21.5 Million Americans Compromised, OPM’s Ms. Archuleta Still Not Going Anywhere

Posted: 1:36 am  PDT

Excerpt via opm.gov:

OPM announced the results of the interagency forensic investigation into the second incident.  As previously announced, in late-May 2015, as a result of ongoing efforts to secure its systems, OPM discovered an incident affecting background investigation records of current, former, and prospective Federal employees and contractors.  Following the conclusion of the forensics investigation, OPM has determined that the types of information in these records include identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details.  Some records also include findings from interviews conducted by background investigators and fingerprints.  Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.

While background investigation records do contain some information regarding mental health and financial history provided by those that have applied for a security clearance and by individuals contacted during the background investigation, there is no evidence that separate systems that store information regarding the health, financial, payroll and retirement records of Federal personnel were impacted by this incident (for example, annuity rolls, retirement records, USA JOBS, Employee Express).

This incident is separate but related to a previous incident, discovered in April 2015, affecting personnel data for current and former Federal employees.  OPM and its interagency partners concluded with a high degree of confidence that personnel data for 4.2 million individuals had been stolen.  This number has not changed since it was announced by OPM in early June, and OPM has worked to notify all of these individuals and ensure that they are provided with the appropriate support and tools to protect their personal information.

Analysis of background investigation incident.  Since learning of the incident affecting background investigation records, OPM and the interagency incident response team have moved swiftly and thoroughly to assess the breach, analyze what data may have been stolen, and identify those individuals who may be affected.  The team has now concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases.  This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, predominantly spouses or co-habitants of applicants.  As noted above, some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints.  There is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM’s systems.

If an individual underwent a background investigation through OPM in 2000 or afterwards (which occurs through the submission of forms SF 86, SF 85, or SF 85P for a new investigation or periodic reinvestigation), it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely.

So, are we supposed to wait for another credit monitoring offer from OPM’s partners for this BI hack, after already being offered credit monitoring for the personnel data compromised in an earlier breach?

Yes. Wonderful.

Ms. Archuleta should do the right thing and resign.

Part of OPM’s public response to these breaches has been to protect the director’s record at the agency.  While she remains in charge, I suspect that the fixes at OPM will also include shielding the director from further damage. News reports already talk about OPM’s push back. Next thing you know we’ll have “setting the record straight” newsbots all over the place.

While it is true that Ms. Archuleta arrived at OPM with legacy systems still in operation, these breaches happened under her watch. Despite her protestation that no one is personally responsible (except the hackers), she is the highest accountable official at OPM.  Part and parcel of being in a leadership position is to own up to the disasters under your wings.  Ms. Archuleta should resign and give somebody else a chance to lead the fixes at OPM.

via reactiongifs.com

via reactiongifs.com

.

.

.

.

.

.

.

We Meant Well, Afghanistan Edition: Ghost Students, Ghost Teachers, Ghost Schools, Ugh!

Posted: 1:16 am  PDT

 

.

Excerpt:

Over and over, the United States has touted education — for which it has spent more than $1 billion — as one of its premier successes in Afghanistan, a signature achievement that helped win over ordinary Afghans and dissuade a future generation of Taliban recruits. As the American mission faltered, U.S. officials repeatedly trumpeted impressive statistics — the number of schools built, girls enrolled, textbooks distributed, teachers trained, and dollars spent — to help justify the 13 years and more than 2,000 Americans killed since the United States invaded.

But a BuzzFeed News investigation — the first comprehensive journalistic reckoning, based on visits to schools across the country, internal U.S. and Afghan databases and documents, and more than 150 interviews — has found those claims to be massively exaggerated, riddled with ghost schools, teachers, and students that exist only on paper. The American effort to educate Afghanistan’s children was hollowed out by corruption and by short-term political and military goals that, time and again, took precedence over building a viable school system. And the U.S. government has known for years that it has been peddling hype.
[…]
USAID program reports obtained by BuzzFeed News indicate the agency knew as far back as 2006 that enrollment figures were inflated, but American officials continued to cite them to Congress and the American public.

As for schools it actually constructed, USAID claimed for years that it had built or refurbished more than 680, a figure Hillary Clinton cited to Congress in 2010 when she was secretary of state. By 2014, that number had dropped to “more than 605.” After months of pressing for an exact figure, the agency told BuzzFeed News the number was 563, a drop of at least 117 schools from what it had long claimed.
.

Last week, we were looking for clinics.

What’s next … ghost soldiers? Oops, that’s already an old story?

#

OPM Hit By Class Action Lawsuit, and Those Phishing Scams You Feared Over #OPMHack Are Real (Corrected)

Posted: 7:16 pm  EDT

 

The largest federal employee union, the American Federation of Government Employees, filed a class action lawsuit today against the Office of Personnel Management, its director, Katherine Archuleta, its chief information officer, Donna Seymour and Keypoint Government Solutions, an OPM contractor.
.

.

.
A couple of weeks ago, we thought that the “recipe” from the OPM email notification sent to potentially affected employees via email might be copied by online scammers.

.

 

Today, the United States Computer Emergency Readiness Team (US-CERT), part of part of DHS’ National Cybersecurity and Communications Integration Center (NCCIC) issued an alert on phishing campaigns masquerading as emails from the Office of Personnel Management (OPM) or the identity protection firm CSID.

#

ALL Foreign Affairs Agencies Affected By #OPMHack: DOS, USAID, FCS, FAS, BBG and APHIS

Posted: 6:15  pm  PDT

 

AFSA has now issued a notice to its membership on the OPM data breach. Below is an excerpt:

On Thursday June 4, the Office of Personnel Management (OPM) became aware of a cybersecurity incident affecting its systems and data. AFSA subsequently learned that the Personally Identifiable Information (PII) of many current and former federal employees at the foreign affairs agencies have been exposed as a result of this breach.

The most current information provided to AFSA indicates the following: Most current, former and prospective federal employees at ALL foreign affairs agencies have been affected by this breach. That includes the State Department, USAID, FCS, FAS, BBG and APHIS. OPM discovered a new breach late last week which indicates that any current, former or prospective employee for whom a background investigation has been conducted is affected.

In the coming weeks, OPM will be sending notifications to individuals whose PII was potentially compromised in this incident. The email will come from opmcio@csid.comand it will contain information regarding credit monitoring and identity theft protection services being provided to those federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service. All the foreign affairs agencies suggest that those affected should contact the firm listed below. Members of the Foreign Commercial Service may additionally contact Commerce’s Office of Information Security at informationsecurity@doc.gov.

As a note of caution, confirm that the email you receive is, in fact, the official notification. It’s possible that malicious groups may leverage this event to launch phishing attacks.  To protect yourself, we encourage you to check the following:

  1. Make sure the sender email address is “opmcio@csid.com“.
  2. The email is sent exclusively to your work email address. No other individuals should be in the To, CC, or BCC fields.
  3. The email subject should be exactly “Important Message from the U.S. Office of Personnel Management CIO”.
  4. Do not click on the included link. Instead, record the provided PIN code, open a web browser, manually type the URL http://www.csid.com/opm into the address bar and press enter. You can then use the provided instructions to enroll using CSID’s Web portal.
  5. The email should not contain any attachments. If it does, do not open them.
  6. The email should not contain any requests for additional personal information.
  7. The official email should look like the sample screenshot below.
image via afsa.org

image via afsa.org

Additional information has been made available on the company’s website, www.csid.com/opm, and by calling toll-free 844-777-2743 (International callers: call collect 512-327-0705).

Agency-Specific Points of Contact:

If you have additional questions, contact AFSA’s constituency vice presidents and representatives:

Read the full announcement here.

Amidst this never ending round of data breaches, go ahead and read Brian Krebs’ How I Learned to Stop Worrying and Embrace the Security Freeze. The USG is not offering to pay the cost of a credit freeze but it might be worth considering.

Of course, the security freeze does not solve the problem if the intent here goes beyond stealing USG employees’ identities.   If the hackers were after the sensitive information contained in the background investigations, for use at any time in the future, not sure that a credit freeze, credit monitoring and/or ID thief protection can do anything to protect our federal employees.

Security clearance investigations, by their very nature, expose people’s darkest secrets — the things a foreign government might use to blackmail or compromise them such as drug and alcohol abuse, legal and financial troubles and romantic entanglements. (via)

I understand why the USG has to show that it is doing something to address the breach but — if a foreign government, as suspected, now has those SF-86s, how can people protect themselves from being compromised? If this is not about compromising credit, or identities of USG employees but about secrets, credit monitoring and/or ID thief protection for $20 Million will be an expensive but useless response, wouldn’t it?

#

Burn Bag: NEA’s Assistance Coordination office is a complete disaster?

Via Burn Bag:

When will someone on the 7th floor realize that the emperor is naked and NEA’s Assistance Coordination office is a complete disaster? Money wasted, FTEs wasted, and  …  no one knows what they do.

#

NEA/AC – Bureau of Near Eastern Affairs/Office of Assistance Coordination
FTE – Full-time employees
7th Floor – the location of the Secretary of State and his immediate and senior staff in the   HST building
Two grants online: Increasing Employment in the MENA Region (est. total funding $5M) and Entrepreneurship in the MENA Region (est.total funding $7M).
MENA – Middle East and North Africa region

US Embassy Nepal Now on Authorized Departure For Non-Emergency Staff and Dependents

Posted: 2:30 am EDT

 

We’ve anticipated the evacuation of the family members of Embassy Kathmandu staff following the devastating Nepal earthquake of April 25.  On May 1st, the State Department issued a new Nepal Travel Warning and announced the May 2nd “authorized departure” not just of embassy family members but also of its non-emergency personnel. See part of the announcement below:

The Department of State warns U.S. citizens of the risks of travel to Nepal and recommends that they defer non-essential travel there following the 7.8 magnitude earthquake on April 25.  On May 2, 2015, the Department of State approved authorized departure for non-emergency U.S. government personnel and dependents.  The U.S. Department of State also recommends that U.S. citizens in Nepal exercise caution when traveling in or planning departure from the country.  The possibility for aftershocks of significant magnitude persists.  Infrastructure is fragile and access to basic resources, including healthcare, could be limited.  Cell phone and internet service are intermittent. In Kathmandu and elsewhere, some buildings are collapsed and some roads are impassable, making transportation difficult.  Some areas of the city are crowded with displaced persons.  Kathmandu and Lukla airports have been re-opened since the earthquake.  However, the airports may close temporarily without notice due to aftershocks or inclement weather.  We encourage travelers to contact their airlines to confirm flight availability before departing for the airport.

Read the full Travel Warning here.

USAID supported DART teams have been on the move and just rescued a man from a building in Gongabu. Photo from US Embassy Nepal/FB

USAID supported DART teams have been on the move and just rescued a man from a building in Gongabu. Photo from US Embassy Nepal/FB

#

 

Related posts:

US Embassy Nepal: DART and Search and Rescue Teams Are On the Ground

Posted: 12:15 am EDT

 

At the DPB on April 27, the State Department said that Embassy Kathmandu remains open and the U.S. Embassy and the American Club continue to shelter U.S. citizens and their family members as well as dozens of non-Americans. There are reportedly about 85 U.S. citizens at the chancery and about 220 U.S. citizens at the American Club.  The spokesman said he is “not aware of any significant damage, at least not that is impeding their [embassy’s] operations.”  

Embassy Kathmandu staff is reportedly being supplemented with resources in the region “to better enable us to respond to – not only to the things concerning U.S. citizens, but also liaison coordination with the U.S. Government and such.” All of the American personnel at the embassy are accounted for. The embassy is continuing its efforts to account for all its local employees. Meanwhile, the DART and the search and rescue teams have arrived in country.

 

.

.

.

.

#

Nepal Earthquake: USAID/OFDA activates Disaster Assistance Response Team; how you can help in relief efforts

Posted: 12:30 am EDT

 

On April 25, the U.S. Government (USG) issued a disaster declaration for Nepal due to the effects of the earthquake. In response, USAID/OFDA immediately activated a Response Management Team (RMT) in Washington, D.C., and a DART—including urban search-and-rescue (USAR) specialists from the Fairfax County Fire and Rescue Department—to support emergency response efforts in cooperation with the GoN. USAID/OFDA has also authorized an initial $1 million to address urgent needs.

According to media reports, the earthquake has resulted in widespread damage and destruction of buildings as well as damaged roads and other public infrastructure. According to USAID, USG staff in Kathmandu reported that electrical and telecommunications networks are intermittently operational, although landlines appear to function. The airports in Kathmandu and Pokhara reportedly remained open, with some commercial flight activity already resumed.  Nepal earthquake death toll is now reported to be over 3,200, including 3 Americans.  More than 6,000 have been injured in the earthquake.

The U.S. Embassy in Kathmandu has drilled about the big one for years now. Our post there has an American staff of less than a hundred. Post is a typical accompanied post so there will be family members there.  If public infrastructure and food supply becomes problematic, we anticipate that family members will be evacuated to a safehaven area or back home like what happened in the aftermath of the Haiti earthquake. It is also worth noting that in a crisis like this, the local employees who are expected to assist the mission may also be facing their own challenges with the need and safety of their own families. Let’s keep them all in our thoughts.

In response to the Government of Nepal requests for assistance, USAID/OFDA deployed a DART to Nepal. The team includes USAID/OFDA humanitarian specialists and 54 USAR personnel from the Fairfax County Fire and Rescue Department. USAID/OFDA has also allocated an initial $1 million for relief organizations in Nepal to address urgent humanitarian needs. Also this:

For nearly two decades, USAID/OFDA has supported disaster risk reduction (DRR) efforts in Nepal, including throughout Kathmandu Valley. USAID/OFDA funding has enabled the International Organization for Migration (IOM) to identify, prepare, and preserve more than 80 open spaces in Kathmandu Valley to ensure the sites are available for humanitarian purposes—such as distribution centers or warehouses—in the event of large-scale disasters. USAID/OFDA has also supported Nepal Red Cross Society (NRCS) to pre-position critical emergency relief supplies in order to address the immediate needs of affected communities following a disaster.

Here are a few more updates via Twitter:

.

.

.

.

.

.

.

We understand that due to the weather, tents are an urgent need right now. USAID/OFDA director Jeremy Konyndyk says, “We’re mobilizing emergency shelter supplies from our global stocks. Clear need.”

How You Can Help

USAID says that the most effective way people can assist relief efforts is by making cash contributions to humanitarian organizations that are conducting relief operations. A list of humanitarian organizations that are accepting cash donations for disaster responses around the world can be found at www.interaction.org.

USAID encourages cash donations because they allow aid professionals to procure the exact items needed (often in the affected region); reduce the burden on scarce resources (such as transportation routes, staff time, and warehouse space); can be transferred very quickly and without transportation costs; support the economy of the disaster-stricken region; and ensure culturally, dietary, and environmentally appropriate assistance.

More information can be found at:

  • The Center for International Disaster Information: www.cidi.org or +1.202.821.1999.
  • Information on relief activities of the humanitarian community can be found at www.reliefweb.int

#

Major Earthquake Strikes Nepal, High Death Toll Expected (Contact Info For U.S. Citizens)

Posted: 9:54 am PDT

 

On April 25, a 7.8 earthquake hit Nepal, approximately 80 km from the capital Kathmandu. More than a thousand people have reportedly been killed with the number expected to go up.  USAID is launching a a DART team to respond.  U.S. citizens in need of urgent assistance in Nepal should call +977 1 423 4068.  U.S. citizens from the U.S. and Canada needing assistance in Nepal should call 1-888-407-4747 or email the State Department at NepalEmergencyUSC@state.gov.  Google has also rolled out its Person Finder.

Via the USGS:

The April 25, 2015 M 7.8 Nepal earthquake occurred as the result of thrust faulting on or near the main frontal thrust between the subducting India plate and the overriding Eurasia plate to the north. At the location of this earthquake, approximately 80 km to the northwest of the Nepalese capital of Kathmandu, the India plate is converging with Eurasia at a rate of 45 mm/yr towards the north-northeast, driving the uplift of the Himalayan mountain range. The preliminary location, size and focal mechanism of the April 25 earthquake are consistent with its occurrence on the main subduction thrust interface between the India and Eurasia plates.

Although a major plate boundary with a history of large-to-great sized earthquakes, large earthquakes on the Himalayan thrust are rare in the documented historical era. Just four events of M6 or larger have occurred within 250 km of the April 25, 2015 earthquake over the past century. One, a M 6.9 earthquake in August 1988, 240 km to the southeast of the April 25 event, caused close to 1500 fatalities. The largest, an M 8.0 event known as the 1934 Nepal-Bihar earthquake, occurred in a similar location to the 1988 event. It severely damaged Kathmandu, and is thought to have caused around 10,600 fatalities.
.

.

.

.

.

.

.

. .

.

.

.

#