1) More Systems Compromised in #OPMHack, 2) A Love Letter to Hackers, and 3) What’s a Credit Freeze?

Posted: 3:29 am  EDT

 

On June 4, OPM released a statement on “a cybersecurity incident” that potentially affected personnel data of current and former federal employees, including personally identifiable information (PII) (see OPM Hack Compromises Federal Employee Records, Not Just PII But Security Clearance Info).  The initial estimate was that the OPM hack affected potentially 4 million employees. On June 12, fedscoop reported that the American Federation of Government Employees (AFGE) believed that the breach may have compromised personal data of as high as 14 million employees.

We understand that the State Department issued a notice to employees concerning the OPM breach on June 4. A second notice dated June 12 (am told this was actually a June 11 notice) was shared with BuzzFeed (see below). Several unnamed State Department employees were quoted in that BuzzFeed article, a tell-tale sign of growing frustration that we can also see from our inbox.

.

.

.

.

.

Excerpt from email sent by Under Secretary of Management Pat Kennedy on June 12 (via BuzzFeed)

This is an update to my previous e-mail of June 4th [repeated at the very end of this message.]

As was communicated last week, the U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have exposed the Personally Identifiable Information (PII) of some current and former Federal employees. This email provides additional information regarding next steps for those affected State Department employees. But, every employee should read this email.

In the coming weeks, OPM will be sending notifications to individuals whose PII was potentially compromised in this incident. The email will come from [DELETED] and it will contain information regarding credit monitoring and identity theft protection services being provided to those Federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service.

As a note of caution, confirm that the email you receive is, in fact, the official notification. It’s possible that malicious groups may leverage this event to launch phishing attacks. To protect yourself, we encourage you to check the following:

1. Make sure the sender email address is [DELETED]

2. The email is sent exclusively to your work email address. No other individuals should be in the To, CC, or BCC fields.

3. The email subject should be exactly [DELETED]

4. Do not click on the included link. Instead, record the provided PIN code, open a web browser then manually type the URL {DELETED]. You can then use the provided instructions to enroll [DELETED].

5. The email should not contain any attachments. If it does, do not open them.

6. The email should not contain any requests for additional personal information.

7. The official email should look like the sample screenshot below.

Additional information has also been made available beginning on June 8, 2015 on the company’s website [DELETED].

Regardless of whether or not you receive this notification, employees should take extra care to ensure that they are following recommended cyber and personal security procedures. If you suspect that you have received a phishing attack, contact your agency’s security office.

In general, government employees are often frequent targets of “phishing” attacks, which are surreptitious approaches to stealing your identity, accessing official computer systems, running up bills in your name, or even committing crimes using your identity. Phishing schemes use e-mail or websites to trick you into disclosing personal and sensitive information.

Oh, man.

Hopefully no one will copy this “recipe” to send folks a fake notification to enroll somewhere else.

On May 28, just days before the OPM breach was reported, OPM issued a solicitation for OPM Privacy Act Incident Services. The services required include 1) notification services, 2) credit report access services, 3) credit monitoring services, 4) identity theft insurance and recovery services, and 5) project management services. According to the solicitation, these services will be offered, at the discretion of the Government, to individuals who may be at risk due to compromised Personally Identifiable Information (PII).  The $20,760,741.63 contract for Call 1 was awarded to Winvale Group, LLC on June 2 but was published on fedbiz on June 5, the day after the breach was reported. Call 1 contract includes services to no more than 4 million units/employees.

Note that the State Department notice dated June 12 says that “email should not contain any attachments (#5). The OPM Services awarded on June 2 includes the following:

3.1.1.2 Contractor email Notification: The Contractor will prepare and send email notifications to affected individuals using read receipts. Emails (or attachments) will appear on Government letterhead, will contain Government-approved language, and will contain the signature of the Government official(s). Emails may contain one or more attachments. Email notification proof(s) will be provided to the Government for approval not later than 48 hours after award of a Call against the BPA. The Government will approve the email notification within 24 hours to enable the Contractor to begin preparation for distribution. The Contractor will require, receipt, track, and manage read receipts for email notifications.

Get that?

Now this. Somebody from State sent us a love letter for the hackers:

Dear Hackers: While you’re in there, please get my travel voucher for $291.46 approved, permanently cripple Carlson Wagonlit so we can stop wasting money on a useless product, and figure out how many special political hires there really are roaming our halls.  Oh and please don’t use my SF-86 info against my parents, it isn’t their fault I was an idiot and gave the government every last bit of info on my entire life.  I’m sure there’s more but it’s the weekend, let’s chat Monday. #LetsActLikeNothingHappened #SeriouslyThoughWTF .

And because the initial report is often understated per abrakadabra playbook hoping the bad news will go away, we’re now hearing this:

Oops, wait, what’s this?

Well, here is part of that email sent from “M” on  June 15, 5:35 pm ET:

“OPM has recently discovered that additional systems were compromised. These systems include those that contain info related to background investigations of current, former, and prospective Federal government employees, as well as other individuals from whom a Federal background investigation was conducted. This separate incident…was discovered as a result of OPM’s aggressive efforts to update its cybersecurity posture… OPM will notify those individuals whose info may have been compromised as soon as practical. You will be updated when we have more info on how and when these notifications will occur.”

So that original OPM estimate of 4 million affected employees is now OBE. That original $20 million contract will potentially go up.

Brian Krebs‘ piece on credit monitoring, the default response these days when a breach happens is worth a read. Basically, he’s saying that credit monitoring services aren’t really built to prevent ID theft (read Are Credit Monitoring Services Worth It?).

What can you do besides the suggestions provided by the State Department and OPM? Brian Krebs suggests a “credit freeze” or a “security freeze” not discussed or offered by OPM. Check out the very informative Q&A here.

 

We  know what else is on our to-do list today.

#

New Sounding Board Topic: “Please don’t share the Sounding Board with Al Kamen.”

Posted: 2:53 am EDT

 

.

We have it in good authority that there is now a hopeless new Sounding Board topic that says, “Please don’t share the Sounding Board with Al Kamen.”

C’mon, folks. Don’t do this. People should be able to talk freely about rodents and critters with whoever they want, even Al. Like  the song goes … ♫ let it go, let it go,  don’t hold back, it’s only about the damn rats ♬

Oh, but there’s something else, please cover your eyes if you don’t want to see this but … last year somebody unearthed a Mike Causey column from the Washington Post that talks about … you guess it, rats.  The Ghost of DC says this was published on October 7th, 1968.

1968! That was before all of you were born.

But there’s good news.  An average rat’s life span is 2-3 years. The bad news? Apparently, according to Discover Magazine, a female rat can mate as many as 500 times with various males during a six-hour period of receptivity—a state she experiences about 15 times per year. Thus a pair of brown rats can produce as many as 2,000 descendants in a year if left to breed unchecked.  See  20 Things You Didn’t Know About… Rats

Ugh! So, clearly, the old plan from 1968 still works: the rats must be stopped now before the Government gets bogged down in another unwanted ground war. Sign-up sheets over there.

#

Obama Admin Official Leaks Dismal Stengel-Kerry Memo on ISIS Counter Messaging

Posted: 2:08 am EDT

 

An internal State Department memo paints a dreary view of the Obama administration’s efforts to counter messaging by the Islamic State. And somebody leaked it to the New York Times.

.

.

.

.

.

Why, indeed?

The internal memo, dated June 9 is marked SBU or “sensitive but unclassified.” It was drafted and approved by Richard A. Stengel, the State Department’s under secretary for public diplomacy and public affairs (State/R) and a former managing editor of Time magazine.  The memo addressed to Secretary Kerry is cleared only by one person, Susan Stevenson, from Stengel’s own Front Office; there are no other addressee.  It’s hard to say how far this memo traveled in 4-5 days before it was leaked but the source could not be too far away from Stengel and Kerry’s offices.

The question now is motive. Who leaked that memo and why? Is it to garner support from higher ups like those in the WH or is it to torpedo Stengel’s “big proposal and immediate improvement” before it get legs. Who gains, who losses from this leak?

The memo is made available online by the NYT.

Pardon me, you’re waiting for the SBU leaker to get caught? We’ll, we’re also waiting for the trap doors for the leakers of the 2010 secret cables sent by then Ambassador Eikenberry on the Afghanistan strategy, and the 2012 top secret cable by then Ambassador Crocker on Pakistani havens.  To-date, none of those leakers have been caught. So, catch the SBU leaker? Good luck!

#

Tweet of the Day: Note to State Department: Don’t be so prickly

Posted: 12:51 am EDT

 

Center for Strategic Counterterrorism Communications and Bureaucratic Bang! Bang!

Posted: 1:18 am EDT

 

“The fate of the CSCC just underscores the difficulty of experimentation in government — there is zero tolerance for risk and no willingness to let a program evolve. […] “It’s easier to do the same stuff over and over and wring your hands instead of investing resources and having patience.”

Daniel Benjamin
Former State Department CounterTerrorism Chief
Source: WaPo in In a propaganda war against ISIS, the U.S. tried to play by the enemy’s rules | May 8, 2015

 

Video clip via WaPo:

Burn Bag: If a T-wall tips over in Baghdad but there’s no media around to hear it, will it make a sound?

Posted: 10:31 am EDT

Via Burn Bag:

“If a T-wall tips over in Baghdad but there’s no media around to hear it, will it make a sound?  What if it crushes a local national contractor working on a USG facility— will anyone mention the man’s death, or can we expect radio silence as usual?  It’s becoming clear that no one back home really cares about what’s going on over here….it’s like 2004 all over again.”

U.S. Soldiers of Headquarters and Headquarters Company, Brigade Special Troops Battalion, 3rd Brigade Combat Team, 82nd Airborne Division, guide a concrete barrier into a new position at Joint Security Station Loyalty, eastern Baghdad, Iraq, on May 17, 2009

U.S. Soldiers of Headquarters and Headquarters Company, Brigade Special Troops Battalion, 3rd Brigade Combat Team, 82nd Airborne Division, guide a concrete barrier into a new position at Joint Security Station Loyalty, eastern Baghdad, Iraq, on May 17, 2009. Photo by Staff Sgt. James Selesnick

Note: “T-Walls” or Texas barriers can reached upwards of 12 to 18 feet in height. Some of the tallest reach 24 feet. According to army.mil, t-walls of the larger variety became symbols of life in Iraq although several variations of shapes and sizes also abound around Iraq.  Read more here.

 

Don’t Worry, Be Happy — John Kirby Officially Takes Over as @StateDeptSpox

Posted: 11:02 am  EDT
Updated: 5:23 pm EDT

 

 

Today, Secretary Kerry tweeted this:

I am pleased to welcome John Kirby as our new State Department Spokesperson. I first got to know John’s work several years ago, when I was on the Senate Foreign Relations Committee and he was spokesperson for Admiral Mike Mullen and then Chief of Information for the Navy. John was known as the Navy’s indispensable utility player – it didn’t matter whether he was serving as an instructor at the U.S. Naval Academy, a public affairs officer for the Blue Angels, or aboard multiple Navy vessels – name the challenge – at every stage of his career, including in his most recent assignment as the Pentagon’s top spokesman, John has stood out for his impeccable judgment, collegiality, and character. And he understands the media – absolutely. John has always – intuitively, instinctively – gravitated toward diplomacy, and I know that he is looking forward to that focus as he retires from the Navy and moves into civilian life. All of this makes him the perfect person to help tell America’s story to the world.

I also want to recognize the extraordinary work of Deputy Spokesperson Marie Harf, who stepped in seamlessly as Acting Spokesperson over the past few months. Marie has made a contribution to every important thing I’ve done as Secretary and plays a particularly important role in leading the communications strategy for our Iran negotiations.

I am privileged to work with a remarkable team and grateful to each of them for their contributions.

.

#

NYT’s David Brooks Asks, “Are we in nursery school?” Acting State Dept Spox Marie Harf Reax. Tsk-tsk!

Posted: 11:41 am PDT

 

So last week, SecState #56 and SecState #60, both Republican-appointed Secretaries of State wrote an op-ed about The Iran Deal and Its Consequences.

The Acting Spokesperson Marie Harf was asked about this during the April 8 Daily Press Briefing:

QUESTION:  Henry Kissinger and George Shultz published a piece in the Wall Street Journal today that raised a lot of questions about the deal.  These are diplomatic statesman types.  Do you guys have any reaction to that?  Do you think they were fair?
MS HARF:  Well, the Secretary has spoken to a number of his predecessors that were former secretaries of state since we got this agreement – or since the parameters – excuse me – we got the parameters finalized.  And we’re having conversations with other senior officials.  We are happy to have that conversation about what this agreement is, what it isn’t, the work we still have to do, and how we are very confident that this achieves our objectives.  And that conversation will certainly continue.
[…]
QUESTION:  Okay.  So one of the things they say is that “absent a linkage between nuclear and political restraint, America’s traditional allies will conclude that the U.S. has traded temporary nuclear cooperation for acquiescence to Iranian hegemony” in the region.  Not true?
MS HARF:  I would obviously disagree with that.  I think that an Iran backed up by a nuclear weapon would be more able to project power in the region, and so that’s why we don’t want them to get a nuclear weapon.  That’s what this deal does.
QUESTION:  Back when —
MS HARF:  And I didn’t hear a lot of alternatives.  I heard a lot of sort of big words and big thoughts in that piece, and those are certainly – there’s a place for that, but I didn’t hear a lot of alternatives about what they would do differently.  I know the Secretary values the discussions he has with his predecessors regardless of sort of where they fall on the specifics.
QUESTION:  Well, I guess one of the criticisms is that there aren’t enough big words and big thought – or people argue that there are not enough big words and big thoughts in what the Administration is pursuing, its overall policy, particularly in the Middle East right now, which has been roiled with unrest and uncertainty.  And I think that’s what the point is they’re making.  That you reject, it, I understand that.  One of the —
MS HARF:  Well, in a region already roiled by so much uncertainty and unrest —

On that same day, conservative talk show radio host Hugh Hewitt had NYT’s David Brooks as guest and was asked about the Kissinger-Schultz op-ed, and the State Department’s official response to it. Click here for the transcript: Below is an audio of the exchange.

HH: David Brooks, this is the critique of the critics, is that we don’t have a lot of alternatives. In fact, every critic I’ve heard has alternatives, and I’m sure Kissinger and Schultz do. But a lot of big words? Really?
DB: Are we in nursery school? We’re not, no polysyllabic words? That’s about the lamest rebuttal of a piece by two senior and very well-respected foreign policy people as I’ve heard. Somebody’s got to come up with better talking points, whatever you think. And of course, there are alternatives. It’s not to allow them to get richer, but to force them to get a little poorer so they can fund fewer terrorism armies.

The Daily Caller caught that story and posted this:  Are We In Nursery School?’: David Brooks Slams Marie Harf Over Kissinger, Shultz Op-Ed Criticism.

Ouch!

But that’s not the end of the story.

William M. Todd, apparently a friend of the Harf family reposted the Daily Caller story on his Facebook page with a note that says: “Team Obama bans polysyllabic words !!”

Screen Shot 2015-04-13 at 11.17.57 AM

Here is the State Department’s Acting Spokesperson on Mr. Todd’s FB page.

Marie Harf Bill – I’m not sure how you could think this article accurately portrays me or how I view complicated foreign policy issues, given how long you’ve personally known me and my family. Does your hatred of this administration matter so much to you that it justifies posting a hurtful comment and a mean-spirited story about the daughter of someone you’ve known for years and used to call a friend? There’s a way to disagree with our policies without making it personal. Growing up in Ohio, that’s how I was taught to disagree with people. I hope your behavior isn’t an indication that’s changed.

She also posted a lengthy follow-up response here from the Daily Press Briefing.

William M. Todd responded on FB with the following:

I certainly can understand why your Team would disagree with Henry Kissinger and George Schultz on policy matters. However, what is amazing to me was your condescending and, almost childish criticism of what I considered to be a well-reasoned and thoughtful op-ed on the current Middle East crisis.

So, this is where we are people.

That’s potentially the next official spokesperson of the United States of America to the world.

#

VIDEO: U.S. Ambassador to Seoul Mark Lippert: ‘I feel incredibly lucky’

Posted: 5:37 pm PST

 

Mark Lippert, the U.S. ambassador to South Korea, joins TODAY to talk about the terrifying moment he was attacked by a man wielding a knife. He’s out of the hospital and recovering, and says he feels safe in South Korea.

 

[grabpress_video guid=”cc1015019bb9da7b0bacbea8548cddc8376b6fcd”]
Related posts:

Shuffling the Spoxes: Admiral Kirby Out, Psaki to White House, New Spoxes Race Is On!

 Posted: 11:05 PST

 

Yesterday, we heard that the Pentagon Spokesman, Read Admiral John Kirby is stepping down to make way for a new civilian spokesman under the new Secretary of Defense Ashton B. Carter.

.

.

.

 

We’re going to miss Admiral Kirby from that podium, and we’re going to miss the fake one, too. This one via @Doctrine Man sums it up:

John Kirby brought three things to the podium that are a rare combination in this business: credibility, character, and competence. Together, they equated to a presence that was second to none. He earned the respect and admiration of the Pentagon Press Corps, built relationships that spanned to the soggy side of the Potomac, and calmly managed each and every crisis that ballooned within the walls of The Building (and there were quite a few). In a tenure that lasted just 14 months (I know, it seemed like more), he became a calm voice of reason in Washington unlike any other, eclipsing both the White House and State Department press secretaries at a time when there was more than enough bad news to go around.

 

Today, news broke that the State Department Spokesperson Jennifer Psaki is returning to the White House as communications director:

.

.

.

.

The State Department spokesperson, more than the White House spokesman is the public face of the United States to the world.  The spokesperson is not only speaking on behalf of Foggy Bottom but on behalf of the United States.  Here’s our short list for the next podium king/queen:  We’d like to see one who can stay on message, and still be credible, one who inspires respect not derision; a sense of humor and some humility would be nice, too. We’d like to see an intelligent, natural performer with solid international affairs experience up that podium. And of course, somebody  eloquent and quick witted to spar with Matt Lee.