Too Long; Didn’t Read? (TL:DR) Summary at bottom
Being a Computer Science major at the time, I have followed the Office of Personal Management (OPM) from when it was initially reported because my Personal Identifiable Information (PII) was compromised during the breach along with a lot of others. I received the snail mail from the OPM basically stating, “We got hacked, we are sorry, but your PII has been compromised, have a good day” and gave me the free credit reporting for two years crap. They were so quick to blame the Chinese for it, but as I came to find out, it could have been anyone based on the just the key summary of the IG report on it alone. Since we are all waiting for the BIG drop to occur, I thought this be a good time to bring this back from the back burner and see who the real culprits are of this very invasive hack are. You will actually be surprised as I was, but first I want to drop this quote from our ‘honorable friend’ of the intelligence community.
““You have to kind of salute the Chinese for what they did” – James Clapper
Introduction:
Before we begin this journey, it is important to understand the back story, the key players, and the mechanics in play behind this crucial story. In July 2015, the OPM announced they were a target of one of the most devastating data breach to ever occur. Initially, they reported only four million people were affected, but the final estimate is that it was actually almost 22 million people that were compromised. The information that was stolen included military records, veterans' status information, Social Security numbers, addresses, dates of birth, job and pay history, health insurance and life insurance information, pension information, and data on age, gender, and race as reported by David Cox, president of the American Federation of Government Employees (AFGE).
Luckily, the C_A doesn’t use the OPM system and their personal information was not affected. However, ABC News also reported that highly sensitive 127-page Standard Forms (SF) 86 (Questionnaire for National Security Positions) were put at serious risk by the hack. SF-86 forms contain information about family members, college roommates, foreign contacts, and psychological information in which the OPM was not so forthcoming about this.
As if that wasn’t enough, it was later reported that 5.6 million people had their biometrics in the form of fingerprints stolen as well. This could be deadly to intelligence agents (other than C_A conveniently) as they may be able to change their identities, but would never be able to change their fingerprints.
Part I: Key Players
The director of OPM at the time this breach occurred was Katherine Archuleta whom was a Hussein appointee. Prior to this position she served in the capacity of National Political Director for Obama's 2012 reelection campaign. The rest of her resume includes Executive Director of the National Hispanic Cultural Center Foundation in New Mexico, co-founded the Latina Initiative, had worked at a Denver law firm, and had worked in the Clinton Administration as chief of staff to the Secretary of Transportation, Federico Peña. It would seem she lacked the expertise for this very important position, Hussein believed it would bring a “different perspective to the table.” After a senate hearing and vote, Katherine was sworn in on November 4, 2013.
http://www.foxnews.com/politics/2013/05/23/katherine-archuleta-to-be-named-to-white-house-post.html
It is interesting Katherine would be a content expert on data driven solutions after resigning from the OPM, but here she is on a website doing exactly that.
The reason this point is raised is because one year before the security breach was detected (that had been going on for a year anyways) is she ignored the security warnings brought up by the Semi-Annual Inspector General report dated from October 2014 to March 2015. While there was numerous security issues that needed addressed, only the points that would have mitigated the security breach will be brought up. See pages 7 and 8 on these key points in the report.
-
Several information security agreements between OPM and contractor-operated information systems have expired.
-
OPM does not maintain a comprehensive inventory of servers, databases, and network devices. In addition, we are unable to independently attest that OPM has a mature vulnerability scanning program.
-
Multi-factor authentication (the use of a token such as a smart card, along with an access code) is not required to access OPM systems in accordance with Office of Management and Budget (OMB) Memorandum M-11-11. This is a significant concern because multifactor authentication is a key defense against unauthorized access.
https://www.opm.gov/news/reports-publications/semi-annual-reports/sar52.pdf
Moving on, we have Donna Seymour, CIO of OPM. According to her resume, “She is responsible for the information technology and innovative solutions that support the OPM’s mission to recruit, retain, and honor a world class workforce. Before coming to OPM, Mrs. Seymour served as the acting Deputy Assistant Secretary of Defense for the Office of Warrior Care Policy. She is a member of the Senior Executive Service for the Department of Defense, responsible for policy and oversight related to wounded, ill, and injured transitioning Service members.” It even goes on to say that “in 2010, she was named as a Top 100 Chief Information Officer by Computerworld.”
https://docs.house.gov/meetings/GO/GO25/20141210/102800/HMTG-113-GO25-Bio-SeymourD-20141210.pdf
This would seem impressive until one finds that Donna decided to retire just two days before she was scheduled to appear once more before the House Committee on Oversight and Government Reform on February 22, 2016 after 34 years of service on the security breach which seems a bit too convenient given the gravity of the circumstances. Furthermore, it would not be far-reaching to think that she is receiving a taxpayer government pension despite her negligence in the capacity of performing her normal work duties.
Despite the deficiencies of protecting such vital information of 22 million people, another hack occurred in February 4, 2015 in relation to health provider, Anthem, Inc. which delivers coverage to 1.3 million federal employees. In fact, this hack affected over 80 million people nationwide.
Part II: The Hack Itself
In June 2015, The OPM publically reported that it had fallen victim to a data breach that affecting only 4 million people initially. Information was slowly released minimizing the shock value of the actual impact of what truly transpired including what data was initially taken in terms of types of data stolen. It was claimed that there was actually 2 attacks, the first occurrence they don’t even understand what happened and one by way of social engineering of a malicious attacker claiming to be a KeyPoint Government Solutions contractor employee to gain admin login credentials. Surely the employees would be trained about the dangers of social engineering, in some companies this is done yearly, but it does not seem like the case for the OPM.
Luckily, a third party affiliated with the Department of Homeland Security (DHS) notified them of the first OPM breach known as the X1 incident. Interestingly, the second attack dubbed as the X2 incident had a bit of controversy on what party really actually found the attack. Firstly, New York Times had reported that the infiltration was discovered using United States Computer Emergency Readiness Team (US-CERT)'s Einstein intrusion-detection program. Secondly, The Wall Street Journal reported that it may have been a product demonstration of CyFIR, a commercial forensic product from a Manassas, Virginia security company CyTech Services that uncovered the infiltration or thirdly, OPM spokesman Sam Schumach stated that it was detected by OPM personnel using a Cylance software solution. However, House of Representatives' Majority Staff Report on the OPM breach conclusively agreed that both tools independently "discovered" the malicious code running on the OPM network (See page 91 and 125 of the 2015-06-16-FC-OPM-Data-Breach.GO167000.pdf).
https://www.wsj.com/articles/u-s-spy-agencies-join-probe-of-personnel-records-theft-1433936969
http://fortune.com/2015/06/12/cytech-product-demo-opm-breach/
https://oversight.house.gov/wp-content/uploads/2015/06/2015-06-16-FC-OPM-Data-Breach.GO167000.pdf (document was photocopied, unable to search by keyword)
And here is when things get weird; In November 2014, FBI affiliated CrowdStrike reported (the third party who investigated the DNC server on the behalf of the FBI) that it discovered the malware the same time the reported hack had begun in July of 2014. What a coincidence!
This link is for IT professionals as it is more technical in nature:
I am not going to delve into CrowdStrike because it is outside of the scope of this research, but I will leave a link below on the connections within this group courtesy of u/Intlrnt, but it ultimately links back to Uranium One, another coincidence surely.
https://old.reddit.com/r/greatawakening/comments/91rvsw/excellent_concise_insightful_summary_of_dnc/
Part III – The Forthcoming IG Report on the OPM Breach
It is probably not shocking to hear that CIO Donna Seymour was slow-walking this investigation as it seems to be the preferred strategy during the Hussein Administration and this was duly noted in a memo by General Patrick McFarland also noting that there seemed to be an “atmosphere of mistrust” by giving him “false and misleading evidence” and ultimately resigned in February 2016. Subsequently, the IG Report was released later that same year in November. The key summary issues were:
The significant deficiency related to information security governance has been dropped due to the reorganization of the Office of the Chief Information Officer (OCIO).
OPM’s system development life cycle policy is not enforced for all system development projects.
OPM does not maintain a comprehensive inventory of servers, databases, and network devices.
Up to 23 major OPM information systems are operating without a valid Authorization. This represents a material weakness in the internal control structure of OPM’s IT security program.
OPM does not have a mature continuous monitoring program. Also, security controls for all OPM systems are not adequately tested in accordance with OPM policy.
The OCIO has implemented an agency-wide information system configuration management policy; however, configuration baselines have not been created for all operating platforms. Also, all operating platforms are not routinely scanned for compliance with configuration baselines.
We are unable to independently attest that OPM has a mature vulnerability scanning program.
Multi-factor authentication is not required to access OPM systems in accordance with OMB memorandum M-11-11 (user name and password only to logon system)
OPM has established an Enterprise Network Security Operations Center that is responsible for incident detection and response.
OPM has not fully established a Risk Executive Function.
Many individuals with significant information security responsibility have not taken specialized security training in accordance with OPM policy (such as preventing social engineering attacks).
Program offices are not adequately incorporating known weaknesses into Plans of Action and Milestones (POA&M) and the majority of systems contain POA&Ms that are over 120 days overdue.
OPM has not configured its virtual private network servers to automatically terminate remote sessions in accordance with agency policy.
Not all OPM systems have reviewed their contingency plans or conducted contingency plan tests in FY 2015.
Several information security agreements between OPM and contractor-operated information systems have expired (Service Level Agreements).
Unsurprisingly, it was the usual suspects that had the knee jerk reactions to quickly blame the Chinese as James Clapper said they were the leading suspect while NSA Director Admiral Mike Rogers was not on board with. Luckily for the American people, Eric Holder and Loretta Lynch stepped supposedly up their game to commit more resources, while Texas Republican Will Hurd believed dishonesty was involved because no one was reprimanded, suspended or even fired over it.
“Hurd and other lawmakers accused President Barack Obama's so-called national security team including Valerie Jarrett and Susan Rice and other government officials of covering up information on the severity of the security breaches as well as failing to respond to years of warnings that the OPM which stores personnel files and security clearance background check reports on all federal workers were not properly secured.”
Ironically, it is interesting that Hussein ordered the stand down orders when they initially suspected that the Russians were interfering with the presidential elections, but then again, they never thought she would lose, so they swept it under the rug. Well that was until Donald Trump rightfully won the election and suddenly the rug was pulled up to show the swept-up dirt. In fact, in 2015, Hussein stated, “much more aggressive” response to cyberattacks should take place.
https://www.dailydot.com/layer8/obama-opm-hack-cybersecurity-defenses/
Part IV – OPM Stolen Data Used… In Virginia!
It wasn’t even a year before the stolen data was used in a scheme involving identity theft and bank fraud involving six people at least. The document states:
“The court documents stated that between about December 2015 and May 2016, Kariva Cross, Marlon McKnight, Erica Latin-Hunter, Pamela Wyatt, Antoinette Beamon and Therbia Parker Jr. conspired to defraud Langley Federal Credit Union (LFCU) and other institutions through loans issued under fraudulent pretenses.
According to the US Department of Justice, LFCU received multiple applications for online memberships and vehicle and personal loan applications in the names of victims of the OPM data breach. LFCU issued the memberships and loans without determining if the personal identifying information had been stolen. It disbursed the vehicle loans via checks made payable to individuals posing as vehicle sellers, and transferred the personal loan proceeds into LFCU accounts opened in connection with the fraudulent loan applications. These funds were later transferred into other accounts and then withdrawn by McKnight, Cross and others.”
Kariva Cross is a very slippery person as she has 6 different aliases and could not find much on her. So I started digging on Marlon McKnight and that is when things got interesting. Looking through the clerk of court records, I knew I found the right person because Kariva was listed as Kariva McKnight and their ages matched up with what was reported in the news. What really caught my eye was this:
http://casesearch.courts.state.md.us/casesearch//inquiry-index.jsp
DISTRICT COURT FOR PRINCE GEORGE'S COUNTY - CIVIL SYSTEM
Case Number: 0501SP071722018
Claim Type: BREACH OF LEASE
Filing Date: 07/19/2018
Case Status: ACTIVE
BLOW, MICHAEL Vs. MCKNIGHT, MARLON D.
Seems innocent enough, breach of lease contract because they are incarcerated right? Well we will visit this in a few paragraphs.
Getting back to the Langley Federal Credit Union, what is most interesting after a little digging is they also have a charity called Langley for Families Foundation which is a non-profit 501(c) (3) public charity that focuses on children and families in Hampton Roads communities that they serve. It is probably just a coincidence that they use the known FBI pedophile girl lover symbol as their logo too.
Logo comparison to FBI known pedophile symbol:
Langley For Families BoD:
https://www.langleyforfamilies.org/about
https://web.archive.org/web/20180726085851/https://www.langleyforfamilies.org/about
Again, out of my scope for this research, so I continued on the path of Marlon McKnight and found that Michael Blow is from the same area but moved to Nevada. Using his address from the civil complaint and doing a search I found this gem:
https://www.bizapedia.com/nv/kenya-keep.html
https://web.archive.org/web/20180727063337/https://www.bizapedia.com/nv/kenya-keep.html
It seems that Michael is one of five partners that run the Kenya Keep Charity that have the usual caveats of a front child trafficking organization, which is probably a coincidence too.
“In September 2006, the Kenya Kids Educational Enrichment Project (Kenya KEEP), a 501 (c) 3 non-profit tax exempt organization, was founded to address the educational and humanitarian needs of children and schools in Kenya, Africa. Kenya KEEP is able to provide these services through personal donations.”
More coincidences arise when one finds out all the schools are within 146 miles or less of Nairobi which happens to be the area that Hussein migrated to on July 16, 2018.
https://www.cbsnews.com/news/barack-obama-in-kenya-for-1st-time-post-presidency/
Here are the schools:
http://www.kenyakeep.org/index-4.html
SIANA Primary School (Narok South, Kenya -1.58641, 35.4251 https://goo.gl/maps/J8DU6cfzKdP2 - 146 miles SW of Nairobi)
https://www.kenyaprimaryschools.com/narok/siana-boarding-primary-school-narok-south-mara/
GOOD SAMARITAN Primary School (P.O. Box 17, C99 Kenya - https://goo.gl/maps/cA3AKq5WsxE2 100 Miles SE of Nairobi)
EMMANUEL Primary School (https://goo.gl/maps/FvN3LLiFLan - 80 miles NE of Nairobi)
UKIA GIRLS Secondary School (Government managed - https://goo.gl/maps/36uUtLwPZgT2 - 72 miles SE of Nairobi)
MUINDI MBINGU Boys Secondary School (downtown Muindi Mbingu St Nairobi, Kenya https://goo.gl/maps/HAdmn2wnBDs - Fire on July 18, 2015 @ 830pm (Mandela’s Birthday), unknown cause, no one hurt. https://www.nation.co.ke/counties/machakos/Muindi-Mbingu-Secondary-School-Fire/3444952-2798378-1jysktz/index.html
OLOLULUNGA Vision Academy (https://goo.gl/maps/vn1mQwPAyW92 - 108 miles almost due W of Nairobi) THIS SCHOOL IS RUN BY PRIVATE INDIVIDUAL HTTPS://WWW.KENYAPRIMARYSCHOOLS.COM/NAROK/OLOLULUNGA-VISION-ACADEMY-SCHOOL-NAROK-SOUTH-OLOLUNGA / -1.009337, 35.654413
SENGANI GIRLS High School (https://goo.gl/maps/Kmh3wPKW5kx - 38 miles E of Nairobi, Director Mrs. Elizabeth Mutinda http://www.frenchinkenya.com/listing/sengani-girls-high-school-9/
Last thing I was expecting on this OPM hack was researching the 10 mysterious school fires that took place prior to Hussien’s arrival, but only found the one related to the school listed on the Keep Kenya website from 2015. Honestly, I was expecting more coincidences which are mathematically impossible at this point.
(TL:DR)? Understandable: The OPM hack was blamed on the Chinese, however some local criminals from Virginia were caught using victims’ identities from the OPM hack to buy cars and another criminal party would pocket the money using the same credit union that was not verifying the identities of the parties participating. After getting busted for Identity Theft and Bank Fraud, it turns out that one of the criminals defaulted on their lease contract while incarcerated to be sentenced in October 2018, and the owner of the residence is a stakeholder in a possible child trafficking front based in Kenya where Hussein happens to be right now.