nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

National Archives finds OPM-style intrusion: No data theft found, though

Feds play security whack-a-mole across holey govt IT systems

By Alexander J Martin, 23 Jun 2015

The US National Archives and Records Administration (NARA) has discovered illicit activity on three of its desktop computers, which may have been compromised in much the same manner as those of the Office of Personnel Management (OPM).

The OPM intrusion lead to an as-yet unidentified group getting hold of millions of federal employees' very sensitive details.

Nextgov reported that NARA's in-house "intrusion-prevention" technology "successfully spotted the so-called indicators of compromise (IoCs) during a scan this spring".

An investigator of the compromise at NARA told Nextgov that he had not found any evidence of an intruder obtaining administrative privileges, but "files were found in places they did not belong".

"Systems" and "applications" were not compromised, NARA spokeswoman Laura Diachenko told Nextgov, "but we detected IOCs on three workstations, which were cleaned and re-imaged".

"Other files found seemed to be legitimate," such as those from a Microsoft website, Diachenko said. "We have requested further guidance from US-CERT on how to deal with these." NARA is currently awaiting guidance on how to proceed.

Crediting an unauthorised source, despite the recent controversy this has provoked for their cousins across the Atlantic, Nextgov claims that NARA discovered the IoCs soon after US-CERT published signs of the wider attack, which had been successful at the OPM and may also have been targeting other agencies.

"Beginning June 8 and continuing through June 19, OPM will be sending notifications to approximately four million individuals whose Personally Identifiable Information was potentially compromised in this incident," said the feds in an alert sent to current and former government employees.

The OPM breach was revealed to be more than a mere government goof, however, as the intruders had nabbed copies of Standard Form 86, very possibly revealing close to everything about close to everyone employed by the federal government.

The Register has contacted US federal authorities and will update this article if and when we receive a response. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing