The IT Security Crowd

Tax Time and the IRS has untold terabytes of information on all of us.  How secure do you feel about that?  The Government Accounting Office has audited the IRS’s security efforts and procedures, and found them to be sorely lacking, leaving Taxpayer personal information insecure.

Among the vulnerabilities identified in the GAO report are easily-guessed passwords, passwords that hadn’t been changed in almost two years, and storing unencrypted user names and passwords in a file with a revealing name. …The IRS also has been lax with data encryption and in controlling access to databases, servers, and systems,…

Rest easy though, the GAO report “makes no mention of actual security breaches during the period audited.”

Over at the US government Commerce Department’s NIST (National Institute for Standards and Technology — sort of a very high tech outfit) they had the wherewithal and awareness to maintain a database of all our vulnerabilities.  Turns out that database was hacked… penetrated by malware anyway  (which is pretty dang serious in a supposedly high secure environment).  Don’t worry.  Nothing bad happened … this time.  Just that someone’s software penetrated the servers that store our government’s thoughts on our own National Vulnerabilities.

Not done yet.  A guy named Wronald Brest, of MPD — a high-tech design and engineering firm in Owensboro, KY — was caught using pirated software he had obtained from Chinese and Russian programmers.  Turns out he paid them to reverse engineer his favorite software, then used that software to do design work on Black Hawk helicopters, Patriot Missile components, the President’s Marine One and many other programs, many of them classified.

It’s no secret that the Chinese are trying to hack into our most secure industrial and government databases — this guy is inviting them right in.  And who has a name like “Wronald” anyhow?

The wars of the future will almost certainly involve cyber tactics and strategies.  Are we ready to play the game?

Over at Carnegie-Mellon University in Pittsburgh, they’ve teamed up with the National Security Agency to set up Toaster Wars — a weird nickname for what amounts to Hacking War competitions among high schoolers and middle schoolers.  Look for IT Security to be the next really, really big thing — could even replace “the military industrial complex.”

Ready or not, here comes the future.

Joe Girard (c) 2013

One thought on “The IT Security Crowd”

  1. Aaron

    I was going to mention that the name can’t be right. However, his actions are something that we could call “treason” or at least “inadvertent spying” and should be treated as such in the information security sense. Bradley Manning, anyone?

Comments are closed.