Liberal Free Chat Zone

[mr40]

THIS Incredible Government Incompetence Explains How We Got Hacked By China

If I were to ask you what is the stupidest way to protect a database from Chinese hackers, I bet one of those ways just might be to outsource our tech management of that database to a company that has workers… in China. Oh and then give them absolute access to the whole damn thing.

From Ars Technica:

Some of the contractors that have helped OPM [Office of Personnel Management] with managing internal data have had security issues of their own—including potentially giving foreign governments direct access to data long before the recent reported breaches. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root.

Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is ‘so what’s new?'”

And in case that didn’t quite make any sense, here’s a quick summary of all of that:

Trying to think how USG could make it easier than outsource-to-China #OPMhack to let FI services rob us blind. Not coming up with much.

http://fromtheright.com/latest/this-incredible-government-incompetence-explains-how-we-got-hacked-by-china/