SSL Certificate

HOGR Committee Report Discusses and Dissects OPM Breach Report

September 13, 2016 | By Comodo SSL

Last week’s House Oversight & Government Reform (HOGR) Committee report on the U.S. Office of Personnel Management (OPM) breaches, titled ‘The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation’, has led to a series of finger pointing and arguments. The report exposed data belonging to more than 22 million people, including government employee and contractor records. The squabbling now is on who knew what first and the like.

The 241-page report says that two massive breaches that occurred in 2014 and 2015 happened due to outdated government technology and sloppy cyber-security. The accusations are directed at the OPM.  The report says-“The lax state of OPM’s information security left the agency’s information systems exposed for any inexperienced hacker to infiltrate and compromise”. The report also says- “The agency’s senior leadership failed to fully comprehend the extent of the compromise, allowing the hackers to remove manuals and other sensitive materials that essentially provided a roadmap to the OPM IT environment and key users for potential compromise,”

OPM Data Breach

Those who were behind the data breaches worked by exfiltrating data using OPM-related domain names such as opmsecurity.org and opmlearning.org, which were registered to spoofed registry accounts under the name of Marvel superheroes Tony Stark and others.  Anyhow, Rep. Elijah Cummings, ranking member of the HOGR Committee, has said that the official breach report is full of errors- factual inaccuracies. Cumming had in April 2015 penned a letter which states that a member of the OPM staff had identified an unknown SSL certificate on the OPM network, which was being used to communicate data with the malicious domain opmsecurity.org. This SSL certificate-detection was critical as it helped locate the presence of a malware which was masquerading as a DLL file. Cylance, one of the two federal contractors figuring prominently in the breach reports (the other being CyTech), was called in by OPM to probe the matter. They were asked to conduct forensics on the DLL and also map the binary and begin remediation efforts. The oversight committee says that though the OPM had Cylance tools at their disposal from June 2014, they didn’t deploy the technology until April 2015, after its systems were under attack. As per the OPM report timeline CyTech Services had detected the breach and remediation efforts began on April 21 and concluded May 1, 2015. It also says that the breach was undisclosed and came to light when an “OPM contractor” identified suspicious SSL certificate related activity on April 15. But Cummings states that the reports that CyTech had first detected the OPM data breaches are inaccurate. Surprisingly, neither CyTech nor Cylance makes claims regarding discovering the breaches.

There are also issues pertaining to the relationship between the OPM and CyTech Services. While CyTech says that OPM has used its CyFIR tool as part of a product demonstration and that OPM never paid for a license to use it, OPM authorities say that CyTech has never sent a request for payment for services rendered or licenses provided during the product demonstration that was conducted during the 2015 breach response. They say that the payments will be made on receiving such a request.

Meanwhile a blog post made by OPM Acting Director Beth F. Cobert on www.opm.gov last week says- “The cybersecurity report issued today by the Republican members of the House Oversight and Government Reform Committee (HOGR) on the cyber intrusions at the U.S. Office of Personnel Management (OPM) does not fully reflect where this agency stands today”.  She adds- “While we disagree with many aspects of the report, we welcome the committee’s recognition of OPM’s swift response to the cybersecurity intrusions and its acknowledgement of our progress in strengthening our cybersecurity policies, and processes. We also appreciate the panel’s willingness to work with us on these important issues and find many of the final recommendations to be useful for OPM and the Federal Government at-large.”

ssl certificate

Posted in SSL Certificate

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory