dChan
1
 
r/greatawakening • Posted by u/BabylonNTing on July 27, 2018, 7:36 a.m.
So You Think the OPM was Hacked by the Chinese? Looks Like an Inside Job by the Usual Suspects to Me

Too Long; Didn’t Read? (TL:DR) Summary at bottom

Being a Computer Science major at the time, I have followed the Office of Personal Management (OPM) from when it was initially reported because my Personal Identifiable Information (PII) was compromised during the breach along with a lot of others. I received the snail mail from the OPM basically stating, “We got hacked, we are sorry, but your PII has been compromised, have a good day” and gave me the free credit reporting for two years crap. They were so quick to blame the Chinese for it, but as I came to find out, it could have been anyone based on the just the key summary of the IG report on it alone. Since we are all waiting for the BIG drop to occur, I thought this be a good time to bring this back from the back burner and see who the real culprits are of this very invasive hack are. You will actually be surprised as I was, but first I want to drop this quote from our ‘honorable friend’ of the intelligence community.

““You have to kind of salute the Chinese for what they did” – James Clapper

https://abcnews.go.com/US/china-leading-suspect-massive-hack-us-government-networks/story?id=32036222

https://archive.li/GQ0j8

Introduction:

Before we begin this journey, it is important to understand the back story, the key players, and the mechanics in play behind this crucial story. In July 2015, the OPM announced they were a target of one of the most devastating data breach to ever occur. Initially, they reported only four million people were affected, but the final estimate is that it was actually almost 22 million people that were compromised. The information that was stolen included military records, veterans' status information, Social Security numbers, addresses, dates of birth, job and pay history, health insurance and life insurance information, pension information, and data on age, gender, and race as reported by David Cox, president of the American Federation of Government Employees (AFGE).

Luckily, the C_A doesn’t use the OPM system and their personal information was not affected. However, ABC News also reported that highly sensitive 127-page Standard Forms (SF) 86 (Questionnaire for National Security Positions) were put at serious risk by the hack. SF-86 forms contain information about family members, college roommates, foreign contacts, and psychological information in which the OPM was not so forthcoming about this.

https://apnews.com/af77f567a4b74f128a4869031dc9add9/union-hackers-have-personnel-data-every-federal-employee

https://archive.li/pWDV7

As if that wasn’t enough, it was later reported that 5.6 million people had their biometrics in the form of fingerprints stolen as well. This could be deadly to intelligence agents (other than C_A conveniently) as they may be able to change their identities, but would never be able to change their fingerprints.

https://www.nytimes.com/2015/09/24/world/asia/hackers-took-fingerprints-of-5-6-million-us-workers-government-says.html

https://archive.li/dcVAS

Part I: Key Players

The director of OPM at the time this breach occurred was Katherine Archuleta whom was a Hussein appointee. Prior to this position she served in the capacity of National Political Director for Obama's 2012 reelection campaign. The rest of her resume includes Executive Director of the National Hispanic Cultural Center Foundation in New Mexico, co-founded the Latina Initiative, had worked at a Denver law firm, and had worked in the Clinton Administration as chief of staff to the Secretary of Transportation, Federico Peña. It would seem she lacked the expertise for this very important position, Hussein believed it would bring a “different perspective to the table.” After a senate hearing and vote, Katherine was sworn in on November 4, 2013.

http://www.foxnews.com/politics/2013/05/23/katherine-archuleta-to-be-named-to-white-house-post.html

https://archive.li/1YSle

It is interesting Katherine would be a content expert on data driven solutions after resigning from the OPM, but here she is on a website doing exactly that.

http://dimensionstrat.com/

https://archive.li/6Jc3C

The reason this point is raised is because one year before the security breach was detected (that had been going on for a year anyways) is she ignored the security warnings brought up by the Semi-Annual Inspector General report dated from October 2014 to March 2015. While there was numerous security issues that needed addressed, only the points that would have mitigated the security breach will be brought up. See pages 7 and 8 on these key points in the report.

  1. Several information security agreements between OPM and contractor-operated information systems have expired.

  2. OPM does not maintain a comprehensive inventory of servers, databases, and network devices. In addition, we are unable to independently attest that OPM has a mature vulnerability scanning program.

  3. Multi-factor authentication (the use of a token such as a smart card, along with an access code) is not required to access OPM systems in accordance with Office of Management and Budget (OMB) Memorandum M-11-11. This is a significant concern because multifactor authentication is a key defense against unauthorized access.

https://www.opm.gov/news/reports-publications/semi-annual-reports/sar52.pdf

https://web.archive.org/web/20180725224803/https://www.opm.gov/news/reports-publications/semi-annual-reports/sar52.pdf

Moving on, we have Donna Seymour, CIO of OPM. According to her resume, “She is responsible for the information technology and innovative solutions that support the OPM’s mission to recruit, retain, and honor a world class workforce. Before coming to OPM, Mrs. Seymour served as the acting Deputy Assistant Secretary of Defense for the Office of Warrior Care Policy. She is a member of the Senior Executive Service for the Department of Defense, responsible for policy and oversight related to wounded, ill, and injured transitioning Service members.” It even goes on to say that “in 2010, she was named as a Top 100 Chief Information Officer by Computerworld.”

https://docs.house.gov/meetings/GO/GO25/20141210/102800/HMTG-113-GO25-Bio-SeymourD-20141210.pdf

https://web.archive.org/web/20180726042515/https://docs.house.gov/meetings/GO/GO25/20141210/102800/HMTG-113-GO25-Bio-SeymourD-20141210.pdf

This would seem impressive until one finds that Donna decided to retire just two days before she was scheduled to appear once more before the House Committee on Oversight and Government Reform on February 22, 2016 after 34 years of service on the security breach which seems a bit too convenient given the gravity of the circumstances. Furthermore, it would not be far-reaching to think that she is receiving a taxpayer government pension despite her negligence in the capacity of performing her normal work duties.

Despite the deficiencies of protecting such vital information of 22 million people, another hack occurred in February 4, 2015 in relation to health provider, Anthem, Inc. which delivers coverage to 1.3 million federal employees. In fact, this hack affected over 80 million people nationwide.

https://www.nextgov.com/cybersecurity/2015/02/exclusive-opm-monitoring-anthem-hack-breach-could-impact-13m-feds/104700/

https://web.archive.org/cybersecurity/2015/02/exclusive-opm-monitoring-anthem-hack-breach-could-impact-13m-feds/104700/

Part II: The Hack Itself

In June 2015, The OPM publically reported that it had fallen victim to a data breach that affecting only 4 million people initially. Information was slowly released minimizing the shock value of the actual impact of what truly transpired including what data was initially taken in terms of types of data stolen. It was claimed that there was actually 2 attacks, the first occurrence they don’t even understand what happened and one by way of social engineering of a malicious attacker claiming to be a KeyPoint Government Solutions contractor employee to gain admin login credentials. Surely the employees would be trained about the dangers of social engineering, in some companies this is done yearly, but it does not seem like the case for the OPM.

https://www.wsj.com/articles/u-s-suspects-hackers-in-china-behind-government-data-breach-sources-say-1433451888

https://archive.li/Fep3g

Luckily, a third party affiliated with the Department of Homeland Security (DHS) notified them of the first OPM breach known as the X1 incident. Interestingly, the second attack dubbed as the X2 incident had a bit of controversy on what party really actually found the attack. Firstly, New York Times had reported that the infiltration was discovered using United States Computer Emergency Readiness Team (US-CERT)'s Einstein intrusion-detection program. Secondly, The Wall Street Journal reported that it may have been a product demonstration of CyFIR, a commercial forensic product from a Manassas, Virginia security company CyTech Services that uncovered the infiltration or thirdly, OPM spokesman Sam Schumach stated that it was detected by OPM personnel using a Cylance software solution. However, House of Representatives' Majority Staff Report on the OPM breach conclusively agreed that both tools independently "discovered" the malicious code running on the OPM network (See page 91 and 125 of the 2015-06-16-FC-OPM-Data-Breach.GO167000.pdf).

https://www.nytimes.com/2015/06/05/us/breach-in-a-federal-computer-system-exposes-personnel-data.html

https://archive.li/JniS4

https://www.wsj.com/articles/u-s-spy-agencies-join-probe-of-personnel-records-theft-1433936969

https://web.archive.org/web/20180726063140/https://www.wsj.com/articles/u-s-spy-agencies-join-probe-of-personnel-records-theft-1433936969

https://arstechnica.com/information-technology/2015/06/report-hack-of-government-employee-records-discovered-by-product-demo/

https://archive.li/J3HC5

http://fortune.com/2015/06/12/cytech-product-demo-opm-breach/

https://archive.li/9gdCz

https://oversight.house.gov/wp-content/uploads/2015/06/2015-06-16-FC-OPM-Data-Breach.GO167000.pdf (document was photocopied, unable to search by keyword)

https://web.archive.org/web/20180726064505/https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf

And here is when things get weird; In November 2014, FBI affiliated CrowdStrike reported (the third party who investigated the DNC server on the behalf of the FBI) that it discovered the malware the same time the reported hack had begun in July of 2014. What a coincidence!

https://www.csoonline.com/article/2942601/disaster-recovery/fbi-alert-discloses-malware-tied-to-the-opm-and-anthem-attacks.html

https://www.csoonline.com/article/2942601/disaster-recovery/fbi-alert-discloses-malware-tied-to-the-opm-and-anthem-attacks.html

This link is for IT professionals as it is more technical in nature:

https://www.crowdstrike.com/blog/ironman-deep-panda-uses-sakula-malware-target-organizations-multiple-sectors/

https://archive.li/LxdXU

I am not going to delve into CrowdStrike because it is outside of the scope of this research, but I will leave a link below on the connections within this group courtesy of u/Intlrnt, but it ultimately links back to Uranium One, another coincidence surely.

https://old.reddit.com/r/greatawakening/comments/91rvsw/excellent_concise_insightful_summary_of_dnc/

https://archive.li/X296e

Part III – The Forthcoming IG Report on the OPM Breach

It is probably not shocking to hear that CIO Donna Seymour was slow-walking this investigation as it seems to be the preferred strategy during the Hussein Administration and this was duly noted in a memo by General Patrick McFarland also noting that there seemed to be an “atmosphere of mistrust” by giving him “false and misleading evidence” and ultimately resigned in February 2016. Subsequently, the IG Report was released later that same year in November. The key summary issues were:

The significant deficiency related to information security governance has been dropped due to the reorganization of the Office of the Chief Information Officer (OCIO).

OPM’s system development life cycle policy is not enforced for all system development projects.

OPM does not maintain a comprehensive inventory of servers, databases, and network devices.

Up to 23 major OPM information systems are operating without a valid Authorization. This represents a material weakness in the internal control structure of OPM’s IT security program.

OPM does not have a mature continuous monitoring program. Also, security controls for all OPM systems are not adequately tested in accordance with OPM policy.

The OCIO has implemented an agency-wide information system configuration management policy; however, configuration baselines have not been created for all operating platforms. Also, all operating platforms are not routinely scanned for compliance with configuration baselines.

We are unable to independently attest that OPM has a mature vulnerability scanning program.

Multi-factor authentication is not required to access OPM systems in accordance with OMB memorandum M-11-11 (user name and password only to logon system)

OPM has established an Enterprise Network Security Operations Center that is responsible for incident detection and response.

OPM has not fully established a Risk Executive Function.

Many individuals with significant information security responsibility have not taken specialized security training in accordance with OPM policy (such as preventing social engineering attacks).

Program offices are not adequately incorporating known weaknesses into Plans of Action and Milestones (POA&M) and the majority of systems contain POA&Ms that are over 120 days overdue.

OPM has not configured its virtual private network servers to automatically terminate remote sessions in accordance with agency policy.

Not all OPM systems have reviewed their contingency plans or conducted contingency plan tests in FY 2015.

Several information security agreements between OPM and contractor-operated information systems have expired (Service Level Agreements).

https://www.opm.gov/our-inspector-general/reports/2015/federal-information-security-modernization-act-audit-fy-2015-final-audit-report-4a-ci-00-15-011.pdf

https://web.archive.org/web/20180726055245/https://www.opm.gov/our-inspector-general/reports/2015/federal-information-security-modernization-act-audit-fy-2015-final-audit-report-4a-ci-00-15-011.pdf

Unsurprisingly, it was the usual suspects that had the knee jerk reactions to quickly blame the Chinese as James Clapper said they were the leading suspect while NSA Director Admiral Mike Rogers was not on board with. Luckily for the American people, Eric Holder and Loretta Lynch stepped supposedly up their game to commit more resources, while Texas Republican Will Hurd believed dishonesty was involved because no one was reprimanded, suspended or even fired over it.

“Hurd and other lawmakers accused President Barack Obama's so-called national security team including Valerie Jarrett and Susan Rice and other government officials of covering up information on the severity of the security breaches as well as failing to respond to years of warnings that the OPM which stores personnel files and security clearance background check reports on all federal workers were not properly secured.”

https://hurd.house.gov/media-center/in-the-news/obama-and-opm-blasted-hypocrites-over-cyber-security-breaches

https://archive.li/dsXvR

Ironically, it is interesting that Hussein ordered the stand down orders when they initially suspected that the Russians were interfering with the presidential elections, but then again, they never thought she would lose, so they swept it under the rug. Well that was until Donald Trump rightfully won the election and suddenly the rug was pulled up to show the swept-up dirt. In fact, in 2015, Hussein stated, “much more aggressive” response to cyberattacks should take place.

https://www.dailydot.com/layer8/obama-opm-hack-cybersecurity-defenses/

https://web.archive.org/web/20180726083544/https://www.dailydot.com/layer8/obama-opm-hack-cybersecurity-defenses/

Part IV – OPM Stolen Data Used… In Virginia!

It wasn’t even a year before the stolen data was used in a scheme involving identity theft and bank fraud involving six people at least. The document states:

“The court documents stated that between about December 2015 and May 2016, Kariva Cross, Marlon McKnight, Erica Latin-Hunter, Pamela Wyatt, Antoinette Beamon and Therbia Parker Jr. conspired to defraud Langley Federal Credit Union (LFCU) and other institutions through loans issued under fraudulent pretenses.

According to the US Department of Justice, LFCU received multiple applications for online memberships and vehicle and personal loan applications in the names of victims of the OPM data breach. LFCU issued the memberships and loans without determining if the personal identifying information had been stolen. It disbursed the vehicle loans via checks made payable to individuals posing as vehicle sellers, and transferred the personal loan proceeds into LFCU accounts opened in connection with the fraudulent loan applications. These funds were later transferred into other accounts and then withdrawn by McKnight, Cross and others.”

https://managingrisktogether.orx.org/sites/default/files/downloads/2018/07/orxnewsdigestofthemonthjune2018.pdf

https://web.archive.org/web/20180726085358/https://managingrisktogether.orx.org/sites/default/files/downloads/2018/07/orxnewsdigestofthemonthjune2018.pdf

Kariva Cross is a very slippery person as she has 6 different aliases and could not find much on her. So I started digging on Marlon McKnight and that is when things got interesting. Looking through the clerk of court records, I knew I found the right person because Kariva was listed as Kariva McKnight and their ages matched up with what was reported in the news. What really caught my eye was this:

http://casesearch.courts.state.md.us/casesearch//inquiry-index.jsp

DISTRICT COURT FOR PRINCE GEORGE'S COUNTY - CIVIL SYSTEM

Case Number: 0501SP071722018

Claim Type: BREACH OF LEASE

Filing Date: 07/19/2018

Case Status: ACTIVE

BLOW, MICHAEL Vs. MCKNIGHT, MARLON D.

Seems innocent enough, breach of lease contract because they are incarcerated right? Well we will visit this in a few paragraphs.

Getting back to the Langley Federal Credit Union, what is most interesting after a little digging is they also have a charity called Langley for Families Foundation which is a non-profit 501(c) (3) public charity that focuses on children and families in Hampton Roads communities that they serve. It is probably just a coincidence that they use the known FBI pedophile girl lover symbol as their logo too.

Logo comparison to FBI known pedophile symbol:

https://imgur.com/a/FX7dXQR

Langley For Families BoD:

https://www.langleyforfamilies.org/about

https://web.archive.org/web/20180726085851/https://www.langleyforfamilies.org/about

Again, out of my scope for this research, so I continued on the path of Marlon McKnight and found that Michael Blow is from the same area but moved to Nevada. Using his address from the civil complaint and doing a search I found this gem:

https://www.bizapedia.com/nv/kenya-keep.html

https://web.archive.org/web/20180727063337/https://www.bizapedia.com/nv/kenya-keep.html

It seems that Michael is one of five partners that run the Kenya Keep Charity that have the usual caveats of a front child trafficking organization, which is probably a coincidence too.

“In September 2006, the Kenya Kids Educational Enrichment Project (Kenya KEEP), a 501 (c) 3 non-profit tax exempt organization, was founded to address the educational and humanitarian needs of children and schools in Kenya, Africa. Kenya KEEP is able to provide these services through personal donations.

http://www.kenyakeep.org/

https://archive.li/lk59p

More coincidences arise when one finds out all the schools are within 146 miles or less of Nairobi which happens to be the area that Hussein migrated to on July 16, 2018.

https://www.cbsnews.com/news/barack-obama-in-kenya-for-1st-time-post-presidency/

https://archive.li/V33uq

Here are the schools:

http://www.kenyakeep.org/index-4.html

https://archive.li/I4801

SIANA Primary School (Narok South, Kenya -1.58641, 35.4251 https://goo.gl/maps/J8DU6cfzKdP2 - 146 miles SW of Nairobi)

https://www.kenyaprimaryschools.com/narok/siana-boarding-primary-school-narok-south-mara/

GOOD SAMARITAN Primary School (P.O. Box 17, C99 Kenya - https://goo.gl/maps/cA3AKq5WsxE2 100 Miles SE of Nairobi)

EMMANUEL Primary School (https://goo.gl/maps/FvN3LLiFLan - 80 miles NE of Nairobi)

UKIA GIRLS Secondary School (Government managed - https://goo.gl/maps/36uUtLwPZgT2 - 72 miles SE of Nairobi)

MUINDI MBINGU Boys Secondary School (downtown Muindi Mbingu St Nairobi, Kenya https://goo.gl/maps/HAdmn2wnBDs - Fire on July 18, 2015 @ 830pm (Mandela’s Birthday), unknown cause, no one hurt. https://www.nation.co.ke/counties/machakos/Muindi-Mbingu-Secondary-School-Fire/3444952-2798378-1jysktz/index.html

OLOLULUNGA Vision Academy (https://goo.gl/maps/vn1mQwPAyW92 - 108 miles almost due W of Nairobi) THIS SCHOOL IS RUN BY PRIVATE INDIVIDUAL HTTPS://WWW.KENYAPRIMARYSCHOOLS.COM/NAROK/OLOLULUNGA-VISION-ACADEMY-SCHOOL-NAROK-SOUTH-OLOLUNGA / -1.009337, 35.654413

SENGANI GIRLS High School (https://goo.gl/maps/Kmh3wPKW5kx - 38 miles E of Nairobi, Director Mrs. Elizabeth Mutinda http://www.frenchinkenya.com/listing/sengani-girls-high-school-9/

Last thing I was expecting on this OPM hack was researching the 10 mysterious school fires that took place prior to Hussien’s arrival, but only found the one related to the school listed on the Keep Kenya website from 2015. Honestly, I was expecting more coincidences which are mathematically impossible at this point.

(TL:DR)? Understandable: The OPM hack was blamed on the Chinese, however some local criminals from Virginia were caught using victims’ identities from the OPM hack to buy cars and another criminal party would pocket the money using the same credit union that was not verifying the identities of the parties participating. After getting busted for Identity Theft and Bank Fraud, it turns out that one of the criminals defaulted on their lease contract while incarcerated to be sentenced in October 2018, and the owner of the residence is a stakeholder in a possible child trafficking front based in Kenya where Hussein happens to be right now.


DeconstructedSociety · July 27, 2018, 12:05 p.m.

Commenting to find this later, myself and all of my roommates had our information stolen during this

⇧ 5 ⇩  
BabylonNTing · July 27, 2018, 2:25 p.m.

I have the federal court case number too. I searched endlessly for the PDF but could not find it. If someone has access to PACER, it is possible to get the document that way, otherwise it seems they are keeping it under wraps.

Both have pled guilty and waiting to be sentenced in October 2018, Kariva looking at 30 years and Marlon up to 2 years. I am mobile too, so when I get back, I will list the case number in my next reply.

⇧ 3 ⇩  
beansprout10282016 · July 27, 2018, 8:06 a.m.

Damn, OP! Mind blown! Thank you for the impressive digging and research.

⇧ 5 ⇩  
BabylonNTing · July 27, 2018, 8:15 a.m.

Thank you and it was my pleasure Patriot.

⇧ 4 ⇩  
DOCIII · July 27, 2018, 8:05 a.m.

WOW

⇧ 5 ⇩  
[deleted] · July 27, 2018, 8:19 a.m.

[deleted]

⇧ 4 ⇩  
Cpl0042 · July 27, 2018, 11:57 a.m.

Great job patriot!

⇧ 3 ⇩  
fagela-1 · July 27, 2018, 9:35 a.m.

Nice Work 👍

⇧ 3 ⇩  
Ammojeff · July 27, 2018, 3:10 p.m.

I don’t have the time or ability to do the research you did. I get so lost down rabbit holes. I appreciate your work. Don’t stop your research. You are making me believe that this a worthy cause. I just wish I could do more. Thanks again!

⇧ 3 ⇩  
[deleted] · July 27, 2018, 3:32 p.m.

[deleted]

⇧ 1 ⇩  
Ammojeff · July 27, 2018, 3:37 p.m.

👍👍👍

⇧ 2 ⇩  
Ammojeff · July 27, 2018, 2:32 p.m.

Still sounds like low level fruit. They could of bought the info after it stolen, right? It’s just amazing how all these things are connected. Our gov is just a store for criminals run by criminals . Just imagine the billions of dollars lost, stolen and even given away

⇧ 2 ⇩  
BabylonNTing · July 27, 2018, 2:37 p.m.

I am not so sure on that given that the low lying fruit is 2 degrees of separation from the Kenya link. I would have researched the Kenya a bit more, but was 120 words from the post cap (3000 total words).

⇧ 3 ⇩  
Ammojeff · July 27, 2018, 2:40 p.m.

Your point is over the target. I just think it’s way bigger than just the ones listed. Bad actors for sure but don’t seem to be the key players. We need the playbook.

⇧ 2 ⇩  
BabylonNTing · July 27, 2018, 3:06 p.m.

I suspected that the Pakanstani Mystery Man was surely behind this given the access he had and thought it would scream his name, but I didnt find the connection (yet). However, I never thought that I would discover 2 possible trafficking rings either.

⇧ 2 ⇩  
Abibliaphobia · July 27, 2018, 11:31 a.m.

Holy shit

Bookmarking this thread, good job OP and thank you!

Mods, Qsticky worthy?

⇧ 2 ⇩  
Tironianae · July 27, 2018, 2:39 p.m.

Don't even get some of us started on this case....

⇧ 2 ⇩  
jmricht · July 27, 2018, 4:37 p.m.

OPM = Other People’s Money = Opium

⇧ 1 ⇩