SOUTH CAROLINA GOVERNOR FIRES BACK AT CRITICS OF HER ADMINISTRATION – BUT CONTRADICTIONS ABOUND
S.C. Gov. Nikki Haley deflected criticism of her administration’s handling of a massive security breach – telling state lawmakers during a conference call on Monday morning that there was nothing her administration could have done to prevent the costly cyber attack.
“There wasn’t anything where anyone in state government could have done anything to avoid it,” Haley said of the unprecedented breach, which resulting in an anonymous hacker (or more likely, hackers) obtaining 3.6 million Social Security numbers and nearly 400,000 credit card numbers from the S.C. Department of Revenue.
Of course Haley then proceeded to tell nervous and angry lawmakers that prior “holes” in the system had been closed.
“All the information that was compromised as I told you Friday is plugged, is secure and is, um, safe and … so there are no more holes and anything that can be penetrated,” Haley said.
Take a listen …
(Click to play)
Hold up …
This doesn’t make sense: How could this hack have been unavoidable if Haley is acknowledging that there were holes in the system that have since been closed?
Hmmmm …
And more importantly … why were there holes in the system to begin with given the millions of dollars our state has spent on cyber security measures and training in recent years?
As reported exclusively on FITS earlier this week, Eastern European hackers with alleged ties to the Russian government are rumored to be behind the massive data heist – which has Team Haley scrambling to explain why it took so long for her administration to identify the problem and alert the public.
The hack began on August 27 but was not detected until October 10. The public was not notified until October 26 – a delay that was ostensibly in response to an international law enforcement operation aimed at identifying and apprehending the guilty parties.
Lawmakers immediately blasted Haley’s account of the breach.
“If it was not preventable how are all the holes closed as she claimed?” S.C. Rep. Leon Stavrinakis asked.
Good question.
The latest breach comes less than six months after another major security breach in Haley’s administration – the release of nearly a quarter of a million Medicare records from the governor’s Department of Health and Human Services (SCDHHS).
In addition to the contradictions regarding South Carolina’s cyber readiness, Haley’s administration is still refusing to comment on the status of the investigation into the perpetrators of the attack.
What do you think? Vote in our poll and post your thoughts in our comments section …
***
85 comments
Impossibly incompetent governor. Sitting on the information before deciding to hold a Friday afternoon press conference that left thousands with zero recourse for managing their situations. She should do the honorable thing and resign before she wreaks even more havoc on this state.
The Friday press conference held by Haley on a Friday was to deflect damage so everyone would forget about it over the busy weekend. And you can’t get through to the website and telephone number. She’s done nothing but caused panic over a damn weekend when you couldn’t do a damn thing about it. this is More incompetence as I’ve ever seen. The governor’s office should be closed down and send every one of her staff home without pay. This is absolutely nuts.
did this happen to each of the 49 other states? if not…how did they avoid it?
I bet that Haley witch and her staff were busy protecting her social and other personal info while the other 77% of South Carolinians continued to be exposed. I still can’t get on the website and te damn phone recording doesn’t help one damn bit. Then that stupid ass woman gets on TV and has the balls to tell us to be patient because we have until the end of January to protect ourselves. Where’s *Stimulus* when I need him.
I would agree but then McConnel would be in charge. Maybe the entire statehouse should just step down and let the counties run things for about 6 months
Let the counties run things? Including Lexington? No way.
Or Horry or Chesterfield or Allendale or ….
Fair enough but at least your vote has way more impact at the county level.
Even though the information was not forth comming it was not the administrations fault rather the IT department management and the network administrators fault. They are suppose to have the servers hacker proof and tested against any kind of breach before going live on the internet.
The Buck Stops where?
That’s only part of it. You have to make sure that ANY unused services/ports are disabled and that you are only allowing what NEEDS to be allowed and encrypting what should be encrypted. Virus protection and malware detection is mandatory and you must shut out compromised computers until they can be scrubbed. You need a good IPS to make sure you can see/stop suspicious traffic patterns.
The second part of it is to continuously update everything to the latest stable code. Servers, antivirus, security appliances, everything. What would also be helpful is to pay an outside firm to run test attacks to make sure you really are up to par with defending your network. Clean up firewall rules when servers are decommissioned.
Network security is a never-ending job and involves all IT departments.
“There wasn’t anything where anyone in state government could have done anything to avoid it, cause I said so and I’m an expert in everything-so now it’s time you all shut the fuck up.”
Geeee….. isn’t that a little harsh?
Haley sets herself up for these attacks through her continuing poor attitude and impulsive responses to fair questions. I agree with your “harsh” criticism.
Has anyone heard if entity tax ids were compromised? The State is offering no information on this and apparently no help for small or any size businesses whose tax id or even bank account information may be at risk.
She is a stupid ugly bitch!
Actions to take:
1. For next 15 years the state of SC should make restitution to anyone who can prove that their identity was stolen, their finances & credit history was damaged as a result of this fiasco
2. Immediately STOP using SSN’s as identification on tax returns. The state should issue random computer generated taxpayer ID and MAIL it to them or even allow taxpayers to stop by the county courthouse to pick up a randomy generated tax ID number.
3. Phase out the BS income tax (it now takes me LONGER to complete my SC tax return than federal 1040 short version) & replace like the systems in Tennessee,Florida and other states that do not have an individual income tax
4. Kick Queen Namrata out – Which is unlikely to happen because the wench will NEVER admit to making a mistake like the rest of her ethnic heritage do every time they fuck up.
When was the last time you ever heard an Indian (NOT Native American) in a professional postion say: “I fucked up – my bad”????
NICE. We support the immediate implementation of your recommendations.
-FITS
2. Immediately STOP using SSN’s as identification on tax returns. The state should issue random computer generated taxpayer ID and MAIL it to them or even allow taxpayers to stop by the county courthouse to pick up a randomy generated tax ID number.
Question. Does any state Department of Revenue currently use this system? Sounds like a good one. Have a different one generated every year, too, so that even if someone manages to get one year’s code, they can’t fuck you over next year.
FITS:
Thank you for your comment. It is an honor (I think – LOL!!) to get a personal response.
The people of South Carolina (and other out of state citizens who have to turn in a SC tax return and will be affected the same way – they are just as affected as SC residents) need to contact their represenatives and let them know that we will not stand for just a pittance of making up for the gargantuian (“I always wanted to use that word in a sentence” = Daryl Hanna in Kill Bill II)fuck up that this could turn out to be.
One year of free credit checking???
REAL changes and restitution for the innocent MUST be made!!!!!
We are REQUIRED to submit our SSN’s by the state of South Carolina and the state of South Carolina is responsible for this fuck up and should make it right.
If FITSNEWS wants to organize a rally at the statehouse,I’m there and will buy Smirks,you, and like-minded types a beer afterwards.
BTW, I tuned into Russ Cassell (the King of hyperbole) this morning and not much was made about it except giving out the numbers, etc.
He carries Queen Namrata’s water just like he did for Mark (“the shirker”) Sanford.
My wife works for an insurance company and has a home office.
EVERY day she gets randomly generated symbols/numbers on a “thingy” that looks like a key fob which allows her to sign on her company issued computer. She can’t access her company’s website without it.
Been that way for a number of years.
The real problem here that could have been avoided and IS the IT people’s fault is that none of the information should have been left unencrypted. Encrypting all information should be done first thing and automatically. Especially SSNs and credit card and bank information. It is criminal to not have that info encrypted. Everyone at DSIT should be charged with criminal negligence.
DSIT? I thought SCDoR has their own network team. Am I mistaken here?
You may be right Smirks. I wasn’t sure if DoR kept their own separate servers or they let the DSIT maintain them.
In any event my point is still a valid one. SSNs and bank info should be encrypted. Always. No matter how secure you think the servers are.
…an unbiased response:
1) she is going to “buy back” the data? I don’t think so.
2) all of the legislators’ (and their co-conspirators) info that was hacked and was reported on tax returns will have them sweating their balls (or appropriate anatomical body part) off.
3) a good examination of the data could tell an interested party some juicy stories.
Good luck to you all.
No, Interpol was going to buy back the date with no SC money??? Now that makes sense.
Also, let me understand, I have stolen your SSN, you agree to pay me money not to give it out, and you trust me to live up to my agreement? Now that makes even more sense.
I imagine they are going to use the “payments” to catch the criminals and jail them. However, you better get them all in one fell swoop or else you miss your opportunity to get them all. Failure could result in retaliation by this “syndicate” via publicly releasing SSNs on the internet.
I have zero faith that we can fully stop the dissemination of these SSNs. Better to be pessimistic in a situation like this.
“Vat can you do”?
I wish I had a dollar for every time I’ve heard an Indian (NOT Native American) say that…………………
That is their standard answer for every problem.
So 77% of all South Carolinians were allowed to remain exposed to ID theft for more than two weeks so international law enforcement could catch the culprits? So, where are the bad guys?
The Governor elected to let us “pay” for this extra two weeks of law enforcement, taking place in a jurisdiction on the other side of the world, so the bad guys could be caught.
Well, show SC the bad guys in cuffs. We paid for it with our ID’s, bank accounts, credit and savings!!!
Unfortunately, there are no bad guys in cuffs. Unfortunately, the bad guys were given valuable extra time to perpetrate their crimes on South Carolinians for nothing in return.
The Gov should know better; and I think she does. She waited because her and her cronies were more worried about their own political preservation than the financial well-being of 77% of all South Carolinians.
Utter incompetence layered on top of bad morals and values results in these types of decisions.
Eveyone needed the time to memorize their story. Can’t have everyone not on the same page.
When Boy?
That’s a good point.
Sounds EXACTLY like the “Fast & Furious” rationale US Congressman Trey Goudy and all the far right have been getting a hard-on for months bitching about….letting a crime go on so they can catch the crooks………
What a bunch of F**king BS
And for Queen Namrata to say “there’s nothing we could have done about it” is truly,utterly incomprehensible!!!!!
I mean this with all seriousness: That is about the most callous thing I have ever heard a politician say.
That’s just another lie Queen Nimrata has told to cover her a$$.
“All the information that was compromised is safe”.
Ohmygod. We’re all screwed.
+1
This dovetails nicely with my personal theory that any gov’t press releases made should be considered lies if you want the most accurate outlook on the reality of any given situation gov’t is involved with.
Was no one suspicious back in January when the DMV computer system was being attacked/hacked that other big critical systems might be vulnerable? Why weren’t SSN encrypted? Is our IT workforce too small or too ignorant? Can’t we pay them more and get employees who know what they are doing? Don’t you worry about what other data set about you are out there with the back door open and waiting to be exposed or stolen…Health records, school records, insurance records, both public and private?
As a victim of identity theft I expected Gov. Haley to be more aware and prepared. Unfortunately I’m not surprised by the level of incompetence. Is there NO GROWN UP working in the Gov’s Office?
The hacked data is like a fart —-once it is out it’s gone!
It took two weeks to get their stories together. Except for Nikki… he comment that “nothing could have stopped it” means that according to her twisted thinking nothing can be done now or in the future to stop it from happening again. WOW!
“The hole that was penetrated is now plugged?”
Will, Larry, Mike, Earl, Nate and God knows who else will be sorry to hear this…
What will Gov Glen actually be like.
Time to start thinking this all through.
Has anyone thought about how much money Experian is going to make on this fiasco. Not just the first year the state is paying for the potential 3 million + new accounts, but the continuing services those people will need to buy from Experian after the first year; since one year of monitoring is not nearly enough.
Maybe we need to look for kickbacks.
I hope we were able to at least negotiate a great deal on this cost, partly due to state government paying for it and partly due to the sheer bulk of customers. That’s probably the only silver lining here, because once the first year’s up they’ll expect you to pay full price.
I’m sure Nikki Haley’s imaginary masters degree in Computer Science, numerous non-existent network security certifications, and years of experience in IT in her dreams makes her extremely qualified in saying there was “nothing they could do.”
Which is exactly why they fired that one guy anyways. Nothing they could do about that either, amirite?
Could it be that someone just wanted to get the information for her, her family, Exotica, and the Temple? Perhaps they reneged on an IOU.
Nikki Haley is an idiot – it is somebody’s fault – hers. This Breach could have & should have been prevented-its called encryption & anybody responsible for servers knows this. Just about every company in the private sector encrypts social security numbers. If they didn’t – Heads would roll. That is a violation of Sarbanes-Oxley. This should have never happened in the first place if she had decent IT people. I want more than one year of protection – 5 years from now if someone steals my social security number – I am going to sue the hell out of SC and it WILL be Nikki Haley’s fault. Bet these people don’t answer the phone Its a great day in SC!!
I think the DOR should be investigated (Inspector General … yeah right!) in all of their IT systems. I have heard that they have spent up to $8M for systems over the last 5 years that did not work and had consultants on site for up to 7-8 years producing nothing. Money up a wild hog’s ass.
What information was really taken? On my return I don’t only have my Social Security Number, but I show my bank for interest earned, stock transactions, I have two rental houses, and have written personal checks to them. How exposed am I? Nothing being encrypted? Come on!
This is one agency that has been mismanaged for nearly 15 years since the Hodges administration. Out of everyone there, the Deputy Director (TERI re-hire I’ve been told) has been there throughout. Nothing happens without it going through this guy and the Director.
Two resignations need to happen immediately.
Parse her statement carefully:
“There wasn’t anything where anyone in state government could have done anything to avoid it,” (emphasis added.)
If the DOR contracted out any of its systems, then that statement might be technically true.
I believe that she is extraordinarily adept at hiding the truth, and this is just another example. She might even believe it herself.
Yep,
Queen Namrata makes “ole” Bill Clinton look like an amateur
In order to persuade others of your lies, you must first persuade yourself.
Pathological lying is a form of mental illness. She cannot help herself. If her family really cares, they will get help for her.
Again,
“Vat can you do”???
They are wired different and will NEVER admit to a fuck-up or take blame for a damn thing.
Look how long it took to settle Bopal……
Wonder how much she received from the “hackers”? Offshore, baby, offshore.
She was grinning like a mule eating briars at the initial press conference for this. HUUURRRRLLLL….
No one but you and me know what that phrase means. Nobody else done ever see that.
Tain’t so – I’ve been behind that Mule when he grins… and when he farts, also.
“The industry standard is most Social Security numbers are not encrypted. A lot of banks don’t encrypt,” Haley said. “It’s very complicated. It’s very cumbersome. There’s a lot of numbers involved with it.”
heraldonline.com/2012/10/29/4371816/haley-briefing-media-on-hacking.html
B-but, other people don’t encrypt it either!
Haley called the hacker a “sophisticated intelligent criminal” and said the way he obtained access to the tax returns was “unbelievably creative.”
I wonder. Makes me question what vulnerability was exploited here.
Investigators found evidence of several attempts to hack into the Department of Revenue systems over the past few months. The first occurred in late August followed by multiple attempts in September. It is believed that data was obtained for the first time during one of the September attacks.
techspot.com/news/50638-hacker-steals-36m-social-security-numbers-from-dept-of-revenue.html
“On October 10, the S.C. Division of Information Technology informed the S.C. Department of Revenue of a potential cyber attack involving the personal information of taxpayers,” he is quoted as saying in the official statement.
…
Following the initial consultation with law enforcement agencies, the Department called in an outside security company, Mandiant, to consult on the investigation. In the days following, it was discovered that the system had been breached four times in September, and once in August; by October 20, the vulnerable pathway had been identified and the system secured – but by that time, it was too late.
digitaltrends.com/web/hackers-break-into-south-carolina-govt-database-release-3-6-million-ssns/#ixzz2AifYqzE4
So we don’t know what type of vulnerability was exploited, only that it was exploited on multiple occasions, and the data was stolen during the later attacks. Apparently DSIT notified SCDoR of a problem being present, they got an outside consulting firm to locate and fix the problem.
Not sure if we’ll ever get 100% of the scoop here, but it looks pretty bad. “Nothing could be done?” Sure thing boss.
Also, I had to laugh at the “There’s a lot of numbers involved with it.” I can only imagine a crack team of a hundred CIA workers furiously punching numbers into a calculator trying to encrypt sensitive information by hand. Encryption slows things down, true, but come on.
This has Ted Stevens written all over it. “It’s a series of tubes!”
I call BS — State Group Insurance issues an “encrypted” BC/BS number, but if one is Medicare, the SSN is usd\ed. No point in making retired state employees vulnerable.
Maybe she will better explain it to Greta on FOX.
What if we were not hacked? Just because we were told, does not make it true. Maybe she just found a way to make money for the credit monitoring agency and get a kick back for herself. Just like the pageant disqualification never really happened.
You folks hate Nikki but forget that Clinton sold the Chinese encryption to a lot of our data. They also hacked our National Security and no telling how much more they have hacked that hasn’t been reported. You being uniformed is exceeded only by your hatred for Haley!
No one here went to get their credit monitored because of something Clinton did a long time ago. You’re giving a piss poor defense of Haley by trying to change the subject.
Haley can redeem herself just a little by being honest and doing what is necessary to ensure this will not happen again. Instead, we’re getting excuses as to why we aren’t encrypting shit and explanations that we couldn’t do anything even though we closed loopholes in response to this.
This http://www.protectmyid.com credit-monitoring “solution” is dumb, even by SC standards — when you sign up for that stupid credit monitoring, you’re
1. updating experian’s databases so they can sell your info to their customers
and
2. getting on their promotional lists.
Don’t believe me? Read their “privacy” policy:
http://www.protectmyid.com/privacy/
This administration is run by buffoons. Some sales rep at Experian will probably get a new yacht or lake house outta this.
Buying back hacked data is the same as buying back virginity
Cross your legs, honey.
Ok…the Governor says there is no need to worry about calling in right away. We are covered “retroactively” as long as we call by 12-31-12. Ok…so if someone’s stealing my identity NOW…..I should not be concerned??? Right, I am a little more worried about my investments than my state income tax return!!!
Everyone seems to be concerned with Haley’s treatment and actions since the hacking was discovered. I am more concerned with how it happened, and what barriers did the DOR have in place.
Apparently next to nothing. This is a Cabinet Agency and everything goes back to the Director and the top people there, then to the Governor. There is nothing good that happens that she doesn’t want to take credit for, but we are to believe that there was “nothing anyone could have done” to prevent it when things go bad?
These people are making over $100,000/year (and have for 15 years)and will wind up costing this state Hundreds of Millions to monitor citizens’ credit!
It’s time to get the broom out at DOR. It probably should have been done years ago. Of course Haley would staff it with young attorneys, so that probably wouldn’t help.
There were obviously poor safeguards in place! Probably didn’t want to spend the money.
What is the deal with the Programmer III who was reportedly cashiered a few weeks ago at DOR? Can that be coincidental?
Get excited! The Gov just deflected the heat with some PR bullshit: Haley has issued a gubernatorial proclamation designating Monday, October 29, 2012, as “Marcus Lattimore Day” …
Sorry, it’s too soon to promote this poor kid to sainthood. Hope he heals and gets his dream, but now isn’t the time for this…
Nimrata – South Carolina’s answer to Nero.
No clue. I read that on this site on Friday (wire I believe) before the announcement later that day. Something about kickbacks from purchases or something.
I’m sure the ones in charge at the agency are looking for a way to blame someone. From what was written about this guy Friday, he sounds like a real prick.
After the announcement on Friday and the update today, it sounds like they all are.
Nikki Haleywill have no serious opposition in the Republican primary
And will be easily re elected in the General election
Because South Carolinians don’t like Socialism
And we all know the Democrats are a bunch of Socilaists
She wasn’t easily elected the first time; now, in the past two years, she has pissed off the Tea Party and a good number of people THAT DID cast a ballot for her. You’re crazy to believe she’ll have any chance next election.
Do you by chance have a living will? I volunteer to pull the plug on your ass.
“You folks hate Nikki but forget that Clinton sold the Chinese encryption to a lot of our data. They also hacked our National Security and no telling how much more they have hacked that hasn’t been reported. You being uniformed is exceeded only by your hatred for Haley!”
You are computer-illiterate or you would never have made that post since it’s utter gibberish. Kill yourself before you waste more oxygen.
A sysadmins job is to secure their systems and monitor them, including intrusion detection. The PRECISE details should be published because the black hat community already knows them, but the public deserve to. More systems can be secured if vulnerabilities are disclosed, and it can be determined WHO fucked up and why.
The sad part is that DSIT had to notify DoR of the issue. This means an outside agency picked up on suspicious activity before they caught it themselves. Now I imagine DSIT does provide some things to DoR, but it sounds like DoR handles their own stuff since they contacted law enforcement themselves as well as their consulting group that plugged the hole.
If DSIT has to monitor all kinds of agencies’ traffic and was still able to notice suspicious traffic before DoR, that is fucking scary. The databases should have EXTREMELY limited access to the Internet, both in and out. They should be checking logs religiously. Who gives a shit if One Horse Town Federal Credit Union doesn’t encrypt some data, screw those banks! Encrypt everything that could hurt citizens if released, period.
This seems to be a systematic failure of whatever joke of a system they have in place. It is embarrassing. And yes, until they give us full details, I don’t buy for a minute that this couldn’t have been avoided. Lets get this fixed so at least future generations won’t get screwed as well.
Does anyone know the daily whereabouts of Nikki Haley from October 10 to today? I wonder where the hell she was during all that time.
If she had proof that her administration had been focused on cyber security she would have shown it by know. There would be emails and letters and reports.
Where are they?????????????????????????
They don’t exist. it is just another lie.
girl’s got a bright future in the show: “There wasn’t anything where anyone in state government could have done anything to avoid it”.
that’s the sound bite of a big leaguer, right there. surprised she didn’t add “we just have to take ’em one day at a time”, or “…good Lord willing, things will work out”.
this is why people hate politicians.
i am beginning to thing I cant trust NIkki Haley.
The comedy side of this whole issue is that the SCDOR moved its location to Bush River Rd off of I-20. This new site is a stones throw from SLED’s cyber computer office also located on Bush River Road and I-20. You have to wonder if the exposure exisited during the move and at least opened the hole for exposure during the transfer of the servers. Someones head should roll for this.
Good thing is SLED can walk to SCDOR to investigate this.
‘Rata has called in the feds to help her with this mess. Just as she did with Transportation, Medicare and Unemployment.
Keel and Haley looked like two deer in headlights everytime someone asked a question. It was easy to tell the two of them didn’t have a clue.
In the picture of Haley accompanying this article, is that a drop of jizz on the side of her face?
Dammit Will, this is serious business. Our financial stuff may be in danger and there you go squirting on her again!
;-)
Had all my first cousins to my house for reunion Saturday. They ALL voted for Nimrata.
I had a perverted sense of glee as they bemoaned their vote.
Like!