Big Brother knows some of the most intimate details about millions of Americans, but he’s a sieve when it comes to keeping citizens’ secrets safe, and is exposing their life stories to hackers and criminals by failing to secure sensitive data, experts have revealed.
Most Americans are already familiar with the National Security Agency programs to keep tabs on all cell phone calls, how the Obama administration fought in court to keep that going, ending up with Congress creating a new program to continue much of that monitoring even while a federal judge said the previous likely was unconstitutional.
The information collected by the government, in one form or another, besides cell calls, includes the health-care secrets Americans tell their doctors, which are uploaded to the Web. And government databases on guns purchased, movies watched and websites visited, courtesy of private companies.
Then there’s the data from surveillance cameras, license plate readers and sting ray devices, which track cell phone location, usage and data.
And details from drones. And fusion centers. And tax forms. And any government permit applications.
It’s everything that private companies, the government and others know about citizens, which together form a detailed dossier on every individual.
So is it possible for the government keep confidential the information on citizens it has acquired, categorized and analyzed?
“The answer’s a resounding no,” said Tom Fitton, president of the Washington watchdog Judicial Watch, which routinely tangles with the bureaucracy over privacy issues and government access to those details.
What do YOU think? Are your secrets safe with Washington? Sound off in today’s WND poll
‘Just because government wants to’
Calamities, he said, soon could be myriad.
The issue is that “big government is collecting all sorts of sensitive personal data just because it wants to,” he said, noting that there are few safeguards or limits on how that data is used.
One example, he said, was the data breach in the Office of Personnel Management that exposed the private information of an estimated 22 million former or current government workers.
The OPM hack affected probably “every person given a government background check for the last 15 years” Fitton said.
IDs, Social Security numbers and other personal details were revealed.
Privacy expert and talk-show host Dr. Katherine Albrecht told WND the OPM hack was even worse than most people realize.
That’s because the hackers targeted those with specialized government applications and security clearances, such as those who would have access to nuclear security codes.
The results of the OPM hack, then, she said, could provide additional ammunition for hackers to aim at specific individuals, perhaps using personal information from their past that would make them think they were among friends.
The OPM disaster wasn’t the first breach by hackers of government systems, nor the last.
WND reported Tuesday that the House Oversight Committee was launching an investigation into claims hackers hit government software more than two years ago. The feds may have gone on using the software, unaware of the attack.
NSA’s algorithm ‘back door’
The breach, according to one security expert, was made possible by the National Security Agency’s own encryption algorithm, which created a “back door” for hackers.
That breach alone could have compromised data across all major federal government agencies, from the Defense Department and the State Department to the Department of Health and Human Services and the Office of Personnel Management.
“Many agencies don’t even have systems in place to tell whether something bad is happening,” Fitton said. “The government can’t even tell you there have been breaches.”
John Whitehead, president of the Rutherford Institute, a nonprofit defender of civil liberties, said the totality of information available about Americans these days is cause for concern.
Then when the information is compiled in databases by the government, which may be unable to secure it, the risk of exposure increases.
“The hackers are going to have a field day,” he told WND.
He said there are too many open doors for information to be released, from government workers leaving laptops containing consumer files lying around to a lack of encryption to individuals with ill intent.
Targeted ads on personal computers, based on browsing histories, are just the beginning. Even services that provide movies analyze a person’s choices, he pointed out.
What do YOU think? Are your secrets safe with Washington? Sound off in today’s WND poll
Details used to ‘remake society’
Massive databases are being built “for no good reason other than they want to remake society,” Fitton said. “No one’s given them permission to do that.”
Matthew Green, a cryptology expert at Johns Hopkins University, warned about the possibility that government cyber security breakdowns are causing damage, The Hill reported.
And who could forget that cavalier way even top secret information was treated by Hillary Clinton while she was secretary of state and ran all of the government’s business through her own personal email service?
In fact, in one 2011 email, she told an aide to remove the security headers on classified information and forward it to her unsecured smartphone.
“It certainly shows a trend or a way for them to do their own business [that] they felt would be under the radar,” said retired Army Maj. Gen. Paul Vallely, referring to five or six close Clinton assistants and advisers.
In email exchanges with Clinton on June 17, 2011, Deputy Chief of Staff Jake Sullivan said a secure fax of talking points to be cleared by the intelligence community that Clinton had sought couldn’t be sent.
Hillary Clinton
Send with ‘no identifying heading’
“They’ve (presumably the intelligence community) had issues sending secure fax,” Sullivan wrote. “They’re working on it.”
In response, Clinton wrote back: “If they can’t, turn into nonpaper w no identifying heading and send nonsecure.”
The Sullivan email exchange with Clinton released by the State Department on Jan. 7, 2016, has been removed from its website.
The defect newly under investigation by the Oversight Committee was first recognized in December, when security officials discovered a deliberately altered code. It’s a matter of great concern. One security official said the repurposing of code was akin to “stealing a master key to get into any government building,” CNN reported.
The scenario raises questions about whether the federal government is protecting, or even can protect, Americans’ data.
According to Albrecht, whose projects include the Startmail email service which includes special privacy features, there’s no debate over the question.
“The refrain we’ve heard over and over is they are legacy systems … too big to even figure out how to repair. Then you see this brand new, completely created out of thin air health-care database, created from the ground up in the wrong way [with the same problems,]” she said. “[Americans] were sold a bill of goods.”
“Based on an analysis of a scorecard created to measure the implementation of four key provisions of [the Federal Information Technology Acquisition Reform Act], the top 24 federal agencies received an average overall ‘grade’ of D,” commented Sekhar Sarukkai recently about the data protection efforts.
Sarukkai, the co-founder of Skyhigh Networks, has more than 20 years in security on related topics.
His comment, made just last week, was pointed: “This raised the question: How well is the federal government prepared for cyber attacks?”
Federal agencies must act now
Sarukkai cited a recent report from the House Oversight Committee, which found: “For decades, the federal government has operated with poorly managed and outdated IT infrastructure. Cyber attacks are a real threat to this country. Federal agencies must act now.”
The committee said that several federal agencies failed a review of their security. Most agencies got “Ds.” Only a handful got “Cs,” and only one agency was awarded a “B.” No one received an “A.”
See the results:
The Register also reported Tuesday that hackers “purloined” 250 gigabytes of data from NASA and posted it online, although since much NASA information routinely posted, it was unclear how much would have remained secret.
The report said it did, however, include “names, phone numbers and email addresses of 2,414 NASA staffers.”
PC Mag reported last month that the “teenage hackers” who last year broke into the CIA director’s AOL account had returned online.
The report said the group “Crackas With Attitude” breached CIA chief John Brennan’s email account last year. The new report said CWA subsequently “hacked several accounts owned” by James Clapper, U.S. director of national intelligence.”
Last year, Rep. Jason Chaffetz, R-Utah, unleashed criticism on administration officials regarding government system security: “You failed. You failed utterly and totally.”
The hacking of government computers already has had a significant impact on U.S. operations. The BBC reported last year that the CIA was withdrawing staff from Beijing, “fearing data stolen from government computers could expose its agents.”
Some of the harshest criticism came from inside the government. The Oversight Committee reviewed the application of the FITARA law (Federal Information Technology Acquisition Reform Act), which was supposed to address improvements in government system security. The committee said the government is spending billions of dollars, but, “Legislation is only as good as its implementation.”
Nextgov also reported the failure of a Department of Homeland Security firewall intended to protect against hacks. The National Cybersecurity Protection System, also called EINSTEIN, was criticized for not even syncing “with the standard national database of security flaws maintained by the National Institute of Standards and Technology.”
What do YOU think? Are your secrets safe with Washington? Sound off in today’s WND poll
DHS ‘cannot handle’ malware
Consequently, “the espionage artists behind a background check hack at the Office of Personnel Management busted through EINSTEIN’s defenses with malware DHS admits the system cannot handle,” the report said.
In 2014 alone, according to Nextgov, there were at least 10 major losses.
During that time, the unclassified network at the executive office of the president was hacked, the State Department lost information to hackers, the postal service admitted a hack might have affected 800,000 workers, the Government Printing Office and the Government Accountability Office were targeted, questions were raised about the security at the glitch-abundant HealthCare.gov and even the Nuclear Regulatory Commission was targeted.
Then, ZDNet noted, hackers accessed Brennan’s private email, and the OPM breach shook Americans’ confidence in the government’s ability to manage information.
That, critics noted, could “harm the U.S.’ domestic and foreign diplomatic and intelligence work.”
Taxpayers also were targeted when IRS data was stolen that year.
At the OCR portal, part of HHS, hundreds of breaches affecting at least 500 people each over the past few years are listed.
Other problem points:
- Army National Guard members from as far back as 2004 are being warned their personal information may be at risk due to a data breach, separate from the massive Office of Personnel Management hack that compromised the outfit’s computer-stored information. The National Guard data breach is believed to have compromised members’ names, full Social Security numbers, addresses, dates of birth and other private information, The Hill reported.
- Even the liberal press was outraged with Hillary Clinton’s decision to use a personal email account for all of her work-related communications, with both MSNBC and the New York Times basically asking: What were you thinking? Her use of a personal email account for her official security and diplomatic duties with the State Department may have violated federal law, the New York Times reported. She did not even possess a government email account during her four years at State, and aides never took steps to preserve the communications tied to her personal account on federal government servers, as required by the Federal Records Act, the newspaper found.
- A report said a hacker compromised a U.S. Army database that holds sensitive information about vulnerabilities in U.S. dams. The U.S. Army Corps of Engineers’ National Inventory of Dams contains information about 79,000 dams throughout the country and tracks such information as the number of estimated deaths that could occur if a specific dam failed. It’s accessible to government employees who have accounts. Non-government users can query the database but cannot download data from it.
Even social media networks are becoming alarmed over the situation.
BBC reported recently that Twitter was sending warnings to users saying hackers may have sought their information.
“We believe that these actors (possibly associated with a government) may have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers,” Twitter told some users.
from PropagandaGuard https://propagandaguard.wordpress.com/2016/02/03/youre-totally-exposed-government-a-sieve-for-secrets/
from WordPress https://toddmsiebert.wordpress.com/2016/02/02/youre-totally-exposed-government-a-sieve-for-secrets/
No comments:
Post a Comment