Friday, April 29, 2016

Obama Regime Breaches National Phone-Number Database Security

by JASmius

Come to think of it, is has been a while since the last major cybersecurity faceplant coming out of the Obama Regime.  I figured that was because there wasn't any federal or supposed-to-be-protected-by-the-feds databases that hadn't already been completely looted by our enemies.

Guess I was wrong, and the latter were just taking a breather to assimilate all of that data - and now they're back for another helping:

Federal officials fear that national security may have been jeopardized when the company building a sensitive phone-number database violated a federal requirement that only U.S. citizens work on the project.

The database is significant because it tracks nearly every phone number in North America, making it a key tool for law enforcement agencies seeking to monitor criminal or espionage targets.

Now Telcordia, a Swedish-owned firm, is being compelled to rewrite the database computer code — a massive undertaking — to assuage concerns from officials at the FBI and Federal Communications Commission that foreign citizens had access to the project. These officials fear that if other countries gain access to the code, they could reap a counterintelligence bonanza, learning the targets of U.S. law enforcement and espionage investigations. [emphasis added]

It follows the Age Of The One cybersecurity template to a fair-the-well: the Regime tried to "fix" what wasn't broken by dropping the no-bid contract the feds had had with Neustar, a northern Virginia contractor that had competently handled the security functions of the Number Portability Administration Center (NPAC) for almost twenty years, in favor of a cheaper one with Telcordia, a subsidiary of Sweden-based Ericsson, and got what they paid for:

The security rewrite began in March after the agencies learned that a Chinese citizen with a U.S. work permit had helped write the system code, said individuals familiar with the matter who spoke on the condition of anonymity to discuss a sensitive matter. Seven other foreign citizens, including a British engineer, also worked on the project, although it was the Chinese engineer who raised red flags for officials. [emphases added]

Use of any but U.S. citizens on any aspect of the NPAC is supposed to be strictly prohibited.  But guess who is constitutionally-charged with enforcing the laws of the land, including this one: the same bunch that outsourced a cybersecurity function directly affecting national security to a foreign cybersecurity firm in contravention of U.S. law in the first place.  And guess who they're having completely re-write the NPAC database security code?  Telcordia!  Could this get any better?

Maybe if they put a Russian, an Iranian, and a North Korean on the team this time 'round.  Heck, maybe they'll even walk into a bar, first.

No comments: