Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
United States China Security

China Denies Responsibility For US Government Data Breach 144

Posted by Soulskill from the neither-the-right-hand-nor-the-left-hand-know-what-the-cyber-hand-is-doing dept.
schwit1 writes: On Friday, Beijing responded to allegations from Washington that China was responsible for a cyberattack on the U.S. Office of Personnel Management that compromised the personal data of some 4 million government employees. The accusations, China's foreign ministry said, are "irresponsible" and "groundless." The OPM breach is the latest in a string of cyber 'incidents' that have coincidentally occurred in the wake of the Pentagon's new cyber strategy.

ZeroHedge argues, "Whether or not the most recent virtual attack on the U.S. did indeed emanate from China or one of Washington's other so-called "cyberadversaries" (the list includes Iran, Russia, and North Korea) will likely never be known the public, but rest assured the blame will be placed with a state actor so as to ensure the DoD has some precedent to refer to when, for whatever reason, the Pentagon decides it's time to deploy an "offensive" cyberattack later on down the road."

Irrespective of where the attack originated, it appears obsolete technology was ultimately to blame, because as Bloomberg reports, "Einstein" wasn't much help in preventing the intrusion: "It's behind schedule, the result of inter-agency fights over privacy, control and other matters, and only about half of the government was protected when the hackers raided OPM's databases last December. It's also, by the government's own admission, already obsolete. Over the last several months, U.S. officials have said that perimeter-based defenses such as Einstein, even backed by the National Security Agency's own corps of hackers, can never prevent break-ins."
This discussion has been archived. No new comments can be posted.

China Denies Responsibility For US Government Data Breach More

China Denies Responsibility For US Government Data Breach

Comments Filter:

  • It doesn't matter matter who did it (Score:5, Insightful)

    by Karmashock ( 2415832 ) on Saturday June 06, 2015 @05:07PM (#49858049)

    What matters is that the ongoing incompetence of the federal government permitted it to happen.

    I'll say again, instead of getting the NSA to anally probe your own people utterly violating the 4th amendment... why don't you task your teams of tamed hackers to strengthen security throughout the government's computer systems?

    They know how to breach systems so they know how to secure them. All they have to do is make the system so tough that even they couldn't get into them. And task a few of them to literally try to emperically test whether the security has literally arrived advanced to that point.

    This is not an unreasonable standard.

    If the NSA can breach your systems than so can the chinese probably. So if you want to keep the chinese out... make it tough enough that the NSA can't get in.

    Any excuses should be met with summary executions. Just pistol to the temple and a query for any further questions?

    Seriously though... the bad security is not acceptable. And without some drastic changes in culture, the systems will remain open books to any nation or even many criminal organizations that want in for any reason.

    That's pathetic.

    And a big part of the issue is that we're not putting technical people in charge of security.

    Look, you wouldn't a guy without experience running warships in charge of the Navy would you? Would you put someone with no experience flying airplanes in charge of the air force? Then why are we putting non-computer experts in charge of computer systems?

    They don't know what the fuck they're doing. Its like putting an accountant in charge of the Marines or putting the Marines in charge of a law firm. It doesn't make any sense. Stop doing that.

    If you're having a hard time finding someone with command chops in the technical fields, then do what you do in every other branch of the government when you encounter that exact problem. Have a training program where in your people can get promoted into management. Why is this rocket science? The government understand this everywhere else in largely flawlessly. You need someone to run some aspect of the justice department? You promote someone with skills from within the department that understands LAW and law enforcement.

    The ongoing idiocy of my entire culture... forget the government because the corporations are little better in most cases... it is shocking. They almost never put people that understand the tech in charge of the actual f'ing machines.

    They understand they need to hire a lawyer to run the legal department. They understand they have to hire an accountant to run the Accounting department. They understand they have to hire a marketing guy to run the marketing department. But when it comes to IT? Well you can use anyone apparently. Put an accountant in charge... or a lawyer... or a marketing guy... or whatever. A fucking bag of dead kittens would appear to be sufficient.

    The governments and big corps will say "but it will be really expensive to fix our problems"... it is only expensive because you've deferred maintenance for a million years. That like saying you can't fix the roof that has rotted out because that will be expensive. You fix that roof. You maintain that roof. You do not fuck with the roofing guys when they're telling you what has to happen. Because you know and understand that failing to do it means you get rained on.

    The computer systems are the same thing. Only you only notice there is a problem if you know enough to notice or if there is a huge fucking disaster. If neither applies then people can be oblivious. WHich is possibly the attraction of people that don't know what they're doing... they can be oblivious.

    • Re:It doesn't matter matter who did it (Score:5, Informative)

      by Fire_Wraith ( 1460385 ) on Saturday June 06, 2015 @05:29PM (#49858177)
      Furthermore, this is nothing new. In fact, it's been a known issue for a long time. The NSA is not only responsible for signals intelligence, but also has the responsibility of securing U.S. Government communications, i.e. Information Assurance. In the past, this meant coming up with strong codes and encryption systems of our own, while the other part of NSA worked on breaking enemy systems (like the WW2 Japanese Naval and Diplomatic codes for instance). The problem with that today is that there's no longer a difference. Everyone is using the same hardware and software platforms. The same systems that the US Government uses are also the ones used by cybercriminals in Krasnovia, terrorists hiding in caves in Dirka-Dirkastan, and other governments around the world, not to mention our own citizens. In theory that means the NSA would have to balance between using flaws it finds to exploit its targets, and making sure the flaws get patched so we're not vulnerable. If the results we see are the only measure, then they're perhaps tilting badly towards the intelligence/exploit side. I would note though that this isn't the only factor. Overall I'd say that the executives in charge, whether we're talking about the corporate world C*O types or Government SES types, put far too much value on accessibility, availability, and ease of use, and don't take the risks seriously enough. It's either that or they're bullshitting us about how damaging it was when the breach does occur, because if it was truly unthinkably bad then they should've taken it more seriously in the first place.

      • They put an emphasis on accessibility because they're personally clueless.

        I saw something about the Navy considering a BYOD policy with the Navy's computer systems.

        I mean... what the fuck? These idiots should just get a custom US government smartphone and anyone that asks for an iphone should get a black bag thrown over their head and sent via CIA cargo plane to a black site.... where upon pictures of their electrified genitals are leaked onto the internet...

        Not really... Just... there's stupid and there's

        • Yes, this exactly.

          It's the same way in the corporate world, roughly - perhaps some places are better, and maybe that's why we don't hear about them because they're not getting hacked into, but it seems like those are but a tiny minority at most. I know I certainly wouldn't trust a random corporate executive to get it any better. Most of the ones who say that they could do it better for the government are just looking to get fat on contracting money, and probably won't do a damn bit better.

          • Well... it isn't a matter of corporate versus private. Technically either could be better in almost any situation.

            The issue is competence. If one system is competent and the other is not then... one will work and the other will not.

        • Re: (Score:1)

          by DescX ( 4012275 )

          Wasted my mod points or I'd vote you both up; sorry!

          Most of the senior and lead postings I see in my area are asking for appropriate technical skills, with odd expectations for years of experience. That would be fine if candidates could sit down and hash things out in an interview, but, recruiters. Many of them aren't reading resumes. I tell them right off the bat that I refuse to participate in defense/military work in any way (there goes 75% of my opportunities ;)). I'm also clear about having over 10 yea

        • Re: (Score:3)

          by penix1 ( 722987 )

          First off let me start this by saying I work in Homeland Security for my state and used to work for the feds doing the same thing. I received my notice about the breach at a staff meeting. The word is it wasn't a hack into the computer but it was malware installed on a computer at OPM. It was installed in December and wasn't noticed until April.

          Now the question I have is was the individual that brought it in disciplined?

          • A better question is why you let people in OPM install executable code on workstations?

            We've had white listing security information security systems for ages that are administrated by the sysop.

            He designates the code that is permitted to run on specific machines by specific users and anything that isn't that code is not authorized to run.

            Which means if some jackass tries to run an angry birds EXE on your system or whatever... it won't run. And depending on your security policies, the mere attempt can create

        • Re:It doesn't matter matter who did it (Score:5, Informative)

          by schnell ( 163007 ) <me AT schnell DOT net> on Saturday June 06, 2015 @11:51PM (#49859621) Homepage

          I saw something about the Navy considering a BYOD policy with the Navy's computer systems.

          I mean... what the fuck? These idiots should just get a custom US government smartphone and anyone that asks for an iphone should get a black bag thrown over their head

          Have to be a little careful how I respond to this... let's just say that the last thing you want is the Federal government (or at least the DoD and the Intel community) picking out your cellular technology for you. The world of cell phones has evolved in less than a decade from dumb phones that couldn't even text to portable supercomputers; GPS-enabled dog collars and pill bottles; and increased worldwide coverage at (inflation adjusted) equal or lower prices to what you got 10 years ago. In the US Federal government, 10 years has brought you the F-35 Joint Strike Fighter [thefiscaltimes.com] at billions over budget and years behind schedule. Let's please never think that the US government is compatible with cutting edge technology in anything that does not evade radar, blow things up, or do so simultaneously.

          In the US government world, in a SCIF (Sensitive Compartmented Information Facility, anywhere where SECRET/TOP SECRET/SCI information is shared), you can't even bring a cell phone into the facility. Think about this: everyone at the NSA, DISA, CIA Langley etc. misses your phone call unless they are sitting at their desk. Forget that "Homeland" or "24" bulls**t about people using their Droid Razrs in CIA headquarters or wherever the hell Jack Bauer is supposed to be (Federal Secret Counter-Non Existent Surveillance Footage - Large Screen TV and Fake Hologram Agency?). This is how forward thinking the government is about mobility.

          Additionally, in 2008 the government (NSA and DISA) got together to decide to do exactly what you suggested. The result? The Secure Mobile Environment - Portable Electronic Device [nsa.gov] (SME-PED) initiative, which began with a forward looking technology initiative, and by the time it had run the gantlet of DoD/Intel requirements and Federal acquisition policies, had turned into a gigantic brick of a device - running Windows CE - that cost multiple thousands of dollars. This was launched shortly after the iPhone hit the market.

          I can't share the detailed results for a variety of reasons, but I can say that adoption was very poor. Real-world users decided to either stick with earlier, cheaper secure dumb phones; or just risk things and make phone calls about secret information on the mobile phones that they actually carried every day and wanted to use. At any rate, the lesson learned was that 1.) people love cell phones because they are cheap and people have lots of choices; and 2.) when the US government gets involved to pick a "secure" cell phone that all its employees should use, nobody actually uses it.

          • If they can't subcontract one of the major suppliers to turn out a phone with tweaked firmware to suit the NSA's security recommendations then possibly we should just all stick shotguns in our mouths and hope that something evolves from our festing remains to have more wisdom than this species.

            This isn't hard.

            As to the issues with consolidating aircraft, that is mostly an issue of all departments being forced to use the same fucking airplane.

            That's a mistake. It had Lockheed designing a plane that was right

          • Re: (Score:1)

            by Anonymous Coward

            There are SCIFs where you can bring in your phones.
            More importantly, almost no one has an office in a SCIF. So this means they miss your call if they are in a closed area, and didn't route their desk line or mobile number to the phone closest to whatever workstation / file they are working at.

            • The NSA doesn't permit you do that. Why do you think that is?

              In fact, they don't let you bring a phone into some areas PERIOD. Not any kind of electronics what so ever.

              Why? Because they know something you don't. That's why.

              And they should be priming the rest of security apparatus to grasp the ACTUAL vulnerability of these systems especially when attacked not by shithead 12 year old scriptkiddies but actual state sponsored hacker corpse.

              The entire conceit of a SCIF is that the information inside is protected

    • Re: (Score:2)

      by vlad30 ( 44644 )

      Then why are we putting non-computer experts in charge of computer systems?

      A fucking bag of dead kittens would appear to be sufficient.

      The governments and big corps will say "but it will be really expensive to fix our problems"

      Nepotism explains all the above

      Yes its because the relative/friend thats hired to managed to string a few choice words they heard or read of news articles and looks the part. Expensive bit explains the large pay packet. This person would never get a job in private industry IT, who am I kidding nepotism occurs in private industry too,

    • Look, you wouldn't a guy without experience running warships in charge of the Navy would you? Would you put someone with no experience flying airplanes in charge of the air force?

      The current commander-in-chief of the US military was a community organizer.

      The previous one joined the Texas air national guard to avoid being drafted.

      The one before that went to college in England to be deferred from the draft.

      The one before that actually enlisted in the navy following the attack on Pearl Harbor to fight for his country. He served as an aviator for the duration of the war.

      The one before that served in the army, as an officer, before and through WWII.

      From this point, all of

      • no real military experience (not even peacetime duty)...

        Sure, being in the National Guard isn't quite the same as being full time in the Air Force, Marines, Navy, Army, or Coast Guard. But you absolutely do risk getting deployed. And the one you're mentioning put in the time, effort, and real risk involved in flying military aircraft. People die learning to do that. That (and being governor of a large state) is a lot different than playing local politics in Chicago. Even Bill Clinton's slightly oily duty as gov of Arkansas was some prep for a bigger executive p

        • I guess that I was being kind of unfair to George W. Bush - national guard duty may be mostly part time, but it is still military service. He and Clinton both had family connections that would have made sure that they never served in Vietnam. On second thought, Bush's method of dropping out of the draft pool (enlisting in the national guard) was much more gallant than Clinton's (hiding at Oxford University in England).

          I'll re-phrase my statement to say that only one top military commander in the US in th

      • ... way to strawman the fuck out of me.

        First the commander and chief is the US President. He is also the head diplomat, the leader of the country, has enourmous control over the banking system, can dictate a great deal of policy to the legislature, has enourmous regulatory power, and yes... is also in utlimate command of the US military.

        To qualify for all these positions, he'd have to be a general, a legislator, a legal expert, a financial expert, etc.

        A CEO for example of a large corporation does not need t

        • No straw man intended...

          Just a thought that I had. I totally agree with your sentiment about the competence of the people involved. I have just noticed over the years that experience doesn't seem to mean as much as it used to (in industry, as well). It's the old, "it's not what you know, it's who you know" thing being practiced literally.

          • That's a lot of it.

            In industry, I see a lot of lawyers and MBAs put in positions that are not appropriate.

            My belief for example is that the CEOs of technical companies should have the CEO be someone that personally understands the technology that underlies the product they're providing.

            They don't have to understand everything. Just their product.

            So I think car companies are better run by engineers. I think computer or IT companies are best run by people with a CS background. I think medical companies are be

    • It's a false flag op (Score:1)

      by Anonymous Coward

      Are you sure it doesn't matter who did it?

      The Obama Administration came out and blamed China, even before they had all the facts

      The whole episode smells of another false flag

      This looks more like an inside job orchestrated to place blame on China (apparently China has become Hussein Obama's favorite bogeyman) to allow Obama to declare an all out war on China (they even use the word adversary to characterize China)

      It won't be long before America's full attack on China begin. I guess it will happen before Ob

      • Guy claiming to be from the DHS said that rumor in the department was that malware had been accidentally installed by some dipshit user on a workstation.

        That means it isn't chinese hackers or false flags so much as government incompetence being covered up with finger pointing.

        aka usual administrative ass covering.

        Never label something as malice what can more easily be attributed to incompetence.

        • That bogeyman approach works, and it works splendidly!

          You only have to read the comments in this thread to see how many of the fools are already completely decked up awaiting for the chance of the full scale war against China

    • Re: (Score:3)

      by Rich0 ( 548339 )

      If the NSA can breach your systems than so can the chinese probably. So if you want to keep the chinese out... make it tough enough that the NSA can't get in.

      Good luck with that. When there is no cost for mounting an attack, an attacker will almost always have an advantage over a defender.

      This is like arguing that if random hoodlums keep breaking into your house you should simply upgrade the security of your house until they're unable to break in. If criminals can attempt to breach your house without any risk of punishment, then you've lost. There isn't a wall built by man which can't be breached by man. Sure, you can invest enough that it isn't worth their

      • As to inequities between defenders and attackers, those are always technology specific.

        Armored knights for example were quite viable until the fire arm.

        We're talking about network security.

        Saying you can't secure these systems because of some analogy about people putting bars on their windows is not constructive.

        • Re: (Score:2)

          by Rich0 ( 548339 )

          Sure, it isn't a perfect analogy. However, I think that it still holds true.

          If you're a hacker in a legally-privileged environment (either the local government actively protects you, or simply doesn't bother to go after you), then the only cost to trying to hack into systems is your own time. Anytime you come up with an exploit you can easily automate testing it against countless targets. That acts as a force multiplier.

          The usual offense vs defense relationship also applies. The attacker has the initiat

          • The problem with your argument is that perfect security in computers is actually possible... theoretically. Perfect defense in conventional military terms is not even theoretically possible.

            You control too many things in a network for the two situations to be analogous. They can't attack you unless they get into physical proximity of your systems or intrude through your firewalls.

            That's already a huge advantage. Think of that in terms of military defense.

            Imagine if the enemy could only attack you through on

            • Re: (Score:2)

              by Rich0 ( 548339 )

              Imagine if the enemy could only attack you through one little mountain pass and no where else. All you have to cover was THAT entry way.

              Sure, but we're talking about a gate that routinely allows millions of people to go through in both directions every minute, and somebody can pound on it continuously 24x7 and you will refuse to pour boiling oil on them. Oh, and 99% of the time anybody going out isn't inspected at all, though I will concede that this doesn't have to be the case.

              Is perfect security theoretically possible? Sure. Are we ever likely to achieve it on a non-trivial network? Probably not.

              And while it is difficult, you can pene

              • No.

                You set your firewall rules up so that isn't how it works.

                You let authorized users in and out... and only to access other authorized systems.

                If someone says "but I want to access my facebook account"... you tell them to save it for when they are off government time.

                The firewall rules are too permissive and that is a large part of the problem. Lock it down so the systems only communicate with known systems that are known to be good. And only through VPN.

                The hacks are not coming through VPNs. Fix the firew

                • Re: (Score:2)

                  by Rich0 ( 548339 )

                  Lock it down so the systems only communicate with known systems that are known to be good. And only through VPN.

                  Obviously if your network isn't connected to the network it is harder to break into than a network that IS connected to the internet.

                  However, that isn't very helpful for networks that actually need to be connected to the internet.

                  When I'm at work it is pretty useful for me to be able to use Google. I look up stuff all the time from websites run by companies who aren't screened vendors for my employer.

                  Simply closing off your network entirely from the internet isn't really a practical option in most cases.

                  • Its not a question of being connected to the internet. It is a question of firewalling that connection so that only communications you approve of can flow through it.

                    And then setting up the computes so they can only run approved executable code. These things can be done. I have done them.

                    As to people that need to use google, what do you use google for?

                    1. Do you use few specific websites or do you need access to ANY website? I would argue that if you had to sit down with your security team and tell them EVER

                    • Re: (Score:2)

                      by Rich0 ( 548339 )

                      As to people that need to use google, what do you use google for?

                      If I knew the answer to that I probably wouldn't need Google. I'd just go to whatever reference I needed directly, and most likely I'd have a copy of it saved locally anyway unless it were something continually-updated.

                      I am a big believer in what I call "white list security"... Most people use what can be termed "black list security". they have huge lists of all the things you can't do. That's how an anti virus program works. It looks for bad code and disallows it from running...I do the opposite. I identify GOOD code and permit that to run. All code that is not good and approved is passively denied access. No exceptions.

                      No question that this approach is more secure when you absolutely need to have this level of security and can afford the cost. However, implementing this costs a fortune. In most industries companies that make this kind of investment in security are likely to just go out of business, since

                    • Saying that employees need general access to the internet is hard for me to believe. In most cases they don't.

                      And really some distinction should be made between high security environments and low security environments.

                      So for example, I'm quite happy to set up an alternate wifi network that is largely unrestricted. Any machine that connects to that network will be airgapped from the secure systems.

                      if you want to facebook on that network with your own machine that is fine. You will have no access to the file

                    • Re: (Score:2)

                      by Rich0 ( 548339 )

                      As to tens of thousands of employees... wrong. You do not have tens of thousands of employees. ... You break people down into groups. And then you give the groups access to things. You do that and it scales quite nicely. Its very manageable.

                      Maybe that works well in whatever line of business your employer is in, but my employer really does have tens of thousands of employees, and there are pockets of maybe a dozen all over the place that do things that nobody else in the company does. I can think of one department of about 500 that doesn't have more than 10 people doing any particular job.

                      We take a top-down approach to major applications and data repositories, but it really breaks down when you try to apply it to every little tool or website p

                    • It works in any application.

                      If you want to have people that are outside the bubble... then you just give them their own network that is outside the bubble. They can virus the fuck out of themselves and that is their own problem. They won't infect the other systems because they're segregated.

                      If they need access to those systems then they can either specify their needs or pound sand.

                      having lots of IT people is not required. You just need to be really good at saying "no" when they ask for shit they don't need.

                    • Re: (Score:2)

                      by Rich0 ( 548339 )

                      Look, if you don't lock the systems down, then you deserve the consequences. Good, hard, and from behind.

                      What consequences would those be? 99% of big corporations have never had a high-profile hacking attack, and they don't do any of the stuff you recommend.

                      Of the 1% who have had high-profile hacking attacks, I doubt the results cost them all that much. Ok, all your customer credit card numbers are on the web. That costs them money. It doesn't cost you money.

                    • Sure, lets conflate all corporations as equally needing of security.

                      That's a good place to start an argument if you want it to get ripped to fucking shreds.

                      If your company makes baby bottles than you don't need the same security as if you make ICBMs or manage accounts that total into the TRILLIONS of dollars.

                      We can assume that some organizations are in need of more security than others.

                      And as to the consequences... you're basically just using Sony's justification for having shit security. They literally sai

                    • Re: (Score:2)

                      by Rich0 ( 548339 )

                      Your risk assumptions are flawed.

                      An opinion that most big corporations do not seem to share, judging by their actions.

                      Recently my corporation bought out a competitor and we ended up utilizing many of their IT systems, since they had received substantially more investment. Some suggested that it was evidence that our IT strategy was wrong, but you could just as easily argue that it was spot-on since we were the ones buying them out. All that money spent on improved IT is money not spent on other things.

                    • Indeed. Nor many branchs of the US government.

                      Apparently the portion of the US government that keeps track of government employees with security clearance didn't have any IT security team until 2013.

                      Your argument is now that "well people in charge don't agree with you so you must be wrong."

                      This is an appeal to authority. A common logical fallacy and the fact that you relied on it means you're something of an idiot.

                      My point rests on the notion that these systems can be secured cheaply at the price of limitin

                    • Re: (Score:2)

                      by Rich0 ( 548339 )

                      Your argument is now that "well people in charge don't agree with you so you must be wrong."

                      Somewhat. I do get your argument, and I don't wholeheartedly disagree.

                      The problem is competition. Spending on security costs money. If you do it, and your competitors don't, then they're investing in something that you're not. Unless your competitors actually suffer a serious loss as a result of their choice, then you're going to be at a disadvantage.

                      Hacking attacks aren't so common yet that security investment provides protection in the marketplace.

                      Think of it this way. You have 10 competitors. You s

                    • 1st, it isn't that expensive.

                      The notion that security is expensive is largely a product of hiring people that don't have the training to do it properly. The result is that you have to hire a lot of unproductive people or use a lot of consultants that basically do the job for the your IT staff.

                      The real cost of security is political and not economic.

                      An outfit with proper security has the security team in much the same position as a doctor has on a naval ship. That is, within their sphere of expertise, they ca

                    • Re: (Score:2)

                      by Rich0 ( 548339 )

                      The notion that security is expensive is largely a product of hiring people that don't have the training to do it properly.

                      People who can do it properly are more expensive to hire than people who cannot. There aren't really that many of them compared to the number of people who really need to understand security to make this sort of thing work.

                      What this means is that in matters of security, the CIO must be able to overrule the CEO.

                      You're basically just giving the CEO the job title of CIO - it doesn't really change anything.

                      Personal relationships are also important. People need to understand "oh, that's right, Jeff will fucking make an ass of me if I submit this code. What did he show me the other day? Oh that's right, if I code it this way it will not be bypass the encryption if he pokes the program with a stick."

                      Ah, so employees will be afraid to screw up. I've seen that kind of culture in action. You're right that rules don't get broken. Granted, little that is productive gets done either. Companie

                    • No they're not because you don't have to hire as many of them.

                      This is something you learn very quickly in development or any kind of skill. Pros cost more per hour but they're a LOT faster. First they don't fuck around trying to figure out how shit works. They already know. Second, they know a lot of tricks and short cuts to speed up production. Third... ever seen a master painter work? He doesn't make mistakes. The paint goes where he wants it to go and no where else. It looks exactly the way he wants it t

    • You think America's cybersecurity is bad? The are even worse at personnel -- for example, they may have let a few people who despise and violate the highest law of the land into important government offices.

      • That's politics. I accept that people I don't like get elected to office sometimes. My problem is when incompetent people are hired to run the machinery that keeps the institution alive.

        By all means... be corrupt... but don't be incompetent.

        I can tolerate people stealing from me a little bit. Its not avoidable. But if they're stupid on top of that, then that is not acceptable.

    • Look, you wouldn't a guy without experience running warships in charge of the Navy would you? Would you put someone with no experience flying airplanes in charge of the air force?

      You wouldn't put an MBA in charge of precision equipment manufacturer would you? You wouldn't put an MBA in charge of a web search/directory company would you?

      I could go on and on, but yes, you would. All it takes to run a business is an understanding of business processes. There is no need at all to actually know anything about what the business does. Look at Apple. They had the CEO of PepsiCo running the business and look at them now. Steve Jobs was just a slick salesman is all. He was just riding on the

      • Thank you for the last sentence. Due to Poe's law, you can't tell when people are being sarcastic otherwise. :)

  • Comment removed based on user account deletion
    • You'd have to be prepared for the fertilizer to hit the air circulator before a stunt like that.
      I'm not surmising that #OccupyResoluteDesk has either the sack to order such an attack, or the sack content to deal with the fallout.
      If a crisis involves doing more than showing up and delivering a speech in his Barry-tone(TM) voice, BHO just hasn't proven himself up to the task.

    • Is for the US to punch back twice as hard.

      Another way to stop it would be for the US govt to properly secure their servers.

    • Are you nuts? You can't just piss off your master's manufacturers, are you crazy?

      Now, be a good government and shut the fuck up, there's money to be made and trinkets to be sold.

    • Re: (Score:2)

      by doug141 ( 863552 )

      Is for the US to punch back twice as hard.

      Then they punch back 4 times worse?

    • Re: (Score:2)

      by Rich0 ( 548339 )

      Is for the US to punch back twice as hard. I would suggest having the NSA pillage their military system and then do a data dump at nsa.gov/china/fuckyou.torrent

      The US has a lot more to lose playing this sort of game. Just tell the Chinese to get their act together and firewall their network at the border until they do.

  • And of course, each political party was quick to blame each other.
    Democrats immediately blamed Republicans saying they wouldn't spend enough:

    "The latest intrusion points to the need for Congress to pass a cybersecurity bill, White House Press Secretary Josh Earnest said....Congress has yet to act on the personnel agency’s Feb. 2 request for a $32 million budget increase"

    And of course, Republicans blamed the lack of leadership:

    “Where is the leadership? The federal government has just been hit by one of the largest thefts of sensitive data in history, and this White House is trying blame anyone but itself. It’s absolutely disgusting.”

    • NSA vs. the IRS in a hack-off. Whichever organization does the better job of gutting the other gets to absorb the others' tasking.
      We've got to do something about this federal hydra. Having the heads attack each other is at least worth trying.
    • While you can't just blindly throw money at a problem, it is part of the issue. Seriously, would you want to work for the Federal Government in cybersecurity? About the only advantage it has is that you can't be replaced by an H-1B, and perhaps the fact that there's a pension (that a certain party would love to take away from you). If you try to get by with not paying for the best security personnel, you shouldn't be surprised when you don't get the best security personnel. The pay is comparatively low, the

      • While you can't just blindly throw money at a problem, it is part of the issue.

        You are right, but increasing the budget by $32million in 2016 was not relevant to this break in.
        Politicians are merely looking for excuses to blame each other, they aren't presenting actual solutions.

  • Are there any links to actual technical details regarding the hack.

    • Are there any links to actual technical details regarding the hack.

      Umm. Citizen. That's not a particularly fruitful line of inquiry, if you catch my drift.

  • So, they're only now acknowledging that perimeter security alone cannot prevent security failures?

    And these are security experts?

  • Oh! If only the government had destroyed even more freedom and tightened the surveillance state! When will we ever learn?

  • The requisite denial by China says it all.

  • "the Pentagon decides it's time to deploy an "offensive" cyberattack later on down the road." lets drop that bull right off the bat. The correct statement should read ' When the Pentagon again gets caught deploying "offensive" cyberattacks". They have already been exposed all over the place. The law is categorically clear, hacking into networks, espionage, is an attack and the US has been exposed attacking every one, every single person on the planet on every single network on the planet. From US politic

  • http://www.zerohedge.com/news/... [zerohedge.com]

    Defense Secretary Ashton Carter spoke to technology leaders in Palo Alto, California, in April, tossing around ideas for recruiting engineers for temporary missions in government and meeting with Facebook's Mark Zuckerberg.

    Why is the defense sec talking to Zuckerberg? How long until you have to have a FB account to log onto the "Internet".

  • Gov't lost its own records, so they hired hackers to help them find 'em.

Slashdot Top Deals

Two can Live as Cheaply as One for Half as Long. -- Howard Kandel

Close