Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.
23,000 US government emails were dumped on the Dark Web and no one knows where they came from
23,000 US government emails were dumped on the Dark Web and no one knows where they came from
Cale Guthrie WeissmanJun 13, 2015, 00:40 IST
Last week the US Office of Personnel Management (OPM) owned up to being breached by hackers. No concrete facts have surfaced since, and the extent of the hack's damage remains unclear.We just know it's worse than anyone is willing to say.Now, databases containing private federal employee data are being dumped on the Dark Web. One such database includes over 23,000 government emails addresses, reports Motherboard.
So what's going on here?
The hacker behind the 23,000 .gov emails dump goes by the name of Ebolabad. He has taken credit for the huge OPM breach, posting in broken English "Is not China. Is me I am sell [sic] for highest bid."Motherboard asked experts to analyze the data Ebolabad posted on the Dark Web forum, and believed the names and addresses to be real.Another cybersecurity expert, however, told Business Insider that he does not believe Ebolabad's data trove to be from the OPM."To me, it would not make sense that this is from the same database," said Dave Aitel the CEO of cybersecurity company Immunity. "In particular, the database that the OPM had was a list of all the background information of the federal employees." What was just posted for sale online, explained Aitel, included passwords. It doesn't appear that the OPM had access to passwords."That would," Aitel went on, "indicate it's from a forum or some other source."
What, then, should we think about the OPM breach?
Even so, for the last week many have characterized the OPM hack as one of the biggest government data breaches to date. On Thursday, the American Federation of Government Employees sent out a letter blasting the OPM for its poor security posture. The letter wrote:That sounds bad.
In short, nothing is safe.
This, explained Aitel, is because there are hundreds of government databases that aren't considered classified. And, when it comes down to it "any business data is accessible to a hacker."OPM is currently in the hot seat for not properly securing its data. Yet this problem transcends just one inept federal agency and involves how the federal government treats this sort of information. The data wasn't secured not because OPM is lazy but because "in some cases it's not feasible to encrypt everything," said Aitel.The only way to make it feasible to treat this sort of personal data with such care is to create a sea change in security posturing.So perhaps OPM will turn itself around and institute an overhauled security protocol. But then, what's going to stop Ebolabad from breaching the hundreds of other government databases?
