Over the past 10 years, technology has evolved at an astounding rate. There are still people alive today who can remember what life was like before the internet was made available to everyone, just as there are people alive now who can’t remember a world without the internet. The current point in human history that is being witnessed is equal parts fascinating and terrifying. Never before have humans been able to be as efficient as they are now. No longer are people bound by the limitations of state or country lines.
People from all over the world now have the ability to talk to each other and communicate instantly. People are now connected in a way that no other person in the history of humanity has ever been connected; and with all of these amazing advancements, there also come several risks. While it is true that people are now doing things that humanity has never experienced before, it is also true that people are at risk now from threats that humanity has never experienced before.
The general population has put so much faith in the internet and the systems that run it, that they often forget to think about the risk of putting all of one’s faith into a man-made system. Namely that if someone built it, then it can just as easily be broken; and when that happens, the consequences could be catastrophic.
The US government is an entity that is no stranger to failures. With all the responsibilities that it has, things are bound to be overlooked or neglected.
To help mitigate the number of things that are overlooked, the government has created a number of offices and departments that specialize in one particular field. OPM, or the US office of personnel Management, is one such entity. According the official OPM website, The U.S. Office of Personnel Management (OPM) serves as the chief human resources agency and personnel policy manager for the federal government. They go on to describe their duties as the implementation of programs and delivery of services that enable the agency to meet its goals. They handle the affairs of both current and former government employees and provide human resources leadership and support to Federal agencies and helps the federal workforce achieve their aspirations as they serve the American people. To summarize, the OPM is the human resources department for the US government. Because of this, they have a lot of information on every person that is currently, or has been, employed by the federal government. With the advent of the Internet, the OPM is now able to store thousands of records on its current and former employees without taking up any space at all. They can also easily search for these records and pull up specific files using this sorting system. With this massive convince, however, comes an inherent risk. All of the records of people who have ever worked for the federal government are all easily accessible and in one place. It would only take one person with enough know how to hack into that system, and thousands of people’s personal information would be compromised. Unfortunately, OPM neglected their responsibility to the American people, and because of that, massive amounts of damage were done.
The story starts on Aprial 15th of 2015. A security engineer for OPM by the name of Brendan Saulsbury went about decrypting a portion of the Secure Sockets Layer (SSL) traffic that makes its way through the agencys servers. Hackers routinely use these SSL encryptions to help hide their activities. Brendan was just doing a routine check up on this code to see if he could find anything suspicious. Soon, Brendan noticed that there was strange outbound traffic in the code he decrypted. Digging a little more, he found that this signal was going to a website called opmsecurity.org. The problem was, however, OPM didn’t hold any such domain name, raising an immediate red flag. Digging deeper, Brendan and his collogues discovered that the signal was coming from a file called mcutil.dll. That file is typically found in virus protection software sold by McAfee; unfortunately, the OPM didnt use McAfee as its virus protection software. From there, it became apparent that the file was actually the hiding place for malware that could give a hacker access to OPMs servers. Eventually, Brendan and his collages learned two disturbing facts. The first fact was that the domain opmsecurity.org was registered on April 25 2014, meaning that the hacker has potentially been gathering information for a year without anyone noticing. The second, and possibly more disconcerting of the two facts, was that the owner of the domain was listed as Steve Rogers. Steve Rogers is the name of the Marvel comic superhero Captain America. The reason this causes concern is because the registration of domains to the names of Marvel superheros is a calling card of an infamous hacker group. At this point, the race was on to try and expunge the hacker group for the OPM website while trying to mitigate the already colossal amount of damage.
In total, the amount of people who had their information compromised was at least 22.1 million people. Out of those affected, 21.2 million people were from a repository of security clearance files. Of that, 19.7 of those people were in those files because they applied for a security clearance, the other 1.8 million were spouses, family members and other non-applicants. One of the most egregious losses was the 1.1 million sets of fingerprints, detailed financial and health records and computer usernames and passwords that were used to complete the security-clearance form online.
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.get help with your assignment