Exclusive: The OPM breach details you haven't seen

[InfoSec News <alerts () infosecnews org>]

http://fcw.com/articles/2015/08/21/opm-breach-timeline.aspx

By Sean Lyngaas
FCW.com
Aug 21, 2015

An official timeline of the Office of Personnel Management breach obtained 
by FCW pinpoints the hackers' calibrated extraction of data and the 
government's step-by-step response. It illuminates a sequence of events 
that lawmakers have struggled to pin down in public hearings with Obama 
administration officials.

The timeline makes clear that the heist of data on 22 million current and 
former federal employees was one sustained assault rather than two 
separate intrusions to steal background investigation data and personnel 
records.

The document, which bears the seals of OPM and the Department of Homeland 
Security, is dated July 14 and was prepared by federal investigators for 
the office of U.S. CIO Tony Scott, according to a source familiar with the 
investigation. The detailed timeline corroborates administration 
officials' public testimony but is unique in its comprehensiveness and 
specificity.

According to investigators, hackers likely gained access to OPM's 
local-area network on May 7, 2014, by stealing credentials and then 
planting malware and creating a backdoor for exfiltration. Actual 
exfiltration of data on background investigations did not begin until July 
3, 2014, and it continued until August.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/