OPM Breach

OPM Breach

  1. OPM Pays CyTech Services for Services Rendered During Largest US Government Breach in History

    On May 15, 2018, the United States Office of Personnel Management paid CyTech Services, Inc. for its role in assisting in the response to the largest data breach in US Government history, following a sales demonstration of the CyFIR Enterprise digital forensics and incident response platform at OPM Headquarters in which CyFIR located and confirmed the existence of malicious code on the OPM production network. CyTech Services and CyFIR are proud of the work they performed and the functionality of its software during this time.

  2. CyTech CEO Ben Cotton Interviewed by Bloomberg BusinessWeek

    Paul Barrett, in his article entitled “When Spotting a Hack Doesn’t Help You,” discusses the April, 2015 data breach at the United States Office of Personnel Management and the role of CyTech Services in the identification, investigation, and remediation of the breach.

    Cotton assumed his business would benefit from its role in revealing the breach. Instead, OPM publicly denied he’d helped and implied he’d angled for undeserved praise in the media. That’s a devastating suggestion in the digital security field, where contractors are expected to keep their findings private. Stuck in an entrepreneur’s nightmare, Cotton had to put his faith in a congressional investigation of the breach.

    Barrett continued with the background of both Cotton and CyTech Services, which he established after retiring from the US Army Special Forces and discussed OPM’s failure to pay the small, service disabled veteran owned business for its work.

  3. Personal Statement from CyTech Services CEO, Ben Cotton, on the OPM Breach Response

    featured image

    Last April, CyTech Services was invited to the US Office of Personnel Management for a routine product demonstration of our CyFIR Enterprise software. We had no idea when we entered the building that CyFIR was about to identify malicious code on their live network and that we would assist with the investigation of the largest data breach in the history of the US Government.

    This isn’t a problem that only happens at government agencies like OPM. These types of data thefts have become all too common, and every day seems to bring new headlines about hacks or breaches into political committees, corporations, and private citizens. Clearly, something has to be done, and our work with OPM shows how an incident response should take place and, more importantly, the steps that large organizations can take to protect themselves. It’s critical that our nation’s IT systems realize their vulnerabilities and accept that they need innovative technologies to address them.

    On September 7, 2016, after a long and thorough investigation, the House Oversight and Government Reform Committee (HOGR) released a comprehensive and well-documented report outlining their findings….

    View the complete post here.

  4. CyTech Services Issues Press Release Regarding House Oversight and Government Reform Committee Report on OPM Data Breach

    WASHINGTON (September 7, 2016) — Majority members of the House Oversight and Government Reform Committee today released a comprehensive and documented report outlining their findings regarding the April 2015 Office of Personnel Management (OPM) data breach, which includes a confirmation that CyTech Services played a key role in identifying and responding to the intrusion that compromised 21 million sensitive government records.

    As the report indicates, at OPM’s invitation, CyTech demonstrated their CyFIR Enterprise digital forensics and incident response platform at OPM on April 21-22, 2015. Using CyTech’s innovative endpoint vulnerability assessment methodology, CyFIR identified, within 12 minutes, a set of unknown processes running on a limited set of endpoints. This information was immediately provided to OPM security staff upon detection and was ultimately revealed to be zero day malware that had been in place on the OPM network for more than a year.

    View the full press release.

  5. OPM Officials Returned CyFIR Enterprise Trial After Deleting Images from OPM’s Own Incident Response

    Sean Gallagher, in an Ars Technica article, states:

    Ironically, the tool that discovered the ongoing breach, CyFIR from CyTech Services, was never actually purchased by OPM. Though Seymour told Congress OPM had purchased licenses after a trial in a segregated test network, the tool was actually demonstrated on OPM’s live network, and no licenses were ever purchased. OPM officials returned the trial software after deleting images from OPM’s own incident response—images that included “more than 11,000 files and directories” of forensic data, the report noted.

    “Documents and testimony show CyTech provided a service to OPM and OPM did not pay,” the report found, noting that this violated federal law against accepting voluntary services.

  6. Committee Releases Year-Long Investigative Report Into OPM Data Breaches

    “In brief, we believe OPM violated the ADA when the agency retained and deployed CyTech’s software following a product demonstration, and never paid.”

    Press release from the House Oversight and Government Reform Committee available here.

  7. AEI Hosts Chairman Chaffetz Regarding Lessons Learned from the OPM Data Breach

    AEI hosts Chairman Chaffetz on September 7, 2016 at 8:30 AM Eastern as he comments on and entertains questions regarding the House Oversight and Government Reform Committee’s report on the OPM Breach of April 2015—the largest governmental breach in United States history.

    The video of the session will be offered live and later available for review at the AEI website.

  8. FCW Reports that CyTech Services Not Paid for OPM Breach Response—OPM Contractor “Not Allowed” to Discuss

    An article by Zach Noble of Federal Computer Week breaks the news that one year later, OPM has failed to compensate CyTech Services—a service-disabled veteran owned small business—for the work it performed during and following the discovery of the Office of Personnel Management breach after demonstrating its CyFIR Enterprise software platform at OPM in April 2015.

    It’s Cotton’s contention that OPM director of security operations Jeff Wagner issued an “emergency verbal purchase order” to him on April 22, 2015, and told him to work through prime contractor Imperatis to sort out the details.

    Last summer, then-CIO Seymour testified that OPM had purchased licenses from Cytech, but an OPM official told FCW on background that the agency had no records of such a contract, and that Seymour may have spoken in error.

    The Imperatis rep that Cotton said was tasked with the contract work, meanwhile, told FCW, “I’m not allowed to talk about that.”

    The full article is available on the Federal Computer Week website.

  9. Oversight Committee Chair Subpoenas OPM Director for Withheld Hack Documents

    Full text of the article available on NextGov’s Website.

    At the time of the January hearing, the panel was still missing facts [from OPM] on reports a contractor, CyTech, discovered the intrusion at OPM during a product demonstration.

  10. House Oversight Committee Challenges OPM’s Withholding of Deleted Evidence from CyFIR Enterprise Appliance


    During a House Oversight and Government Reform Committee hearing regarding document production on January 7, 2016, Representative Turner and Chairman Chaffetz challenged OPM about the potential evidence OPM deleted from CyTech Services’ CyFIR appliance used during the OPM Breach investigation.

    The link to the full video is here; the portion on CyTech’s involvement and the CyFIR Appliance runs between 01:03:05 and 01:12:00, as clipped here. (Note that video is in Flash format and might not play on all mobile devices.)