By French Caldwell, chief evangelist, MetricStream
Special to GR & Fraud Software Journal
I thought the 2015 Office of Personnel Management breach was bad, but the recent National Security Agency hack was even more devastating.
In June 2015, OPM discovered that the background investigation records of current, former, and prospective Federal employees and contractors had been stolen, including the Social Security Numbers of 21.5 million individuals.
Worse, the stolen data included information on 1.8 million non-job applicants, primarily spouses or co-habitants of applicants. Add to that 5.6 million stolen fingerprints in the hands of financial criminals and you can say goodbye to many Americans’ security.
In recent weeks the United States has found itself in a cyber Cold War, a real-world “Hunt for Red October” in which American intelligence personnel skilled in cyber warfare and counter-cyber attacks troll for signs of enemy intrusion in government computer networks.
Bizarre new world
The bizarreness of it all became apparent in the presidential race, when hackers believed to be Russian broke into Democratic National Committee databases, making it a central point of contention between the Republican and Democratic presidential candidates.
Then the U.S. government warned that foreign hackers might even attempt to muddle voting results displayed in digital election records come November.
Then came perhaps the most serious breach of U.S. government networks thus far: Hackers in late August stole cyber warfare tools and hacking software designed and owned by the National Security Agency. The secrecy of the NSA’s cyber weapons are dear to its effectiveness.
Though foreign hacking isn’t the same as a nuclear submarine threatening America’s coastlines, the NSA hack means America’s entire library of hacking tools have probably fallen into the hands of our adversaries. What network can be safe?
Enemies selling NSA hack tools
Then last week, a group calling itself the “ShadowBrokers” announced an auction for what it claimed were “cyber weapons” made by the NSA.
As of now, all other national security agencies, including Britain’s Government Communications Headquarters, should be deemed vulnerable. If the NSA has been hacked, the chances are that it, too has become a victim, especially its fellow Five Eyes members – the intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States.
Forget the fact that many of the NSA files date back to 2013; there will be future ramifications. All national governments are pushing for increased collaboration with business, to tackle a very real cyber security threat, but incidents like this raise serious questions over the safety of co-operation.
Companies can’t trust government security
The 2016 Presidential Policy Directive — United States Cyber Incident Coordination plan calls for private companies that have suffered data theft of customer information to work to reveal what has been stolen and other proprietary information with the FBI and other federal government agencies to investigate the crime.
But why shouldn’t private corporations and smaller businesses be worried that governments can’t protect their own information? Private businesses are understandably skeptical when it comes to sharing their proprietary information when partnering with government in the aftermath of data breaches.
Why should businesses trust the government to protect their secrets when they can’t protect their own?
The federal government need to get its house in order first.
After all, how much sense does it make to put one’s proprietary data in a government safe for which the criminals already know the combination?