accounts for users who had been compromised and taking offline compromised systems.
“The risk of kicking them out too early had come and gone,” Wagner said, “and now the risk was becoming having them in too long, and we didn’t want to keep them around any longer than we had to.”
The problem was far from solved.
Unknown to the experts focused on expelling the hacker, a second intruder posing as an employee of a federal contractor had infiltrated the system weeks before “the Big Bang.” That hacker used a contractor’s credentials to log into the system, install malicious software and create a backdoor to the network, according to the report.
在接下来的几个月中,黑客偷走了敏感的安全清除背景调查文件,人员文件以及最终,指纹数据。
That breach was not detected until April 2015, when an OPM contract employee traced the flow of stolen material back to an Internet address that had been registered to Steve Rogers, the alter ego of Captain America, indicating a spoof account. By then, sensitive information on millions of American workers had already been compromised.
The report also faulted the personnel office for failing to quickly deploy security tools from an outside firm to detect malicious code and other threats. Once deployed, the tool from Cylance Inc. of Irvine, California, “lit up like a Christmas tree,” indicating it found malware throughout the federal computers, an engineer is quoted as saying in the report.
“Could they have done better? Absolutely,” said Cylance founder and chief executive Stuart McClure. “But once they had been definitively convinced there was a breach, they took it very seriously.”
它说,OPM官员误导了公众关于违规的范围,并且还说这两种违规行为无关,而是“他们似乎是联系并可能协调的”。
报告说:“两名攻击者共享了相同的目标,以类似的复杂方式进行了攻击,并以相似的时间打击。”
Though the U.S. suspects the hack was an act of Chinese espionage, the House inquiry did not go into great detail about who was responsible. It mentions that the data breaches discovered in April 2015 were likely perpetrated by the group “Deep Panda,” which has been linked to the Chinese military.
提交以下:Industry regulations
