Defendants were convicted of similar crimes a decade ago. How were they cleared again?
See full article...
See full article...
Previously convicted contractors wiped gov databases after being fired, feds say
- Thread starter JournalBot
- Start date
Upvote
17
(17
/
0)
You are also surprised a US government agency wasn't using something considerably older?!
Upvote
15
(15
/
0)
One of the things I get to do is review the Risk Assessments when the company I work for is working with a vendor, usually the a portion of data goes to them for some processes etc.
You'd think people are not running things that old, and you'd be wrong. they are, and in business. Had someone try and say they had a custom security patches for Windows server 2008.
My Director enjoyed telling him to kick sand. The business was side would have hired him because they don't really care about how 'IT things work'.
Upvote
11
(11
/
0)
"That three year gap in my cv? Was a top secret project and I am not allowed to disclose any details. In fact, if you ask again they would likely have to kill you and nuke the office from space, just to be sure."
Upvote
7
(7
/
0)
Incorrect. MS offer extended support for most OS versions if you pay them for it, and security updates are still available for those people until October https://learn.microsoft.com/en-us/lifecycle/faq/extended-security-updates
Even if not, it's hardly surprising that a company with such poor operational security might also have not been paying attention to OS support lifecycles.
Upvote
7
(7
/
0)
Then they did the check, found out their mistake and then they fired them?
Upvote
6
(6
/
0)
Upvote
11
(11
/
0)
Upvote
13
(13
/
0)
Upvote
9
(9
/
0)
hiring people who've been convicted of stealing data with a data management position?
And then not bothering to terminate their credentials before they're fired?
This company needs to be blacklisted..
And then not bothering to terminate their credentials before they're fired?
This company needs to be blacklisted..
Upvote
24
(24
/
0)
A software company that handles sensitive data for nearly every US federal agency was the victim of a cyber breach earlier this year due to a "major lapse" in security measures, according to documents reviewed by Bloomberg News.
Opexus, which is owned by the private equity firm Thoma Bravo and provides software services for processing US government records, was compromised in February by two employees who'd previously been convicted of hacking into the US State Department. The findings were detailed in separate reports by Opexus and an independent cybersecurity firm. Opexus characterized the incident as an “insider threat attack.”
Copy paste from Bloomberg UK.
Upvote
51
(51
/
0)
Microsoft does provide support after the end of life, it's not cheap. In government, especially, you will find a lot of that.
Upvote
3
(3
/
0)
With the current administration, everything you listed are LARGE positives/recommendations.
Upvote
4
(4
/
0)
They did some good reporting over there on it, and indeed it is quite damning to the practices and culture of the company, Opexus. What will the consequences be? Anyone know if anything came of it?
https://www.bloomberg.com/news/newsletters/2025-05-21/how-2-hackers-erased-hundreds-of-foia-requests
Upvote
23
(23
/
0)
A couple of thoughts about these things...
First - Quality is hard to measure and dollars are easy. This explains 99% of "how???" in these circumstances.
Second - The government is absolutely enormous. I'm sure scads of small, medium, and large businesses have similar or worse problems but no one ever says "business" is too stupid to run their computers.
Third - Thank goodness these (probably low cost contractors) were low cost contractor bad at hiding it... sigh.
First - Quality is hard to measure and dollars are easy. This explains 99% of "how???" in these circumstances.
Second - The government is absolutely enormous. I'm sure scads of small, medium, and large businesses have similar or worse problems but no one ever says "business" is too stupid to run their computers.
Third - Thank goodness these (probably low cost contractors) were low cost contractor bad at hiding it... sigh.
Upvote
3
(5
/
-2)
And then corrected by making even larger mistakes. Morons leading morons, what could possibly go wrong?
Upvote
5
(5
/
0)
Also from Bloomberg, Opexus was previously known as AINS and the brothers worked there about a year before being fired.
Upvote
14
(14
/
0)
Let's see. The pled guilty to a computer crime when they worked for a government contractor in 2015. How the hell did they get hired again by ANOTHER government contractor?
Upvote
11
(11
/
0)
Is there any information why they were being fired? It sounds like the possibility of a firing started these two guys on their scorched earth journey.
Upvote
8
(8
/
0)
Folks are asking about being "escorted from the building" but that's an assumption. I think they were working remote based on the VPN connection being revoked for one but not the other (par. 12 & 13). If that's true and they were working remote, then it's really interesting they have quotes of them saying things aloud?! Were the mics activated on those MSI laptops to get these statements?
The offboarding/post-term workflow was seriously lax. On a Mac you could send an MDM lock command to lock the laptop with a 6 digit PIN that prevents it from booting or being accessed, preserving any data if needed. For Windows though, since there are so many manufacturers there's no "lock" command, and wipe would be undesirable if you needed to audit local activity. So they could have rotated the bitlocker key and force a reboot to recovery, that would have effectively locked them out and protected the local data (short of a hammer). That's what should have happened, along with killing all active sessions/tokens in all systems. Gosh, you'd think they'd be audited for things.
Upvote
13
(14
/
-1)
If these clowns genuinely managed to delete sensitive data, including FOIA related items, the company that hired them should be charged with criminal negligence.
Upvote
4
(4
/
0)
Their personnel folders are still sitting in Marcy's inbox, I think.
Upvote
3
(3
/
0)
[Emphasis mine.] So...they were attempting to delete information related to FOIA requests? As in, deleting information agencies compiled in order to answer the requests? Because that seems more like something the current admin would appreciate rather than condemn.
Also looks like they stole tax info on people from the IRS (from the indictment):
Pedant note: I think that sentence is missing the word, "been".
Last, but not least:
Not anymore, Lindsey!
Upvote
12
(12
/
0)
Complemented by vibe hiring and vibe background checking.
Welcome to the new, more productive AI economy!!
Upvote
3
(3
/
0)
I can't even make fun of this because I updated our 2012r2 VMs to 2022 just a few weeks ago. I will say that the in-place updates were incredibly quick and easy. It also doesn't help that every new version has exorbitant licensing costs.They're almost certainly paying for extended security updates for 2012, which run through October 2026. Ask me how I know about them.
Upvote
6
(6
/
0)
Upvote
2
(2
/
0)
The company is Opexus, which was named in a Bloomberg report on it.
Name and shame. Terrible clown contracting company.
Upvote
7
(7
/
0)
Tech debt is a treadmill that has been speeding itself up for years now.
Keeping OSes up to date with janky poorly written software that breaks with the updates along organizations that don't want to pay for the updates leaves personnel responsible for securing systems caught in between rocks and hard places.
I really wish I could say the people in charge at the top would be embarrassed or effected by this.
Unfortunately in reality the people who would be embarrassed and effected are often left holding the bag with both hands tied behind their backs.
In this case it may have made these bad actor's job of cleaning their tracks less difficult, but looks like they failed at that hard anyway.
Upvote
6
(6
/
0)
''It’s unclear whether the apparent failure was due to the AI tool providing inadequate instructions or the men failing to follow them correctly.''
First one, then the other.
LLMs suck horribly as user manuals for software. And those guys seem like clowns who can't think even a step ahead (asking an LLM how to clear traces right after you committed a crime is ... really, really dumb).
First one, then the other.
LLMs suck horribly as user manuals for software. And those guys seem like clowns who can't think even a step ahead (asking an LLM how to clear traces right after you committed a crime is ... really, really dumb).
Upvote
1
(1
/
0)
Horseshit. Stupid people do stupid things like this all the freaking time. You rarely hear about it because it's not a government system being affected is all. This level of incompetence is the sort of thing that happens when you use contractors for government services, thereby putting a profit motive in the running of government systems. Usually it simply isn't criminal in nature is all, just plain old incompetence for which they're terminated.
Upvote
12
(12
/
0)
Upvote
7
(7
/
0)
When you're first line and second line tech support help don't understand what RAM is... (not this isn't a joke, it actually happened to me this year).
Suspect incompetence before malice. It is far far more common. And so much cheaper!
Upvote
4
(4
/
0)