(Office of Personnel Management Director Katherine Archuleta’s Official portrait. I lifted it off the Government server like everyone else does).
I have been bustling around this morning. The dashboard on the Panzer has been yelling at me quite insistently about getting “AO” servie, whatever that might be, for the past couple weeks. I finally got around to taking it in this morning, and there are a couple things to do this morning that look vaguely like work, and maybe the walk back from the dealer after dropping off the car got me energized. I organized some socks and took the plastic bags off some of the ancient drycleaning in the closet.
I had to do something, since the mail was nothing but bad news this morning. It turns out it wasn’t 4.1 million of us who had the dirty laundry of our lives betrayed to the PRC. It wasn’t 14 million, either. It was 18 million.
Ms Katherine Archueta, the OPM Director has been up on the Hill testifying to the Senate about the colossal incompetence in her organization, which predictably verged on frank appeal for more money to seal the barn doors in her IT shop after the ponies were long gone.
There is more good news beyond that. I have been waiting for my little letter to arrive, informing me of something I already know, which is to say that it is not a question of “if” I am going to get attacked, or have my life and bank account stolen, it is simply a matter of when. I know exactly who is responsible.
Director Archuleta doesn’t. She testified that no one is personally accountable for the breach. Her organization literally handed over the root password to the intruders and likely never would have figured it out on its own.
“We have legacy systems that are very old,” she said. That is the money part. “It’s an enterprise-wide problem.” it gets better, really. She went on to say that “If there’s anyone to blame, it’s the perpetrators. Their concentrated, very well-funded efforts to come into our system are what we’re concerned about.”
Some of my friends have already got their letters, notifying them that they have been had. Others got emails from the Office, starting on the 8th of June. Turns out there was a problem with that, as one pal called the Office to verify the validity of the electronic mail, since there was the direction to click on a link embedded in it to contact the credit monitoring organization.
That is exactly what the hackers do. Don’t ever click on a link.
That alarmed a lot of us. The OPM has already put our Social Security numbers, addresses and other personal information into hackers’ hands.
It turned out we had every reason to be uneasy. According to multiple Federal government sources, phishing messages appeared almost immediately after the real messages were sent.
According to the Post, “one senior official said that Department of Defense (DoD) security believes the original OPM hackers obtained a copy of the real CSID announcement e-mail and modified it for their own criminal purposes. It was because of this actual attack, and the e-mail notification’s poor design, that on June 15 over internal networks, the DoD announced, “THE DEPARTMENT OF DEFENSE, WITH OPM AND CSID SUPPORT, HAS SUSPENDED FURTHER NOTIFICATIONS TO DOD PERSONNEL UNTIL AN IMPROVED, MORE SECURE NOTIFICATION AND RESPONSE PROCESS IS IN PLACE.”
Fine. Just fine. Anyone who tells you that our friends here in Washington are here to help really needs to see a credit counsellor.
Copyright 2015 Vic Socotra
www.vicsocotra.com
Twitter: @jayare303