Feds Who Didn't Even Discover The OPM Hack Themselves, Still Say We Should Give Them Cybersecurity Powers

from the really-now? dept

We already described how the recent hack into the US federal government’s Office of Personnel Management (OPM) appears to be much more serious than was initially reported. The hack, likely by Chinese state hackers, appear to have obtained basically detailed personal info on all current and many former federal government employees.

And here’s the amazing thing: the federal government wasn’t the one who figured out they’d been hacked. Instead, it’s now coming out that it was discovered during a product demo from a cybersecurity company (guess their product works, huh?). According to the Wall Street Journal:

But four people familiar with the investigation said the breach was actually discovered during a mid-April sales demonstration at OPM by a Virginia company called CyTech Services, which has a networks forensics platform called CyFIR. CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM?s network and discovered malware was embedded on the network. Investigators believe the hackers had been in the network for a year or more.

That may go down as one of the most effective product demos ever.

But, what’s really sickening about all of this is that the federal government is already using this hack — which it failed to discover — as an excuse to pass new cybersecurity legislation, whose sole purpose is to give the feds more information, in the (faulty) belief that they’ll “help” prevent future attacks. Within days of the initial report of the hack, Senator Mitch McConnell pointed to it as the reason to push cybersecurity legislation:

?It might or might not deal with every aspect of what apparently happened a few days ago. But Congress is going to act on cybersecurity on this bill in the very near future.?

Thankfully, cooler heads — including Senator Patrick Leahy — prevailed in pointing out that the OPM hack is no reason to rush into cybersecurity legislation — but it’s even more ridiculous than that. The entire premise of these cybersecurity bills is that we need this kind of information sharing so that government folks can “help” to better protect “critical infrastructure.” But these same guys are so clueless they can’t even protect their own staff files — and then need outside help to even discover that they were hacked a year ago?

Perhaps it’s time to move in the other direction and take away the government’s mandate over “cybersecurity” because it’s shown little indication that it can handle the problem.

Filed Under: , , , , , , ,
Companies: cytech services

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Feds Who Didn't Even Discover The OPM Hack Themselves, Still Say We Should Give Them Cybersecurity Powers”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

“If it is China and it is state sponsored, WHY THE FUCK do we still say it’s ok for any US company to do business with them , why do 99% of all US products still have china stamped on them , to do business with China is to do business with terrorists right????”

Because the US is so in debt to China that the Chinese practically own it now. You could say that the Chinese are just keeping tabs on their investment.

James Clapper says:

Re: Re:


Isn’t it supposed to be the job of NSA to secure data like this?

Maybe they need to spend a few hundred billion more on their illegal domestic surveillance programs. Everyone knows that mass collection, processing and storage of potential dirt on civil society actors is the first step in setting up basic network security.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...