Company with contractors gone wild gets OPM deal

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

A government contractor, several of whose employees were caught on video drunk while on a sensitive security mission in Afghanistan, now is being used to help fix the security breach at the Office of Personnel Management. “What are they thinking?” asked Sen. Claire McCaskill, D-Mo., who wants to know how the company got its contract from the OPM with no competitive bidding. “What in this company’s background gave them assurances that they are the company that can handle this incredibly sensitive matter at a time that Americans are really worried about the federal government’s ability to protect personal data?” McCaskill asked. The company, formerly known as Jorge Scientific, now called Imperatis, was awarded the “sole source” contract to overhaul OPM’s computer network. Source: ABC News

sh_royal bank of scotland_400

Payday turns into pique day

The Royal Bank of Scotland banking group was hit by a cyber attack on its online services, leaving customers struggling to log on for nearly an hour—just as paychecks were arriving in accounts. The group, with 6.5 million customers under the NatWest, RBS and Ulster brands, said it was the victim of a distributed denial of service attack, a deliberate surge in Internet traffic that floods a company’s site with millions of requests, bringing it to a standstill. RBS said the attack lasted 50 minutes, but while it was an inconvenience, customer accounts were not at risk. The bank said it did not know the identity of the perpetrators or why they chose to attack. RBS also was hit by a DDoS in December 2013. Source: The Guardian

sh_chinese hackers_400

Mapping out a problem

A National Security Agency map shows the Chinese government’s massive cyber assault on all sectors of the U.S economy, including major firms such as Google and Lockheed Martin, as well as the U.S. government and military. The map uses red dots to mark more than 600 corporate, private or government “Victims of Chinese Cyber Espionage” that were attacked in a five-year period, with clusters in industrial centers. The Northeast Corridor from Washington, D.C., to Boston is blanketed in red, as is California’s Silicon Valley, with other concentrations in Dallas, Miami, Chicago, Seattle, Los Angeles and Detroit. The highest number of attacks was in California, which had nearly 50. Source: NBC News

It’s alarming in Charm City

Days after riots sparked by the death of Freddie Gray, cyber hackers struck Baltimore’s city website, shutting it down for more than 16 hours. At one point, the FBI warned employees: “Do not open emails with the subject ‘Baltimore Riots.’ ” Around the same time, the group Anonymous—a network of activist hackers—posted a YouTube video titled “Operation Baltimore.” The city says none of the cyber attacks affected the main function of the website or the systemwide email. The city would not discuss the types of improvements it’s making to the website. Source: WJZ, Baltimore

sh_microsoft 10_400

It may not be a perfect 10

Web developer Jonathan Porta has found some anomalies in Windows 10’s default privacy settings that he thinks are overly vague and do not adequately explain what specific data is being collected. He also thinks the settings don’t offer enough clarity on which third-party companies are sharing Windows 10 customers’ data. Porta says when the settings are on, Microsoft can collect any data it wants and concludes: “I might as well relocate my computer to Microsoft headquarters and have the entire company look over my shoulder.” Microsoft said the data is being collected purely for product-improvement purposes. Trend Micro cybersecurity consultant Bharat Mistry says while the default settings are vague, it is unlikely Windows 10 is spying on users. “The settings would suggest that Microsoft is trying to understand user behavior in more detail—in terms of sites accessed, the time of day and also from location,” he said. Source: Business Insider

A fireside chat that’s off the grid

Firechat creator Open Garden is updating the app to add off-the-grid messaging technology called “OM” that doesn’t use cell phone services or wireless Internet while offering completely off-the-grid conversations. While the app won’t automatically use OM, it can be selected as an option for those who would rather keep their messages private. “(Data privacy is) getting more and more to the forefront of people’s consciousness,” said Christophe Daligault, chief marketing officer of Open Garden. OM works by bouncing messages through a network of users until it gets to the recipient. While not instantaneous, it would take just 5 percent of a city to be on Firechat to create blanket coverage, with an average delivery time of 10 minutes. Source: CNBC

sh_michaels_400

Getting crafty can get you charged

Two people have been charged with conspiracy to steal 94,000 credit and debit card numbers from Michaels Stores customers in a 2011 cyber attack. U.S. Attorney Paul Fishman said the conspirators captured customers’ bank account information and personal identification numbers by installing devices on 88 point-of-sale terminals in 80 Michaels stores across 19 states. They then produced counterfeit bank cards, and used them to withdraw more than $420,000 from ATMs, Fishman said. The scheme affected such banks as Bank of America, JPMorgan Chase, Toronto-Dominion Bank and Wells Fargo. Source: Reuters via Business Insurance

From the toolbox

A partnership between Google and Silent Circle, which makes privacy-centric phones, is aimed at capitalizing on companies’ attempts to secure business activities on employees’ smartphones and tablets. Silent Circle has created the Blackphone, which encrypts calls, texts and data. The company is so concerned about data security that it doesn’t keep track of customers’ names. Under the partnership, the next version of Blackphone will come with Google’s Android for Work software, a suite that lets users compartmentalize personal and professional use. It also comes with corporate features for managing employee access to company information, as well as Google productivity apps including Gmail, Contacts, Calendar, Docs, Sheets and Slides. Source: The Wall Street Journal