US hit by 'massive data breach'

137 点作者 alan_cx将近 10 年前

25 条评论

dpcan将近 10 年前

I feel like we need to change our direction in terms of "identity" all together.We seem to be relying on an "identity" that is our name, ssn, phone number, credit card number, or all these different little bits of data clumped together. Too messy, too easy to steal, to fake, to easy to sell.Maybe our identity is more like a bitcoin wallet. It's an encrypted clump of data that we only keep with ourselves, and ourselves alone. It could store money, confirm that we are who we say we are because it can have our picture in it, our names, our "numbers" for various things.Then, when someone needs ANYTHING from us, be it proof of identity, money, or trivial info, we can send them a piece of useless information salted with something that they then return to us with the same salt to get back a confirmation, or money, or access to "use" our other numbers, but they never GET our other numbers.If you want my phone number, you send a request to me asking for it. I get the request, confirm it, send back another piece of data to you. This is NOT my phone number, but something you can use to send to me again in the future when you want to call me, and then my number is dialed, but you never see it. At any time, I can wipe you off my safe list, and you don't have my phone number anymore. Same thing can work when paying for something, or proving I am who I say I am when getting a loan, buying beer, whatever.Maybe this is ridiculous.

评论 #9662959 未加载

评论 #9663067 未加载

评论 #9663480 未加载

评论 #9663965 未加载

SCAQTony将近 10 年前

Huge data breech and the FBI is screaming from an Ivory tower that encryption is hallmark of all evil and that backdoors are a really good idea.""Privacy, above all other things, including safety and freedom from terrorism, is not where we want to go..."" FBI Associate director Michael Steinbach

评论 #9662722 未加载

jacinda将近 10 年前

As a former government contractor, I wish I could say I'm surprised. Unfortunately, computer/network security in many government agencies frequently has more to do with policy documents than with anyone technical actually determining whether the system is secure.

评论 #9662897 未加载

jsingleton将近 10 年前

Bit short currently. Looks like more detail from these sources:<a href="http://mashable.com/2015/06/04/data-breach-hack/" rel="nofollow">http://mashable.com/2015/06/04/data-breach-hack/</a><a href="http://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-governments-personnel-office/2015/06/04/889c0e52-0af7-11e5-95fd-d580f1c5d44e_story.html" rel="nofollow">http://www.washingtonpost.com/world/national-security/chines...</a>

评论 #9662597 未加载

评论 #9662635 未加载

bashinator将近 10 年前

* cyber attack * cybersecurity system * cyber-intrusion * cyber databases (twice!) * cyber threatUse of the word "cyber" adds virtually no insight or context to this article.

评论 #9662812 未加载

评论 #9663065 未加载

评论 #9662829 未加载

nedwin将近 10 年前

We hear a lot about Chinese attacks on the US but virtually nothing about the opposite, which undoubtably does happen.Reading the wiki page on "Cyberwarfare" there are sections on each country, like "Cyberwarfare in Germany", "Cyberwarfare in India" etc.Both the "Cyberwarfare in USA" and Cyberwarfare in China" are about Chinese attacks on the US...<a href="http://en.wikipedia.org/wiki/Cyberwarfare" rel="nofollow">http://en.wikipedia.org/wiki/Cyberwarfare</a>

评论 #9663547 未加载

评论 #9662757 未加载

rmrfrmrf将近 10 年前

It's OK, I'm sure whoever did it had a warrant.

评论 #9662928 未加载

ChrisAntaki将近 10 年前

This is a great example of why the NSA & FBI should invest in strengthening American encryption standards, instead of trying to weaken them.

评论 #9662912 未加载

Zikes将近 10 年前

<a href="https://news.ycombinator.com/item?id=9661848" rel="nofollow">https://news.ycombinator.com/item?id=9661848</a>I am shocked. Shocked, I tell you.

评论 #9662610 未加载

cm2187将近 10 年前

It's hard not to make this trivial comment so let's make it:At least it may give a taste to US nationals of what it feels like to have your country hacked by a foreign power, like most European countries nationals felt after the Snowden leaks.

评论 #9662773 未加载

评论 #9662731 未加载

评论 #9662795 未加载

评论 #9662979 未加载

fieryscribe将近 10 年前

The timing of this report is very "interesting", given recent news: <a href="https://news.ycombinator.com/item?id=9659784" rel="nofollow">https://news.ycombinator.com/item?id=9659784</a>

themeek将近 10 年前

This is part of an ongoing cyberwar between great powers - the largest adversaries to the US being China (mostly smash and grab) and Russia (primarily sophisticated and surgical).It would be nice if there was some place where we could see the scoreboard to know how effective and how often we hack the Chinese back. Right now it looks like our tax dollars are being spent getting hacked, but the US government has doubled down many times on offensive cyberwar capabilities and now have professional cybersoldier career tracks in the DoD.What's the assessment?

评论 #9662772 未加载

评论 #9663297 未加载

foxhedgehog将近 10 年前

A lot of people here are commenting, rightly, that this is an example of why the USG should be strengthening encryption. It's also a reminder that, despite its disproportionate focus in media, including on HN, the US is obviously not the only government engaged in this behavior.

Red_Tarsius将近 10 年前

I wonder how much social engineering was involved in the hack. No matter how great is your tech, if your staff is not trained to be paranoid you're going to suffer the consequences."Hey I just found a usb pen on the floor. I wonder what it's inside it..."

blisterpeanuts将近 10 年前

This is perhaps a stupid or uninformed question, but if databases are so vulnerable, why is so much information still stored in cleartext? It seems to me that taking the extra step to strongly encrypt data prior to writing to tables would make the intruder's job much harder.I speak not only as a programmer and database guy from way back, but as one of the millions of Anthem subscribers whose personal data was stolen a few months ago in a massive breach.I know that "data breach" might well mean the keys were stolen which decrypted an otherwise secure file, but the terminology suggests that the breach was simple access into the system rather than acquisition of the precious keys themselves.Someone with superior knowledge of these things, kindly explain.

评论 #9662946 未加载

评论 #9662878 未加载

评论 #9662866 未加载

redwards510将近 10 年前

What would be a suitable response to this? America does not have a clear cyberwar policy and I haven't heard many suggestions.

评论 #9662708 未加载

评论 #9662630 未加载

评论 #9662753 未加载

评论 #9662613 未加载

ephemeralgomi将近 10 年前

what differentiates a 'cyber database' from a 'database'

评论 #9662665 未加载

评论 #9662806 未加载

评论 #9662678 未加载

评论 #9662997 未加载

评论 #9662962 未加载

评论 #9662768 未加载

dpweb将近 10 年前

Of course, China. How is it they are incompetent to protect the data, yet competent enough to know immediately who did it.

评论 #9662740 未加载

sgacka将近 10 年前

This hit every US news service. How is it so low in points?"breach could potentially affect every federal agency, officials said"I love HN's ability to filter news that matters to dev/tech-professionals, but when stuff like this pops up it should be top 10, for at _least_ a few hours. This is some serious shit. Who here does business with government agencies? Most of you have IRS Tax/Employer IDs... with the rate that this is "expanding" what is to say that it wasn't just HR records, but more. Your e-filed IRS return could be sitting with folks outside of the IRS...No intention to fear monger but think of the statement "breach could potentially affect every federal agency" - every business in the US does something, with sensitive data, with an agency :/

fleitz将近 10 年前

It's not a data breach, it's essential that the US keep their database unencrypted so that the Chinese national security agency can search their records for ties to terrorism.If anything China just did the OPM a favour to help them keep their freedom.

thyrsus将近 10 年前

Note the Office of Personnel Management's scores in this report, and note the scores of the State Department. Ms. Clinton's e-mails may have been more secure at her private residence :-\<a href="https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/final_fy14_fisma_report_02_27_2015.pdf" rel="nofollow">https://www.whitehouse.gov/sites/default/files/omb/assets/eg...</a>

danso将近 10 年前

Interested in hearing the details about this one. How much of it was facilitated by phishing or social engineering? Are there any government systems that require two-factor auth? So much of federal web infrastructure is based on old code/systems that, while invulnerable to a mass exploit of Rails/WordPress/Bash, have not even remotely been tested and studied against edge cases in the way that large scale open source platforms have.

ams6110将近 10 年前

The breach did not involve background checks and clearance investigations, officials said.No, that breach[1] was a couple of years ago.1: <a href="http://www.nextgov.com/cybersecurity/2014/12/opm-alerts-feds-second-background-check-breach/101622/" rel="nofollow">http://www.nextgov.com/cybersecurity/2014/12/opm-alerts-feds...</a>

gress将近 10 年前

If only there had been a backdoor in the system, or no encryption, law enforcement could have prevented this. /s

评论 #9662707 未加载

multinglets将近 10 年前

Oh no, the Chinese are stealing all our datas in an unprecedented cYbErattack!I didn't realize it was Thursday again already.