back to article Names, ages, addresses, SSNs of US postal staff slurped in 'mega-hack'

The US Postal Service has called in the FBI after hackers apparently grabbed names, addresses, social security numbers and other sensitive records from its staff database. It's feared miscreants got into USPS corporate servers, and swiped data that will be a lucrative haul for identity thieves and other fraudsters. USPS …

  1. ecofeco Silver badge

    Who the hell are they hiring?

    Who the hell are they, and all the others who have been hacked in the last few years, hiring to do their security work? I know A+ techs who could do a better job!

    1. Jonathan Richards 1
      Stop

      Re: Who the hell are they hiring?

      +1 on that. I can't see any good reason for the US Postal Service to attach its Human Resources database to the public Internet. I'm sure that some users would like to be able to log into it from home, or whatever, but their use case does not trump the necessary security. Hacking an air gap is quite hard.

      1. Michael Wojcik Silver badge

        Re: Who the hell are they hiring?

        I can't see any good reason for the US Postal Service to attach its Human Resources database to the public Internet.

        Subsequent events suggest that their VPN was compromised, so it's a typical escalation: public Internet to VPN to sensitive resources. USPS is a very large organization that's forced by its mission to be geographically distributed, and is in an eternal budget crisis (thanks to Congress regularly stealing from it). They have no choice but to use a VPN and make a lot of their sensitive systems accessible over it.

        And VPNs are vulnerable, if systems outside the corporate firewall are allowed to connect to them (as opposed to just using the VPN to route among corporate networks). Subvert a home user's PC, install a keylogger and remote-control software, grab creds, and now you're on the VPN too.

        From there, yes, you should still need other exploits to get to sensitive systems - except for the ones your victim already has access too.

        According to the news today, they've eliminated all home access to the VPN. That's a pretty serious response.

  2. Anonymous Coward
    Anonymous Coward

    Thing is, all anyone offers is free credit check for a year. Yeah, that's what your personal info is worth. "We fucked up, its up to you to fix it if anyone steals your identity." And if they do steal your identity, how can you prove it was because of company Xs incompetence? So register, how about an article on this?

    1. phil dude
      Meh

      once a year...

      That's like a really slow filesystem poll!!

      I had a free one, and it was full of wrong information - it will take me months to get it corrected.

      In the meantime do I have to wait another 364 days to get another CR?

      P.

  3. Phil Endecott

    So they've known about it since 16th August, but they've waited till Obama is in China before announcing it?

    1. Mark 85

      What's worse than that is the data slurp was going on, apparently, for 8 months. WTF? I guess is another case of our tax dollars at work... or maybe not at work at this time.

  4. The_Idiot

    It's OK...

    ... after all, the Post Office is only complying with currently recommended standards. A number of, um, 'authorities' have recently proclaimed from the very roof-tops that implementing effective encryption and security just plays into the hands of 'terrists, pedalo-philes and the like (though I've never quite got how those liking a little jaunt in those little swans and boats are bringing about the End of the World).

    1. Yet Another Anonymous coward Silver badge

      Re: It's OK...

      Now that the US and China are partners in the war on terror - shouldn't they be sharing all their information anyway?

      It's only by having copies of regular people's selfies that terrogeddon is prevented

  5. Destroy All Monsters Silver badge
    Alien

    Permanent hackings, access to all areas, the works!

    Maybe we have a "deepness in the sky" kind of situation?

    I'm not saying it's aliens, but suppose it's actually aliens?

    1. ecofeco Silver badge

      Re: Permanent hackings, access to all areas, the works!

      More like Gibson's cyberpunk world.

      Funny how prescient THAT was.

      1. Michael Wojcik Silver badge

        Re: Permanent hackings, access to all areas, the works!

        Funny how prescient THAT was.

        Was it? I must have missed all the hackers with their VR gear flying around virtual firewalls and avoiding the IDSes that can remotely electrocute them.

        Gibson's stuff may be pleasant fantasy (personally, it leaves me cold), but accurate it is not. Nor was his vision of an eternal struggle over computer access particularly ahead of its time; Neuromancer was published in 1984, when "hacking" in the computer-security-breaching sense was already well-known. Hell, Wargames came out the year before.

  6. Anonymous Coward
    Anonymous Coward

    Gotta say this too, the same government that runs this thing is the one that is more worried about snooping on its citizens. "Hey, don't worry about us, what are YOU doing there with your phone? A terrorist maybe?"

    Lewis Black nailed it, we don't need original comedy, the government is providing plenty of jokes.

    1. Michael Wojcik Silver badge

      the same government that runs this thing

      USPS is largely independent from the Federal government, except as a victim of extortion.

      Don't let facts get in the way of your rant, though.

  7. Anonymous Coward
    Mushroom

    Unnamed US government sources have told reporters that Chinese state-backed hackers are to blame for the intrusion.

    .

    Well it's OK to do this as it's on foreign soil and no doubt someone has sent something illegal via the post.

  8. Yet Another Anonymous coward Silver badge

    Heads will roll

    Comrade colonel, I can report the first battalion of the people's cyber warfare regiment have penetrated to the heart of the hated capitalist paper tiger of western imperialism.

    Congratulations - the Whitehouse, the NSA, the milk marketing board?

    No comrade colonel, we now have names and social security numbers of the feared postal employees!

    You stupid boy Zhang...

  9. ecofeco Silver badge

    Now here's an odd coincidence

    It's tin foil hat time. The NYP (New York Post) ran an article on the incoming Senate Committee Chairman on Homeland Defense and Governmental Affairs, which puts him in charge of the committee in charge of the federal workforce. He's a radical tea party deficit hawk who wants to privatize the post office and force it into bankruptcy, like Detroit. Now mind you, until they forced the USPS to fund it's retirement out to 75 years into the future, this was the only self-funding branch of the government that I'm aware of.

    The very same day this gets published, we hear the news the computer system at the USPS was hacked and data on all 800K of its employees stolen. Not customers. Just the employees. But it has to be China! And Obama just so happens to be visiting there the same day! But oh, they've known about this for awhile. It's just that stopping it too soon might have stopped the discovery process of just who it was behind the breach.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like