Posted on 08/23/2005 10:17:47 AM PDT by Gritty
WASHINGTON - Social Security numbers, birth dates and other private data on roughly 33,000 Air Force officers -- about half the branch's officer corps -- were stolen from a military computer database, the service informed its personnel late last week.
Officials of the Air Force Personnel Center, based at Randolph Air Force Base in San Antonio, said the intrusion occurred sometime in May or June, apparently by someone who used a legitimate user's log-in information to gain access to the system.
The exposed data did not include financial records, but contained such personal information as marital status, number of children and academic records. No incidents of identity fraud have been tied to the theft, the military said, but officers were warned that Social Security numbers could be used to get other private data.
(Excerpt) Read more at msnbc.msn.com ...
This is true, my husband is one that was notified
Sounds like a major, very succesdful intel op by some entity willing to commit major resources to the effort.
Why isn't there a two-man rule for entry on this kind of data?!
Remember how in "24" Marwan infiltrated the Air Force. We should assume this is just some pimpled teenager drinking Red Bulls in his Mom's basement.
later read
You want to relieve the commander because no procedures were violated?
Yes we should. I think it was here on FR not long ago that I read a report out of South Africa that said Al Qaeda had threatened to email graphic videos to servicemembers and their families.
Happened in May or June. Story dated today. Man...that just makes me feel all warm and fuzzy.
So you propose deactivating the Department of Defense?
My girlfriend is working for a contractor converting paper files to digital at Randolph. Lot of people working on the contract. I just emailed this thread to her to see if she's heard anything.
I find this very interesting. In the FOX series "24" - that's how they got hold of a sophisticated airplane to use against the USA. However, they didn't just steal the pilots identity - they killed him and his family.
Hmmmmm?? Makes you wonder .. what info did this officer have access to .. or what doors would be opened to him without question - because of his ID ..??
I should think he might like to relieve the Commander because there were no procedures in place that had to be violated for this to happen.
Career killer for Col and Lt. Col. involved...
Depends on how the break-in happened. If the person whose login was used gave it to someone, the hanging takes place at a lower level. If he did not, then they probably got hold of it the usual way: Windows exploits, spyware/adware, or social engineering.
Military computers are just as vulnerable as anyone else's to spyware, and military administrators are generally less savvy, less committed, and much less well-trained that those in corporations. You get what you pay for, and most military networks are run by one-tour E3s who had eight weeks of instant-expert school starting with the definitions of ROM and RAM and ending with some monkey-see, monkey-do procedures for administering Windows servers.
Then, the PFC finds he or she spends all day not installing the day's security fixes on the server, but cleaning the spyware off the Colonel's laptop and dealing with people whose printer won't print because they stepped on the switch on the power strip.
Then, you have the military's fascination with extreme password security. The password must be more than eight and less than twelve characters and incorporate a bunch of things that make it non-mnemonic, and then they force users to change it every few months. As a result, I could walk you into any office in the Pentagon (yes, including inside the vaults) and we could find somebody's password and login on a post-it on the monitor, and somebody else's in the desk drawer.
Everybody in the "real" computer security world understands that excessively rigid password policies lead to compromises, but the DOD computer world is manned by Junior G Man wannabees who pick this stuff up on TV spy shows.
Basically, DOD computer managers -- not the PFCs, who are bright and trainable, not that the military tries -- but the people at the center of things -- are stupid.
For a while, the whole DOD computer morass was run by a woman, Heather somebody (Anderson?), who had bought phony degrees from "Hamilton University." When she made a complete botch of computers, they put "Dr." Anderson in charge of security clearances and she screwed that up too. But she was one of the more competent DOD computer higher-ups.
One thing that is dead certain is that no one in DOD from PFC to supergrade civilian will lose a job (or a dollar) over this. The only people that will suffer for it are the thousands of Air Force members whose documents were carelessly exposed to exploitation. For months on end.
d.o.l.
Criminal Number 18F
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.