Personal Data For More Than 130,000 Sailors Hacked: U.S. Navy (reuters.com) 57
Hackers gained access to sensitive information, including Social Security numbers, for 134,386 current and former U.S. sailors, the U.S. Navy has said. According to Reuters: It said a laptop used by a Hewlett Packard Enterprise Services employee working on a U.S. Navy contract was hacked. Hewlett Packard informed the Navy of the breach on Oct. 27 and the affected sailors will be notified in the coming weeks, the Navy said. "The Navy takes this incident extremely seriously - this is a matter of trust for our sailors," Chief of Naval Personnel Vice Admiral Robert Burke said in a statement.
"Hacked" another word for spyware? (Score:5, Insightful)
Everything these days going wrong in information security is a 'hack'. Most likely this dude clicked on an advert on CNN and got some spyware installed.
It's not a 'hack' if it involves the user on a Windows machine installing something unsavory.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Yes, I'm sure that's how it works.
First: this was a contractor, contractors are hired because they tend to get stuff done without having to be held to any sort of regulation. It's cheaper that way and one of the reasons hiring contractors make sense.
Second: Locking down a computer that tightly is not possible on the Windows platform.
Third: I work with FDA-approved Windows versions. It's certified to be free of all sorts of tampering (because it sets among other things, radiation limits), except it's still r
Re: (Score:1)
Re: (Score:2)
Q: How does the USN separate the men from the boys? A: With a crowbar
Re: (Score:2)
Re: (Score:2)
I think the real question is: why had an HPE contractor (or anyone else for that matter) downloaded the stats from a Navy personnel db (or the db itself)?
The only thing that comes to mind is that he was employed to cross-check the stats against a very long paper list and decided to do it at home while enjoying a beer and watching Netflix.
Re: (Score:2)
HP requires its employees to encrypt the HDDs on their PCs.
Wouder what wrong here.
Ah, HPE (Score:2)
duplicate (Score:2)
Re: (Score:1)
Yeah. The other article was better written. This Reuters article has 100 words.
Mods have been ignoring submissions lately. Pushing the same 10 sources every day: Reuters, Vice, TorrentFreak, BetaNews, Softpedia... etc.
you can't do anything ... (Score:2, Insightful)
I have confidence that I can keep MY computers secure from anything short of a dedicated state sponsored attack, but I am still vulnerable.
Anyone who I give my personal data to is a huge risk. Medical care. Employment. Shopping online. Almost any activity collects such data and these systems are compromised on a regular basis, sometimes with the disclosure of highly sensitive data. [wikipedia.org]
Shit, I don't even trust my doctor's office to secure their infrastructure, but there's nothing you can do., because they wi
Re: (Score:2)
I have confidence that I can keep MY computers secure from anything short of a dedicated state sponsored attack, but I am still vulnerable.
Anyone who I give my personal data to is a huge risk. Medical care. Employment. Shopping online. Almost any activity collects such data and these systems are compromised on a regular basis, sometimes with the disclosure of highly sensitive data. [wikipedia.org]
Shit, I don't even trust my doctor's office to secure their infrastructure, but there's nothing you can do., because they will not give you medical care without entering your information into their computer systems.
You don't have to worry about *just* your doctor's office. You have to worry about the pharmacy database - every script in this country goes into one or both of two huge organizations that keep track of those little drugs. You have to worry about your insurance company AND the insurance clearing house. As well as CMS (Centers for Medicaid and Medicare Security, a wonderfully Orweillian name) and bog knows who else.
Might as well just post it on Facebook and stop bothering about it.
In the coming weeks? (Score:2)
SSNs shouldn't be 'sensitive information.' (Score:5, Insightful)
Social Security Numbers need to be defanged. There is no reason they should be considered 'secret numbers' that can be used against a person. It should be totally safe to print your SSN on a t-shirt and wear it in public.
There is no excuse for it being 'dangerous' to reveal your SSN to others. It's not designed to be a 'protected' piece of information and when established, a Social Security Number was intended simply as an index.
Unfortunately, the credit industry seems to think they can use the posession of a person's SSN to extend credit to anybody who has access to it. Because of this, our SSNs have become weapons against us.
It would be easy for us all collectively to take that power of the SSN away from the credit industry. If 10% of all Americans agreed to disclose their SSNs publicly, it would make it impossible and impractical for the credit industry to use the revealing of a SSN to issue credit cards at cash registers in stores, which is, among other conveniences for them, what the 'secrecy of SSNs' is all about.
My dream is that someday enough of us will agree to publish our SSNs that it would become impractical for the credit industry to use it as a 'secret code.' The coolest way for this to happen would be for people to just start writing their SSN on a sign in front of their house, or on the mailbox or something of that nature.
Practically, though, the best way it could happen would be in an all-at-once event, so that the Credit Industry can't use SSNs tricking out as an attack vector on a few people at a time. But with a mix of some sort of 'big release' of SSNs and a trickling out, i.e. people not on the 'big release' revealing their SSNs on a place like their mailbox where it can't be verified en-masse, the use of SSNs as a 'secret number' for credit applications could be nullified.
Re: (Score:2)
I agree with your post, but I'm just wondering what we could use to prove identity without using SSN. Birthdate is easy to find. Driver's licenses can be faked. Mother's maiden name is easily known by any family members.
Re: (Score:2)
It's about a combination of things you know. Ultimately one of those things has to be secret, like a password that you supply and only you know. Your SSN is entirely unsuitable for this.
The idea is you should supply 3-4 items from this list:
Full Name
DOB
Address
Telephone Number
SSN
Driver's License Number
And in addition to that, a secret password that you selected, otherwise, someone finding your wallet on the street has access to everything.
The whole concept of SSNs being secret and used in the US in all kinds
Re: (Score:2)
Huh? Drivers licenses can be faked by an SSN can't? What kind of absolutely absurd knowledge is that? Your SSN ceases to be secret and personal every time you share it for identification purposes, at least someone needs to put effort into faking a drivers license (and if that is such a big problem then maybe you should change your drivers licenses).
Some countries use a point ranking system which requires multiple documents to establish who you are with multiple characteristics. e.g. in Australia for banking
Re: (Score:2)
Years ago there was talk of a national id. I don't know how practical that was or what kind of security could be built in. What sunk it was the Libretards and Republicans. Naturally, the Christian fundamentalists were against it too, claiming it was akin to tattooing 666-xxx-xxx-xxx-xxx onto everyone. They then went back to pretending security was a warm blanket.
Re: (Score:2)
Simple solution is to make CC etc. by statue solely responsible for all damages caused by identity fraud.
Then they would move earth and heaven to make sure they verified identity right.
Why in land of the law I am responsible for the acts that I did not commit?
Re: (Score:2)
The US gov said it saw that someone in the private sector found old BEAR code that anyone could be using and that a few very different groups accessed very different US networks. Groups using old code that was well understood to be in public hands and that contractors told the media about.
As for this topic AC, the US navy issues?
"compromised" is about the best world to use. No mention of nations or methods AC.."early stages of investigating "...
Not
Re: (Score:2)
When data fails in the hands of the private sector its just part of the American way.
No Big Deal (Score:2)
Sailors are used to getting backdoored.
identity verification kiosks? (Score:2)
To avoid all identity theft problems we need to do away with all on line, give me this or that bit of your public life to verify it's you.
All these require some form of physical presents.
One solution would be local 'kiosks' to issue a digitally signed certificates, for specific reason, after physical verification of identity. Technology exists, (chain of trust or whatever they use for digital currency). Services paid by whoever requested this verification. In a way it would be a kin Public Notary service i
Re: (Score:2)
Keep the mil data well away from contractors.
Someone in the US gov must be doing something very correct as not all agencies leak to the public or trust contractors.
Services the navy uses (Score:2)
Join the Navy and see the world (Score:1)