WASHINGTON (AP) -- At least eight foreign-sponsored organizations, mostly connected to the Chinese military, have hacked into computer networks at the Veterans Affairs Department in recent years or were actively trying to do so, a former VA computer security chief told Congress on Tuesday.
Jerry Davis, who served as the VA's chief information security officer until February 2013, testified at a House subcommittee hearing that the VA became aware of the computer hacking in March 2010 and that attacks continue "to this very day."
Davis said the hacking "successfully compromised VA networks and data," but he did not indicate to lawmakers how the information may have been used. The intrusions raise the potential for identity theft and could complicate efforts to share data with the Pentagon, long viewed as key to quicker processing of disability claims.
"The entire veteran database in VA, containing personally identifiable information on roughly 20 million veterans, is not encrypted, and evidence suggests that it has repeatedly been compromised since 2010 by foreign actors, including in China and possibly in Russia," said Rep. Mike Coffman, R-Colo., chairman of the House Veterans' Affairs oversight and investigations subcommittee.
Officials with the VA's inspector general's office said the main threat to veterans would appear to be credit card theft. They could not point to any specific instances in which such fraud has occurred because of foreign agents. While foreign hackers had obtained access to the emails of senior VA managers, investigators did not know what had been done with the emails.
Davis, who now works at NASA, singled out China's military as responsible for hackings at the VA. In talking to a reporter after the hearing, he said six of the eight foreign-sponsored organizations he spoke of during the hearing were connected in some way to the People's Liberation Army. Davis said the data the foreign hackers accessed included such things as Social Security numbers and dates of birth. He said officials know that some information was encrypted and removed from the VA's computers. Officials should assume that if such information was accessed, then it went out as well.
When asked by a reporter if the information removed included such things as Social Security numbers, he replied "it's the safe bet."
Linda Halliday, an assistant inspector general, said investigators were seeing fewer weaknesses with the VA's computer security, but she told lawmakers that 4,000 weaknesses and vulnerabilities have not been addressed. She cited weak passwords and user accounts with inappropriate access as among the most common problems.
Stephen Warren, acting assistant secretary for information and technology at the VA, said the state of computer security at the VA was something he wrestled with continually, but the inspector general's citation of security threats dealt with what could go wrong. He said that's not the same as the removal of information from the VA's computers.
"We're talking about potential. We're not talking about actuals," Warren said in describing the computer security problem at the VA.
Warren told lawmakers he disagreed with Coffman's assessment that the VA's computer systems had been compromised repeatedly by foreign entities. He said he knew of only one such instance. He declined to cite which country that involved, saying he would prefer to discuss it in a closed session.
At another point in the hearing, Warren said he was aware of more than one foreign entity that had attempted to hack into the VA's systems. He said such attacks go beyond foreign governments, but through crime syndicates seeking financial gain.
For those Facebook users who are allergic to any notion of privacy whatsoever and would prefer that the entire world be privy to contents of their #dinner or antics of their adorable #children, Wednesday was a high and holy day indeed, for that was the day that Facebook embraced the hashtag. 
Currently, users control the audience for their posts, including those with hashtags. 
Nevertheless, Oracle has published a very brief pre-announcement to remind us of the importance of this month's fixes. 
Swedish bureaucrats have instructed a town in the Scandinavian country to say "No" to Google.
But as a "customer" of a local government, you don't have that liberty, so you are stuck with the privacy-related decisions made by your council. 
The London Evening Standard recently ran a story about a German bank clerk who is supposed to have "nodded off at his keyboard during a transaction."
A cluster of top political figures in the UK, including several former Home Secretaries, has issued a public letter insisting on the revival of the so-called "snoopers' charter" - legislation to give British police and intelligence services more access to personal data.
In essence, they hired a temp (OK, "consultant", I've never been clear on where one stops and the other starts), and let him, what? Dump a load of highly-classified documents to a personal USB stick or a CD? Or send stuff out to his personal Gmail account?
Last week Motorola execs showed off experimental biostamps - digital "tattoos" capable of authenticating you to your phone. 
They sound like something from a sci-fi movie, but in the past reality has caught up with some pretty wild ideas from the sci-fi world.
Next up, you'd need the thing to know you were alive, and ideally awake. The pills are powered by stomach acid, so should die when they leave the body. 
In a case that could have far-reaching implications for compelling criminal suspects to decrypt digital storage devices, a judge on Tuesday stayed [PDF, posted courtesy of Wired] - temporarily suspended - a previous order that would have forced him to decrypt hard drives suspected of containing child pornography. 
On that decrypted segment of Feldman's far more extensive storage system, the FBI says it found "an intricate electronic folder structure comprised of approximately 6,712 folders and subfolders," in which agents found 707,307 files, including "numerous files which constitute child pornography."
The EU has drafted a new directive that includes harsher penalties for those convicted of hacking.
The directive also calls for penalties for actions such as hiring hackers to disrupt the competition, in which case companies could lose their public benefits or even get shut down.
And that's what happened here: a co-ordinated takedown of C&C servers at two hosting companies in New Jersey and Pennsylvania.
You've almost certainly heard about PRISM, an abbreviation that has come to mean "US surveillance of everything."
A chap by the name of Edward Snowden, who's 29 years old and works for a defence contractor, has outed himself as the source of the PRISM leak. 
The US Office of the Director of National Intelligence has gone public, too. 
Here's a riddle: Why did the US customs agents search your laptop at the airport? 
The Feds also nixed suggestions that ICE and CBP revert to a 1986 policy that allowed agents to “briefly peruse” a traveler’s possessions to determine if there was probable cause or a reasonable suspicion for a further seizure. 
"Nobody is listening to your telephone calls," President Obama said on Friday, defending a broad government surveillance program that was leaked to the press in the preceding week. 
The slides explicitly state that collection is being done "directly" from the servers of these US service providers:The American Civil Liberties Union (ACLU) answers that question in a posting of the court order that it's annotated with comments.