Feds shut down background check database over flaw

Looks like something is going to happen, but why with someone in the know not talk about it, surely they have family and friends.

originally posted by: Majic
Shutting The Barn Door

I'm pretty sure the National Instant Criminal Background Check System (NICS) operates independently of the United States Office of Personnel Management (OPM), so this shouldn't affect firearms purchases.

I think it is also a good idea to bear in mind that just because they say there is no evidence the vulnerability they found has been exploited, doesn't mean it hasn't been exploited. After all, other vulnerabilities were apparently exploited for months before the OPM realized it, which is why this is such a major scandal.

The damage already caused, and that will inevitably continue long into the future, by allowing the most intimate personal details of up 18 million federal employees and contractors to fall into unfriendly hands is incalculable, but definitely catastrophic.

The genie is already out of the bottle.

Well....if it is the case that it has already been breached then there is also the possibility that whomever breached it was able to issue their own security clearances..... that adds a level of SHTF to it.

How does a database of federal employees affect checks for non federal employed people?

originally posted by: roadgravel
How does a database of federal employees affect checks for non federal employed people?

Its not just Federal employees in the database....this is the database where they keep records for and approve anyone for clearance to work on projects requiring clearance.

I am a non-federal employee when I do work on Lockheed locations, but I have a secret clearance in order to do so. This database is the Feds national/international database for background checks.

originally posted by: musicismagic
Looks like something is going to happen, but why with someone in the know not talk about it, surely they have family and friends.

Maybe they agree with the action or maybe they don't see any way to avoid it...even by telling everyone.

originally posted by: Vasa Croe

originally posted by: roadgravel
How does a database of federal employees affect checks for non federal employed people?

Its not just Federal employees in the database....this is the database where they keep records for and approve anyone for clearance to work on projects requiring clearance.

I am a non-federal employee when I do work on Lockheed locations, but I have a secret clearance in order to do so.

Again...we are rarely told the truth and never the full truth.

a reply to: Vasa Croe

There was a comment about fire arms checks...

I also wonder how this is going to affect background checks for weapons licenses

Gotta love this coming up on the heels of the story...just stinks like a big set up....

FBI setting up command centers to monitor terrorist threats over July 4 weekend

The FBI is establishing command centers around the country to monitor any potential terrorist threats around the July 4 weekend, a federal law enforcement source told Fox News.

The source said while there is no specific, credible threat surrounding the holiday, its symbolic nature offers a potential target for terror groups like ISIS. Authorities are particularly concerned about soft targets like shopping malls and other areas where there are large gatherings of people and rather light security, according to the source.

Information from local, state and federal law enforcement agencies will be sent to the command centers so officials can gauge the threat level and respond quickly.

Another law enforcement source told Fox the FBI’s strategy has shifted toward getting ISIS supporters off the streets as soon as possible, given that it’s hard to predict when one might go operational. This could include arresting individuals on lesser charges and then building a broader case once that person is in custody.

Sou rce

Well...that certainly is not the follow up story I wanted to see....but I can't imagine their knowing something and letting it out of the bag like this....especially for a July 4th type of weekend. I mean I CAN imagine it, but that would just be plain evil...talk about a game changer for the government...major attack on July 4th, Independence Day.....that would bring all the gun control initiatives. Depending on the event, it could be racially motivated or a terroristic threat.

Interesting how many ways this could go down in my head.....but....like I said...I love to run a good conspiracy through my outlet here sometimes...doubt there is anything to this.

originally posted by: roadgravel
a reply to: Vasa Croe

There was a comment about fire arms checks...

I also wonder how this is going to affect background checks for weapons licenses

Yeah, I think that was just a supposition. Though I can't see how the 2 area not related in a manner enough to shut them both down the same way. Even if they are not the same database, my guess is that they house the same vulnerability.

a reply to: Vasa Croe

and if some loony does something this weekend it will hit the public hard, the whole emotional impact of a patriotic holiday ending in tragedy I will be praying that nothing bad happens as many are predicting

originally posted by: FamCore
a reply to: Vasa Croe

and if some loony does something this weekend it will hit the public hard, the whole emotional impact of a patriotic holiday ending in tragedy

I will be praying that nothing bad happens as many are predicting

I would not be surprised if some type of attack occurred this weekend on the 4th in the US, or on some US controlled space/base. It is an obvious date for something like that to occur.

What I would be concerned with are the stories that come out after to see how this shut down of the security clearance database is used in the story.

It really is a perfect opportunity for a cover up.

a reply to: Vasa Croe

Both me and my sister received letters from OPM. I work for a tribal government, and she needed clearance to work on some kind of secret nasa project.

Ok....so I have been reading about 4th of July celebrations a bit. Seems on bases they are announced ahead of time. Here is one as an example.

FORT CARSON, Colo. – Fort Carson and 4th Infantry Division will host a July 4th celebration on July 3 at Iron Horse Park from 4 – 10 p.m

The event will feature live music from the 4th Infantry Division band. The celebration will conclude with a fireworks show at 9:15 p.m.

A wide array of family-friendly games and attractions will be available for attendees, including inflatable bounce houses, a corn maze, rock wall, bungee jump, free photo booth, and a wrecking ball.

Admission is free and the event is open to the public. Fees will apply for some attractions as well as food and merchandise.

Attendees are welcome to bring chairs and picnic blankets to the event. Parking is a distance from the event site, be prepared to walk once parked. Pets and glass containers are not allowed. Personally purchased fireworks are also prohibited on post in accordance with local and state laws.

Only access for non-Department of Defense identification card holders will be Gate 1 (access off of Highway 115) and Gate 20 (access off of Interstate 25). Visitor passes will not be required from 2 – 9 p.m. Those accessing the installation for the celebration will have to show a current driver’s license, auto registration and valid auto insurance. Allow extra time in the event of a vehicle inspection. Military working dogs will be active in the event area.

All weapons brought onto Fort Carson must be registered with the provost marshal's office at building 2700 in accordance with U.S. Army and Fort Carson regulations and policy. Only law enforcement personnel in the performance of official duties may possess a concealed weapon on Fort Carson. It is important to note that county, state and federal civilian concealed carry permits are not recognized or valid on Fort Carson.

Despite Colorado amendment to legalizing recreational marijuana, wrongful use or possession of marijuana on a Federal installation is a violation of federal law. Those attending the celebration, federal law continues to prohibit the use of marijuana anywhere on post.

For more information contact the Fort Carson Public Affairs Office at
(719) 526-4143/7525. After hours please contact the 24-hour Fort Carson Operations Center at (719) 526-5500 and ask for the On-Call Public Affairs Officer.

So this would be a way I could see this story being used. This particular piece is what is concerning to me:

All weapons brought onto Fort Carson must be registered with the provost marshal's office at building 2700 in accordance with U.S. Army and Fort Carson regulations and policy. Only law enforcement personnel in the performance of official duties may possess a concealed weapon on Fort Carson. It is important to note that county, state and federal civilian concealed carry permits are not recognized or valid on Fort Carson.

So, OPM may or may not have been compromised....their story does not lead me to have warm fuzzies that they have not at this point. Now...say they were, or end up saying they were, and a nefarious individual/group grants themselves clearance as a military LEO with the ability to carry on site to an even such as this.

Again....just interesting how this is playing out to me right now. They shut this down just prior to July 4th events that will be held around the country and on bases around the country....stinks of possible scapegoat situation once something happens.

Well....this is interesting. According to their own site press release, the news is not putting everything in the stories about this. Here is what OPM itself says about this:

Through the course of the ongoing investigation into the cyber intrusion that compromised personnel records of current and former Federal employees announced on June 4, OPM has recently discovered that additional systems were compromised. These systems included those that contain information related to the background investigations of current, former, and prospective Federal government employees, as well as other individuals for whom a Federal background investigation was conducted.
This separate incident – like the one that was announced on June 4th affecting personnel information of current and former federal employees – was discovered as a result of OPM’s aggressive efforts to update its cybersecurity posture, adding numerous tools and capabilities to its network.

OPM Site

So they are stating that there ARE other compromised systems, not that there was only a flaw.

Wonder why the cover up in the media reports, and I wonder what was compromised that they just found out.

Looking more and more like a cover up for possible activities based around folks they can say compromised the system and were able to issue clearances for themselves.

Would love to get the details on the actual compromised systems and what those that compromised them could do with the info.

And now digging a bit deeper I find a connection to DHS. So OPM is now using CSID to "rectify" this situation. All well and good right? So I start researching a bit on DHS US-CERT and find a story that was very recent that has not come up anywhere. DHS' own system for background checks was ALSO compromised. Their partner company is called KeyPoint.

KeyPoint Site

Now....here is a DHS release that has not been publicized very much:

How did DHS learn about the incident?
After learning about a cybersecurity intrusion that occurred at another federal contractor, as part of our efforts to responsibly safeguard information, DHS carried out a thorough assessment of all contractors who conduct background investigations on behalf of the Department.

DHS initially discovered possible unauthorized access to KeyPoint’s computer systems in September 2014 while conducting an assessment of the contractor’s network. In response to these discoveries, DHS immediately stopped the flow of information to the contractor and background investigation activity that the company was performing until we ensured additional safeguards were put in place. The company has since implemented safeguards.

There was, and remains, uncertainty as to the extent of the exposure of personally identifiable information (PII). Notifications to all potentially affected individuals are being sent now because their information was included information that we know to have been potentially exposed. We cannot confirm that exposure has led to any nefarious activity.

DHS Source Site

KeyPoint is a DHS contractor that processes personnel background security investigations and credit checks of job applicants who may or may not ultimately have been employed with the Department. Certain current and former DHS employees and contractors, as well as job applicants are potentially impacted by this breach. DHS takes its responsibility to safeguard personal information seriously and is notifying current and former employees and applicants whose PII was stored on the company’s network and may have been exposed as a result of a cybersecurity intrusion. DHS is sending targeted notifications, including a letter, to those individuals whose information is contained in records that could have been exposed.

They just put this on their site 6 days ago.

And not only that, but back in 2014, another little broadcast piece of news is another DHS background check unit that was compromised called USIS.

So that is a lot of background checkers hat are getting hit and a lot of activity around something that I would think is a warning alarm for something happening.

You know...this brings up another question for me. Does NICS pull from the OPM database? If they were compromised then couldn't whomever compromised them have added or deleted records to allow for someone or multiple people to acquire whatever firearms/explosives they would like because they were not flagged or were "pre-approved"?

As in, could they have accessed it because they knew there was a "flag" on a certain buyer from OPM, but only OPM, so they cleared the record or added one to it in order for someone to be able to purchase a large amount of either weapons or explosives?

If it is shut down now, but was already put in place prior to OPM finding out about the breach, then there would be no way to update the NICS system if it is pulling data on checks from OPM.

I am also wondering, now that I have read the following from the FBI, just how vulnerable the NICS system would be to a hack that essentially triggered a Firearm Retrieval Referral? Essentially granting the ATF permission to acquire all weapons from those that legally purchased them assuming they still have them in their possession. I know this is a super far reach, but seems anything can be hacked these days.

Firearm Retrieval Referrals

Because of the NICS Section’s commitment to public safety and national security, the search for needed disposition information continues beyond the three business days to provide a determination as stated in the Brady Act. In some instances, the information is subsequently obtained and a final status determined; however, if the final status (determined after the lapse of three business days) results in a deny decision and the NICS Section is advised by the FFL that the firearm was transferred, then the ATF is notified a prohibited person is in possession of a firearm. In 2013, the NICS Section referred 3,375 firearm retrieval actions to the ATF.

originally posted by: Vasa Croe

originally posted by: Majic
Shutting The Barn Door

I'm pretty sure the National Instant Criminal Background Check System (NICS) operates independently of the United States Office of Personnel Management (OPM), so this shouldn't affect firearms purchases.

I think it is also a good idea to bear in mind that just because they say there is no evidence the vulnerability they found has been exploited, doesn't mean it hasn't been exploited. After all, other vulnerabilities were apparently exploited for months before the OPM realized it, which is why this is such a major scandal.

The damage already caused, and that will inevitably continue long into the future, by allowing the most intimate personal details of up 18 million federal employees and contractors to fall into unfriendly hands is incalculable, but definitely catastrophic.

The genie is already out of the bottle.

Well....if it is the case that it has already been breached then there is also the possibility that whomever breached it was able to issue their own security clearances..... that adds a level of SHTF to it.

Press releases, translated:


Good digging, Croe. :Cheers:

Now, just spitballing here... We keep hearing of these Chinese 'hacks' of personal information. Specifically from China. Now, my gut is telling me this is somehow linked to the TPP. Can info really be considered 'stolen' if it were actually sold out to their gov?

Methinks someone didn't press 1 for English.

*starts making tinfoil hat*

I could see where this data could be used by criminals and terrorist to build up documents for illegally buying guns.

A fake drivers lic and SS card in one of these government employees name would allow someone to walk into a gun store and buy anything on the rack and its very unlikely that they would be denied as they would pass the NICS check.