Home Tags Captain America

Tag: Captain America

Ending Thanos' reign of destruction will apparently require every film-universe hero.
Solid enough, but this feels like a footnote in the crowded Marvel Cinematic Universe.
Begun, the textbook scandal has.
Also, it's freakin badass.

Did we mention the badass part? Holy crap.
Deal marks beginning of “multi-game” deal with Marvel.
How hackers broke into millions of US govt personnel files The congressional investigation into the hacking of the US Office of Personnel Management has shown how a cascade of stupidity that allowed not one but two hackers access to critical government secrets. The 227-page report [PDF] details how two hacking teams, both thought to be state-sponsored groups from China, managed to swipe paperwork for security background checks on 21.56 million individuals – including the fingerprint records for 5.6 million of them – and the personnel files of 4.2 million former and current US government employees. Those stolen documents essentially contained chapter and verse on the lives of millions of Americans who have or had access to sensitive government materials – a goldmine for foreign hackers to target. The infiltrations, carried out between 2012 and early 2015, were so severe and wide-ranging that they forced the resignation of the then-head of the OPM Katherine Archuleta and the creation of a new agency, the National Background Investigations Bureau (NBIB), to carry out sensitive background checks and to keep the information secure. The OPM had been warned repeatedly by government inspectors since 2005 that its IT systems weren't secure.
In 2012, US-CERT warned the department that the Hikit malware was operating on its servers. Late the following year, it also found evidence that one or more hackers were active on those servers. CERT warned again in March of 2014 that a hacker had managed to get information out of the OPM servers – primarily computer network specifications and IT administrator files.

This set off warning signals, since – as the head of the NSA's hacking squad contends – this is the first stage of any serious hacking attack. The two organizations hatched a plan to get rid of the hackers in an operation called Big Bang.

They kept a close eye on what the intruders were doing and – when the attackers loaded a keylogger onto several machines used by people with access to sensitive servers – moved in for the kill on May 27 by shutting down servers and scrubbing the infected machines. Unfortunately, a second hacker was already loose on the system and hadn't been spotted. Later analysis showed the attacker got into the OPM's servers by stealing the credentials of one of its contractors.

Because two-factor authentication wasn't required, this gave free access to the agency's servers and the hacker installed the PlugX malware. In July, the OPM went public with the news that it had been attacked, but said that only computer manuals had been stolen and no personal information was missing.

But in December, the second attacker managed to download 4.2 million personnel files from the OPM's servers and stashed them online. Around March 26 the hackers came back, this time taking millions of fingerprint files and other data.
In mid-April a contractor notified his bosses that there were unusual types of traffic on the network, and the agency hired security firm Cylance to have a look around.

Cylance's scanning tool "lit up like a Christmas tree" when it found the servers laced with malware. A week later, the OPM informed Congress that a major hack had taken place – which it is required to do by law – and quarantined its servers the day afterwards.
It was only when a full forensic investigation was carried out that the true extent of the theft became apparent and the shit hit the fan. The report said that the initial attack was executed by a group called Axiom Threat Actor Group (the only hacking group to use Hikit) and the second by a team called Deep Panda – who are thought to be linked to the Anthem data theft carried out the same year.

Both have links with the Chinese government and it's possible they coordinated their attacks. They were also comedians – two domains were set up to channel the attacks and these were registered to Tony Stark (Iron Man), Steve Rogers (Captain America), and Natasha Romanoff (Black Widow).

The visual effects director of the movie Iron Man was also referenced. The report recommends that the OPM and other government departments hire CIOs who know what they are doing, and tie them into multiyear contracts so they can get stuff done.

They need to introduce a "zero trust" regime on OPM's servers – meaning those inside the firewall are treated with the same caution as those outside. Other recommendations include better authentication controls (well, duh), investing in better security systems, and increasing the amount it pays security staff, so that it can get the best talent and improved training for staff. ®
OPM officials did nearly everything wrong as far as security goes and then lied about it, House Oversight Committee Republicans said in a final report on the OPM breach.Photo illustration by Sean Gallagher, based on image by Colin Feds Under Attack: OPM Breach CIA officers pulled from China because of OPM breach US counter-intel czar to hack victims: “raise shields” against spearphishing China and Russia cross-referencing OPM data, other hacks to out US spies Obama administration decides not to blame China publicly for OPM hack Government IT official ran law enforcement data systems for years with faked degrees View more storiesreader comments 19 Share this story A report from the Republican majority on the House Oversight and Government Reform Committee published today places blame for the 2014 and 2015 data breaches at the Office of Personnel Management squarely on the OPM's leadership.

The report finds that the long-time network infiltration that exposed sensitive personal information on about 21.5 million individuals could have been prevented but for "the longstanding failure of OPM's leadership to implement basic cyber hygiene." "Tools were available that could have prevented the breaches, but OPM failed to leverage those tools to mitigate the agency's extensive responsibilities," the report concluded.

And the committee's majority report also asserted that former OPM Chief Information Officer Donna Seymour lied repeatedly during her testimony, misstating how the agency responded to the breach and misleading Congress and the public about the damage done by the attack.

Ars extensively covered the shortfalls in OPM's security last year. The House Oversight report reveals that there were two separate extensive breaches—one beginning as early as November of 2013, which went undiscovered until March 2014 and was finally shut down completely two months later, allowed attackers to obtain manuals and technical information about the types of data stored in OPM systems.

A second attack began shortly afterward, targeting background investigation data, personnel records, and fingerprint data.

These breaches were determined to be likely conducted by the "Axiom Group" and "Deep Panda," respectively, two China-based hacking groups alleged to have ties to the Chinese government.

The attacks used a series of domains—some with OPM-related names (opmsecurity.org and opmlearning.org) and registered under the names of Marvel superheroes Tony Stark (Iron Man) and Steve Rogers (Captain America)—to control malware and exfiltrate stolen data. Ironically, the tool that discovered the ongoing breach, CyFIR from CyTech Services, was never actually purchased by OPM.

Though Seymour told Congress OPM had purchased licenses after a trial in a segregated test network, the tool was actually demonstrated on OPM's live network, and no licenses were ever purchased. OPM officials returned the trial software after deleting images from OPM's own incident response—images that included "more than 11,000 files and directories" of forensic data, the report noted. "Documents and testimony show CyTech provided a service to OPM and OPM did not pay," the report found, noting that this violated federal law against accepting voluntary services. The report recommended that federal agencies "must ensure agency CIOs are empowered, accountable, competent, and retained for more than the current average of two years," and that agencies promptly provide justification to Congress for continuing to use systems when their "authority to operate" (ATO)—the certification that they are operating in compliance with federal information security regulations—lapses.

Eleven of OPM's systems had been operating without an ATO at the time of the breach, in some cases for over a year or more. The report also recommended that OMB and other federal agencies move toward a "zero trust IT security model" where users on the network are treated with the same level of security as users outside the network and that agencies reduce the use of Social Security numbers in identifying employees to reduce the risk of exposure of personal identifying information. Reuters reports that Rep.

Elijah Cummings (D-Md.), the ranking minority member of the House Oversight Committee, rejected the Republicans' report, claiming factual deficiencies. Rep.

Cummings also said that the errors made by OPM's contractors were not sufficiently taken into account in the assessment.

Two OPM contractors were involved in breaches of background investigation data.