For right now it looks like only employees are affected but if they will do it to their own it does not give much reassurance for any of our information.

http://www.scmagazine.com/official-allegedly-sent-atf-employee-data-to-personal-email/article/423460/?DCMP=EMC-SCUS_Newswire&spMailingID=11763719&spUserID=MjI5OTI3NzE1OAS2&spJobID=562157789&spReportId=NTYyMTU3Nzg5S0


An executive at the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) headquarters is under investigation by the Department of Justice (DOJ (http://www.scmagazine.com/search/doj/)) for allegedly improperly accessing and downloading ATF employee data. Scott Sweetow, deputy assistant director for strategic intelligence and information, was accused of sending employees' personal information to his personal account from his work email.
While the ATF doesn't discuss ongoing investigations, DOJ spokesperson Patrick Rodenbush told CNN (http://www.cnn.com/2015/06/27/politics/atf-executive-investigated-for-possible-employee-data-breach/index.html) in a statement, his department “has security solutions in place that detect the transmission of sensitive personally identifiable information outside the Department's computer network.” If a problem is detected, the agency at which the incident occurred is contacted for additional investigation and to take appropriate action.
Sweetow told the news outlet, “It appears somebody is actively seeking to damage my reputation.” The number of people affec

This is my shocked face. This is turning into such a joke with .gov security.

The problem they face is that it's a purely defensive battle, against a foe that is agile and innovative. A stationary target, no matter how well defended, is doomed. As long as a computer system is not air gapped and is connected to ANY outside network, it is vulnerable. The reason that the US nuclear arsenal is still controlled by computers that use 5.25 inch floppy disks has as much to do with security as it does with budgets and apathy.

Generally I would agree.......but I have personnally looked at some of these government sites and know others who have done so more recently. This is the equivalent of not posting sentries at the gate. Ya, a siege against an equal opponent favors the agressor but that assumes both sides are trying. These guys (the Government in general) are missing the basics. There is no excuse. To be fair, the ATF looks like it is doing better than most. The fact that they have some type of DLP (Data Loss Prevention) is a miracle. The fact that somebody was monitoring and actually caught it is a wonder.

BTW... With the password for all nuke forces being 0000.................. That is not apathy, that is willful stupidity.


The problem they face is that it's a purely defensive battle, against a foe that is agile and innovative. A stationary target, no matter how well defended, is doomed. As long as a computer system is not air gapped and is connected to ANY outside network, it is vulnerable. The reason that the US nuclear arsenal is still controlled by computers that use 5.25 inch floppy disks has as much to do with security as it does with budgets and apathy.

Two possibilities:
1) This was a case of a bad egg who got caught doing something that is clearly wrong and has nothing to do with an agile, innovative foe.
2) Someone cracked the guy's home system then used that to penetrate ATF to get personnel records. If that's the case, as foxtrot said, the foe doesn't need to be particularly innovative or agile given the government's love affair with and dependence on Microsoft software. Unlike the OPM breach, I'm not sure what a bad guy hopes to get from ATF personnel records so I'm a bit skeptical of Mr. Sweetow's "explanation."

Am I wrong to so straight to "hope this doesn't slow down the turn around on my applications"?

Generally I would agree.......but I have personnally looked at some of these government sites and know others who have done so more recently. This is the equivalent of not posting sentries at the gate. Ya, a siege against an equal opponent favors the agressor but that assumes both sides are trying. These guys (the Government in general) are missing the basics. There is no excuse. To be fair, the ATF looks like it is doing better than most. The fact that they have some type of DLP (Data Loss Prevention) is a miracle. The fact that somebody was monitoring and actually caught it is a wonder.

BTW... With the password for all nuke forces being 0000.................. That is not apathy, that is willful stupidity.

Tsk. They changed it up after the last .gov data breach. Now it's ABCD1234.

There are two kinds of companies (incl gov). Those that have had a data breach, and those that haven't discovered it yet.

Several studies vary slightly, but the average time an infiltrator spends inside your systems weaving their web of connections before being discovered is around 280 days. Data mined will then be used slowly over time or the lists sold outright to the highest bidder on the black market.

As long as a computer system is not air gapped and is connected to ANY outside network, it is vulnerable.
Air gaps are about as good as we can do, but you should see the (publicly published) proof of concept methods for remotely compromising air-gapped systems. [emoji33]

Tsk. They changed it up after the last .gov data breach. Now it's ABCD1234.

https://www.youtube.com/watch?v=a6iW-8xPw3k

Air gaps are about as good as we can do, but you should see the (publicly published) proof of concept methods for remotely compromising air-gapped systems. [emoji33]

I'm familiar with the concept of Van Eck phreaking, and that's a proven technique. Air gapped in a Faraday cage might be considered secure, but there's probably a way around that too. In a high secuity network, the biggest weakness is usually the wetware, not the hardware or software. People are stupid.

There is no patch for human stupidity...... No arguments there. My concern is that the "stuff" in the background (read networks) is so rarely secure. I keep seeing telnet and port 80 on supposedly new networks and when I ask why..... "The internal network is secure! The firewalls will protect us". WTH are we still thinking 1990's security still works now? I keep seeing encryption being "future tech", too difficult or certificates with 40bits of entropy....... Really?.... Just really? This is what IT (be it Gov or Enterprise) fights. And we all think they know what they are doing....... tell the next breach happens. The problem is these are the new battlefields. And we (the US) don't seem to realize it or even know for REAL how this will end. The next Pearl Harbor will not be on some far off island in the Pacific. It will be in the Nest thermostat that is networked accross a whole region and an easy backdoor to all of our information. That information, when control is lost, will bring us all down in ways Hollywood can only dream off. Tinfoil at the ready, the only thing saving us right now is that the wrong person has not been at the wrong place at the wrong time with the will to bring it all crashing down. TEMPEST controls are not the concern.... That is too surgical and labor intensive. Air gaps don't let business do business. IT needs to own security, they already own the keys to the kingdom. They need oversight by a security team, not to catch them like a cop (that only leads to working around being caught not real security.), but to inform upper management if IT is doing its jobs. The fundamental organization is wrong, the accountability and responsibility is wrong, the decision making actually happens at the admin level instead of management level (it's like the Star Trek Paclids saying "You'er smart.... You make 'GO'") and finally we need to take this seriously. Between OPM like breaches from the government losing our PII and places like Home Depot losing our financial data there is only so much the "trust" system that is at the core of all networks can take before it all falls.


I'm familiar with the concept of Van Eck phreaking, and that's a proven technique. Air gapped in a Faraday cage might be considered secure, but there's probably a way around that too. In a high secuity network, the biggest weakness is usually the wetware, not the hardware or software. People are stupid.