Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday June 18 2015, @12:59PM   Printer-friendly
from the if-you-are-allowed-in,-then-you-are-allowed-in dept.

Sean Gallagher reports at Ars Technica that Dr. Andy Ozment, Assistant Secretary for Cybersecurity in the Department of Homeland Security, told members of the House Oversight and Government Reform Committee that in the case of the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, encryption would "not have helped" because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering.

Ozment added that because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network. "If the adversary has the credentials of a user on the network, they can access data even if it's encrypted just as the users on the network have to access data," said Ozment. "That did occur in this case. Encryption in this instance would not have protected this data."

The fact that Social Security numbers of millions of current and former federal employees were not encrypted was one of few new details emerged about the data breach and House Oversight member Stephen Lynch (D-Mass.) was the one who pulled the SSN encryption answer from the teeth of the panel where others failed. "This is one of those hearings where I think that I will know less coming out of the hearing than I did when I walked in because of the obfuscation and the dancing around we are all doing here. As a matter of fact, I wish that you were as strenuous and hardworking at keeping information out of the hands of hackers as you are in keeping information out of the hands of Congress and federal employees. It's ironic. You are doing a great job stonewalling us, but hackers, not so much."

See our earlier stories: U.S. Government Employees Hit By Massive Data Breach and Hacking of Federal Security Forms Much Worse than Originally Thought


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday June 18 2015, @05:16PM

    by Anonymous Coward on Thursday June 18 2015, @05:16PM (#197892)

    in a galaxy far far away ...
    prolly just crazy paranoid, but maybe this government-personal department didn't want to "hand over" responsibility to the NSA hackers because maybe they didn't have time to play "war" but the NSA desperately needed all that information to feret out any peace-loving patriots because the long-term war .. err ... roadmap of the usa oligarchs requires servitude without doubt?

    well anyways, if, just "if" the NSA wanted dominion over federal government employee data they sure as hell got it now.
    also this computer security and privacy erosion hang-over attributed to possibly "behind-the-scene" string pulling of the top-of-the-class IQ.NSA has some really funny ramifications, like attacking the government-employee office for trying to keep stuff "in-house" and doing everything "wrong" : )

    :messah, propose to give emergency power to the chancellor ...