Chinese talking cybersecurity means security is already lost

A longtime reader and good friend of mine sent me a link this week to a CNBC story about the loss of fingerprint records in the Office of Personnel Management hack I have written about before. It’s just one more nail in the coffin of a doltish bureaucracy that — you know I’m speaking the truth here — will probably result in those doltish bureaucrats getting even more power, even more data, and ultimately losing those data, too.

So the story says they lost the fingerprint records of 56 million people! Game over.

Remember how this story unfolded? There had been a hack and some records were compromised. Then there had been a hack and […]

Who is your IT outsourcing firm working for?

outsourcing-for-dummiesWhile the U.S. Government has been remarkably opaque about the recently discovered security breach at the Office of Personnel Management (OPM), we know that personal information on at least 21.5 million present, former, and prospective federal employees was lost. The Feds claim Chinese hackers are at the bottom of it, which is disputed by the Chinese government. This, to me, raises a number of questions, especially about the possible role of IT outsourcing firms and implications for organizations beyond OPM. Does IT outsourcing make your data more vulnerable? Yes, I believe it does.

It’s easy to blame the Office of Personnel Management for its own troubles. Oversight was lax. The agency failed a security audit and […]

IBM is so screwed

I’ve been working on a big column or two about the Office of Personnel Management hack while at the same time helping my boys with their Kickstarter campaign to be announced in another 10 days, but then IBM had to go yesterday and announce earnings and I just couldn’t help myself. I had to put that announcement in the context you’ll see in the headline above. IBM is so screwed.

Below you’ll see the news spelled-out in red annotations right on IBM’s own slides. The details are mainly there but before you read them I want to make three points. First, IBM’s sexy new businesses (cloud, analytics, mobile, social and security or CAMSS) aren’t growing — and probably won’t be growing — […]

Your PBX has been hacked!

phreakThis past week a very large corporation on the east coast was hacked in what seems to naive old me to be a new way — through their corporate phone system. Then one night during the same week I got a call from my bank saying my account had been compromised and to press #4 to talk to their security department. My account was fine: it was a telephone-based phishing expedition. Our phone network has been compromised, folks, and nobody with a phone is safe.

Edward Snowden was right we’re not secure, though this time I don’t think the National Security Agency is involved.

Here’s how this PBX hack came down. Step one begins with looking for […]

Where the money is… or was

fedcheckToday was Tax Day in the United States, when we file our federal income tax returns. This has been an odd tax season in America for reasons that aren’t at all clear, but I am developing a theory that cybersecurity failures may shortly bring certain aspects of the U.S. economy to its knees.

I have been writing about data security and hacking and malware and identity theft since the late 1990s. It is a raft of problems that taken together amount to tens of billions of dollars each year in lost funds, defensive IT spending, and law enforcement expenditures. Now with a 2014 U.S. Gross Domestic Product of $17.42 trillion, a few […]