Social maybe. Security, less
so. Numbers…very very large.
It’s been a curious week here
at the Crash Bunker, my place in cyberspace during times of technical fallout.
I took the express elevator down here from Reboot Central on Wednesday and I’ve
not surfaced since. That’s mostly because the Bunker maintains a cool 65 degree
temperature year-round, and is unaffected by the humid storm weather up aloft.
But watching news feeds down here, I’m glad I went underground.
Like most owners of private
information, I’ve been hacked off about some recent news events. I’m talking
mostly about the results of an investigation mounted by the U.S. government’s
Office of Personnel Management, which became public on Friday.
Yes, the OPM (which by now
should have become the Office of Human Resources, surely?) announced “with
great confidence” that a data breach on June 12th resulted in the theft of more
than 21 million social security numbers--along with other personal data, such as
fingerprint records, addresses, mothers’ maiden names, and other grist for identity theft mill.
It’s a beautiful thing that
the OPM should have such confidence in the findings of its investigation. Too
bad that it didn’t have the same level of confidence in, oh, I don’t know, the strength of its data security systems. And a security system worthy of confidence.
Be that as it may, retribution proved to be swift and terrible, as the director of
the office, Katherine Archuleta, offered her resignation,
and got a presidential thumbs-down in the Coliseum of Career Sacrifice. Blood in the sand makes people feel better, apparently.
But it doesn't take data out of the hands of criminals.
As far as I can tell, only
two people have come out of this debacle ahead: The hacker responsible for it,
and Kevin Mitnick. (Lawyers take note: I’m not saying they are connected in any
way other than the one in the next paragraph. Keep those lawsuits in your
pants!)
The real star of the whole
event was my old prison pal Kevin Mitnick, whose company profile describes him
as “the world’s most famous hacker.” NPR went through its Rolodex, found Kev,
and called him to conduct a guided marketing pitch for his security company.
The segment was so interlaced with many phone pings and system alert sounds
that I’m sure that Kev had hired one of the old prison posse as a sound effects editor for
the hour.
There is some reason for
optimism, here: Like most people, I should be safe from this attack, because
have never applied to work for the government, and I don’t associate with anyone who does.
Besides, with any luck, millions of those social security numbers may not be valid: The office of the Inspector General of the
Social Security Administration had audited active SSNs back in March and
discovered that either a staggering 6.5 million Americans are over 112 years
old, or somebody at the Social Security Death Index has a lot of overtime ahead
of them.
A spokesperson for the Social
Security’s Death Master File could not be reached for this article.
And now for an update…
So much for data security.
Anyone fancy some good, old-fashioned bugs? Whaddaya say, New York Stock
Exchange? Care to give us the lowdown on the mystery malfunction that disrupted trading for more than three hours
on Wednesday?
Nobody’s saying what caused the outage, but
we’re betting on the same kind of thing that brought down NYSE in 2001—a
software update.
Ah, how well I remember the chuckling at Reboot Central when the
then-VP Bob Zito described the problem fourteen years ago...
“When we brought the system up in the morning, we
only realized then that the software upgrade did not take.”
When the collective “Well, DUH!” from every IT
guy in the universe died down, we just about made out the follow-up--“When we tried to revert back to the old
system, that wouldn’t work and we needed time to reboot”--before collapsing in
laughter.
But frankly, the markets
could have used a few brakes in the middle of the week. This is the kind of
technical problem the Asian exchanges and
could only have prayed for, as the Shanghai composite shed 4 percent, and Hang Seng 1.1 percent, of their worth on the same day.
I’d fly a million miles…if the damned plane would take
off
As if the NYSE glitch wasn’t enough, Wednesday
morning also saw United Airlines grounded its flights due to a network
connectivity issue. Too bad for United that network connectivity wasn’t a
problem for delayed passengers. Snidest Tweet Award goes to John B. Hammer for
the following gem:
I’ve been
using @united as my primary air carrier for quite a while. Why? I like to live
life on the edge. #groundstop.
Two days later, in an
unrelated incident, a lucky bug-swatting United customer was awarded a million
bonus points for submitting a bug report. Jordan Weins’ Twitter-ready analysis?
Wow. @united really paid out! Got a
million miles for my bug bounty submissions! Very cool.
But where were your bug
bounty reports two days earlier, Jordan? And just how do you know so much about
the flaws in United’s systems, eh? Thousands of disgruntled non-flyers want to
know.
Of course, things could have
been worse for the airline: A United pilot could have brought live ammunition
on board a flight from Texas to Germany, and tried to dispose of the
evidence down the pressurized blue cyclone of an airplane lavatory. Oh, wait a
minute…that actually happened.
Never mind.