Company with contractors gone wild gets OPM deal

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

A gov­ern­ment con­trac­tor, sev­er­al of whose employ­ees were caught on video drunk while on a sen­si­tive secu­ri­ty mis­sion in Afghanistan, now is being used to help fix the secu­ri­ty breach at the Office of Per­son­nel Man­age­ment. “What are they think­ing?” asked Sen. Claire McCaskill, D-Mo., who wants to know how the com­pa­ny got its con­tract from the OPM with no com­pet­i­tive bid­ding. “What in this company’s back­ground gave them assur­ances that they are the com­pa­ny that can han­dle this incred­i­bly sen­si­tive mat­ter at a time that Amer­i­cans are real­ly wor­ried about the fed­er­al government’s abil­i­ty to pro­tect per­son­al data?” McCaskill asked. The com­pa­ny, for­mer­ly known as Jorge Sci­en­tif­ic, now called Imper­atis, was award­ed the “sole source” con­tract to over­haul OPM’s com­put­er net­work. Source: ABC News

sh_royal bank of scotland_400

Payday turns into pique day

The Roy­al Bank of Scot­land bank­ing group was hit by a cyber attack on its online ser­vices, leav­ing cus­tomers strug­gling to log on for near­ly an hour—just as pay­checks were arriv­ing in accounts. The group, with 6.5 mil­lion cus­tomers under the NatWest, RBS and Ulster brands, said it was the vic­tim of a dis­trib­uted denial of ser­vice attack, a delib­er­ate surge in Inter­net traf­fic that floods a company’s site with mil­lions of requests, bring­ing it to a stand­still. RBS said the attack last­ed 50 min­utes, but while it was an incon­ve­nience, cus­tomer accounts were not at risk. The bank said it did not know the iden­ti­ty of the per­pe­tra­tors or why they chose to attack. RBS also was hit by a DDoS in Decem­ber 2013. Source: The Guardian

sh_chinese hackers_400

Mapping out a problem

A Nation­al Secu­ri­ty Agency map shows the Chi­nese government’s mas­sive cyber assault on all sec­tors of the U.S econ­o­my, includ­ing major firms such as Google and Lock­heed Mar­tin, as well as the U.S. gov­ern­ment and mil­i­tary. The map uses red dots to mark more than 600 cor­po­rate, pri­vate or gov­ern­ment “Vic­tims of Chi­nese Cyber Espi­onage” that were attacked in a five-year peri­od, with clus­ters in indus­tri­al cen­ters. The North­east Cor­ri­dor from Wash­ing­ton, D.C., to Boston is blan­ket­ed in red, as is California’s Sil­i­con Val­ley, with oth­er con­cen­tra­tions in Dal­las, Mia­mi, Chica­go, Seat­tle, Los Ange­les and Detroit. The high­est num­ber of attacks was in Cal­i­for­nia, which had near­ly 50. Source: NBC News

It’s alarming in Charm City

Days after riots sparked by the death of Fred­die Gray, cyber hack­ers struck Baltimore’s city web­site, shut­ting it down for more than 16 hours. At one point, the FBI warned employ­ees: “Do not open emails with the sub­ject ‘Bal­ti­more Riots.’ ” Around the same time, the group Anonymous—a net­work of activist hackers—posted a YouTube video titled “Oper­a­tion Bal­ti­more.” The city says none of the cyber attacks affect­ed the main func­tion of the web­site or the sys­temwide email. The city would not dis­cuss the types of improve­ments it’s mak­ing to the web­site. Source: WJZ, Bal­ti­more

sh_microsoft 10_400

It may not be a perfect 10

Web devel­op­er Jonathan Por­ta has found some anom­alies in Win­dows 10’s default pri­va­cy set­tings that he thinks are over­ly vague and do not ade­quate­ly explain what spe­cif­ic data is being col­lect­ed. He also thinks the set­tings don’t offer enough clar­i­ty on which third-par­ty com­pa­nies are shar­ing Win­dows 10 cus­tomers’ data. Por­ta says when the set­tings are on, Microsoft can col­lect any data it wants and con­cludes: “I might as well relo­cate my com­put­er to Microsoft head­quar­ters and have the entire com­pa­ny look over my shoul­der.” Microsoft said the data is being col­lect­ed pure­ly for prod­uct-improve­ment pur­pos­es. Trend Micro cyber­se­cu­ri­ty con­sul­tant Bharat Mis­try says while the default set­tings are vague, it is unlike­ly Win­dows 10 is spy­ing on users. “The set­tings would sug­gest that Microsoft is try­ing to under­stand user behav­ior in more detail—in terms of sites accessed, the time of day and also from loca­tion,” he said. Source: Busi­ness Insider

A fireside chat that’s off the grid

Firechat cre­ator Open Gar­den is updat­ing the app to add off-the-grid mes­sag­ing tech­nol­o­gy called “OM” that doesn’t use cell phone ser­vices or wire­less Inter­net while offer­ing com­plete­ly off-the-grid con­ver­sa­tions. While the app won’t auto­mat­i­cal­ly use OM, it can be select­ed as an option for those who would rather keep their mes­sages pri­vate. “(Data pri­va­cy is) get­ting more and more to the fore­front of people’s con­scious­ness,” said Christophe Dali­gault, chief mar­ket­ing offi­cer of Open Gar­den. OM works by bounc­ing mes­sages through a net­work of users until it gets to the recip­i­ent. While not instan­ta­neous, it would take just 5 per­cent of a city to be on Firechat to cre­ate blan­ket cov­er­age, with an aver­age deliv­ery time of 10 min­utes. Source: CNBC

sh_michaels_400

Getting crafty can get you charged

Two peo­ple have been charged with con­spir­a­cy to steal 94,000 cred­it and deb­it card num­bers from Michaels Stores cus­tomers in a 2011 cyber attack. U.S. Attor­ney Paul Fish­man said the con­spir­a­tors cap­tured cus­tomers’ bank account infor­ma­tion and per­son­al iden­ti­fi­ca­tion num­bers by installing devices on 88 point-of-sale ter­mi­nals in 80 Michaels stores across 19 states. They then pro­duced coun­ter­feit bank cards, and used them to with­draw more than $420,000 from ATMs, Fish­man said. The scheme affect­ed such banks as Bank of Amer­i­ca, JPMor­gan Chase, Toron­to-Domin­ion Bank and Wells Far­go. Source: Reuters via Busi­ness Insurance

From the toolbox

A part­ner­ship between Google and Silent Cir­cle, which makes pri­va­cy-cen­tric phones, is aimed at cap­i­tal­iz­ing on com­pa­nies’ attempts to secure busi­ness activ­i­ties on employ­ees’ smart­phones and tablets. Silent Cir­cle has cre­at­ed the Black­phone, which encrypts calls, texts and data. The com­pa­ny is so con­cerned about data secu­ri­ty that it doesn’t keep track of cus­tomers’ names. Under the part­ner­ship, the next ver­sion of Black­phone will come with Google’s Android for Work soft­ware, a suite that lets users com­part­men­tal­ize per­son­al and pro­fes­sion­al use. It also comes with cor­po­rate fea­tures for man­ag­ing employ­ee access to com­pa­ny infor­ma­tion, as well as Google pro­duc­tiv­i­ty apps includ­ing Gmail, Con­tacts, Cal­en­dar, Docs, Sheets and Slides. Source: The Wall Street Journal