Belmont Club

Social Engineering

Ars Technica, describing how China “hacked” the OPM database, obtaining the records of millions of Federal Employees, notes that we should we should use the word “hack” advisedly.  The attackers “had valid user credentials and run of network” which they obtained through “social engineering”.

Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network.

“Social engineering” for those that don’t know, is an IT security term for “someone gave them the password”. It’s not hard to see how the Chinese might have wheedled out a credential.

Some of the contractors that have helped OPM with managing internal data have had security issues of their own—including potentially giving foreign governments direct access to data long before the recent reported breaches. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is ‘so what’s new?'”

Katherine Achuleta, the director of OPM claims that at least she found the “hack” — note the use of scare quotes used to preserve the reputation of real, honest hacking.  “Archuleta told the committee that the breach was found only because she had been pushing forward with an aggressive plan to update OPM’s security, centralizing the oversight of IT security under the chief information officer and implementing ‘numerous tools and capabilities.’ She claimed that it was during the process of updating tools that the breach was discovered.”

Admiral Kimmel should have used that line at Pearl Harbor. “I noticed the base was bombed and informed Washington immediately.”

Katherine Achuleta, the person in charge of the Crown Jewels has had an interesting career path to her current position. Her biography at opm.gov reveals a person proud of her membership in an “inclusive workforce that reflects the diversity of America”. Nowhere, however does her biography indicate that she knows diddly squat about computers, computer networks or security.

On May 23, 2013, President Obama appointed Director Archuleta to lead the U.S. Office of Personnel Management (OPM), the agency responsible for attracting and retaining an innovative, diverse and talented workforce to make the Federal government a model employer for the 21st century.

On November 4th, Archuleta was sworn in to begin her tenure as the 10th Director of OPM, and the first Latina to head this federal agency.

Director Archuleta began her career in public service as a teacher in the Denver public school system. She left teaching to work as an aide to Denver Mayor Federico Peña. When Mayor Peña became Secretary of Transportation during the Clinton Administration, Archuleta continued her public service as his Chief of Staff. Later, Peña was appointed to head the Department of Energy and Archuleta served as a Senior Policy Advisor in the Office of the Secretary.

After the Clinton Administration, she went back to local government and became a Senior Policy Advisor to Denver Mayor John Hickenlooper.

Archuleta spent the first two years of the Obama Administration serving as the Chief of Staff at the Department of Labor to Secretary Hilda Solis.

As the Director of OPM, Archuleta is committed to building an innovative and inclusive workforce that reflects the diversity of America. As a long-time public servant, she is a champion of Federal employees.

But OPM is right though. Encryption wouldn’t have helped.  The problem was somewhere else. Modern Western society has its own definition of “social engineering”.  It apparently means putting people in charge of things not because they know anything about it, but because they possess the highest symbolic value.  Race, gender, inclination or identification — especially political identification — are so much more important these days then being able to tell a difference between a hashed key and corned beef hash.

We’re in a race to the bottom.  And this time, we’ll win.

[jwplayer mediaid=”43734″]


Recently purchased by readers:
Cassandra Data Modeling and Analysis Paperback, December 23, 2014 by C.Y. Kan
Conversations with a Rattlesnake, Raw and honest reflections on healing and trauma Hardcover – November 28, 2014 by Theo Fleury (Author), Kim Barthel
Downfall, The End of the Imperial Japanese Empire Hardcover – September 28, 1999 by Richard Frank
Early Cold War Spies, The Espionage Trials that Shaped American Politics (Cambridge Essential Histories) Paperback – August 28, 2006 by John Earl Haynes, Harvey Klehr
Making Mavericks The Memoir of a Surfing Legend Paperback – October 26, 2012 by Frosty Hesson
Chemex 3-Cup Coffeemaker with Glass Handle

Possibly worth buying:
Retribution, The Battle for Japan, 1944-45 Paperback – March 10, 2009 by Max Hastings
Building Cloud Apps with Microsoft Azure, Best Practices for DevOps, Data Storage, High Availability, and More (Developer Reference) [Kindle Edition] Free
War Plan Orange, The U.S. Strategy to Defeat Japan, 1897-1945 Paperback – March 1, 2007 by Edward S. Miller
Bankrupting the Enemy, The U.S. Financial Siege of Japan Before Pearl Harbor Hardcover – September 10, 2007 by Edward S. Miller


Did you know that you can purchase some of these books and pamphlets by Richard Fernandez and share them with you friends? They will receive a link in their email and it will automatically give them access to a Kindle reader on their smartphone, computer or even as a web-readable document.
The War of the Words for $3.99, Understanding the crisis of the early 21st century in terms of information corruption in the financial, security and political spheres
Rebranding Christianity for $3.99, or why the truth shall make you free
The Three Conjectures at Amazon Kindle for $1.99, reflections on terrorism and the nuclear age
Storming the Castle at Amazon Kindle for $3.99, why government should get small
No Way In at Amazon Kindle $8.95, print $9.99. Fiction. A flight into peril, flashbacks to underground action.
Storm Over the South China Sea $0.99, how China is restarting history in the Pacific
Tip Jar or Subscribe or Unsubscribe to the Belmont Club