This is unsettling, given the apparently slipshod approach of Trump’s administration towards national security in the past. Apparently they’ve attacked other US sites as well, and of course denied it.
Though I’m a little underwhelmed by what they did here. Accessing some workstations and unclassified documents? This is the Treasury Dept not NORAD, what’s the worst that could possibly have come of that? This seems like the kind of thing a teenager might pull.
Maybe there is more that has not been made public and maybe they were caught before they could do anything more serious (hence why the US government is making such a big deal of it, as it makes them look good). But this does not seem like a terrifying cyber warfare incident to me.
Thankfully Trump is going to replace the dollar with meme-coins and, as we all know, there is no securer currency!
Obviously the US Treasury would be a primary target. Look up Willie Sutton if you want to know why.
That’s true-it’s probably a probe more than anything else.
A lot of potential damage here. Yeah, at best nothing much. At worst, gaining access databases and accounts not just within the federal government but financial institutions all over the country. Worst case? Deleting accounts and zeroing out account balances. Yeah, backups would restore the data, but when? Until then, your bank has no money, you have no money, no functioning ATMs. In effect, a freeze of all financial transactions. It doesn’t matter if everything is restored 100 perfect (never happen), the damage will be done. How much cash do you have right now? Can you pay to feed your family for a week if the financial systems are down? And that’s just part of Treasury. Bad actors tried to find the weakest link, and from there tunnel to other government agencies. Let the dominoes fall!
The feds really don’t like secrecy and encryption. They want backdoor access to everything. Yet what’s been going on is so bad even the feds are telling ordinary citizens your own communication have been compromised for a while you should be using the Signal app. Why the U.S. government is saying all citizens should use end-to-end encrypted messaging
Why? Encrypted communications with family and friends? Why? Because your communications are captured, analyzed, mixed with other data and baked at 350 degrees for 15 minutes. Bad actors put together enough data from benign users they can find who holds the keys to the pots of gold, be they financial, infrastructure, even military. Think Stuxnet where water systems, power supplies, telecommunications just stop.
Yeah, there are firewalls in place. Yet, so many people who hold access keys don’t take security that seriously. Just look at social media. How many times do you read some ordinary person is complaining they’ve been “hacked,” whatever that means. Multiply that by several million, and within that group some lazy asses with jobs with real access to real allegedly secure and and sensitive systems.
As a fed, I have a PIV card. That only gets me access to my computer, for starters. From there, every account access to whatever I do during the day requires that same PIV card, plus logging into each account or server with a specific username and password. My passwords are all at least 16 characters, each must be changed every 30 days, each with a mix of ASCII characters with no dictionary words. Every access I make is tracked and logged. I’m no longer allowed to use my government cell phone to talk with colleagues and share anything sensitive. All must use encrypted communications.
So the feds announced Treasury has been “hacked.” Why tell us? Because it’s what they are not telling us that’s critical. It’s not telling us the real why they are telling us that’s critical. It’s less than half the story the feds tell people to use encrypted communications even when communicating with family and friends. Sure, jut being paranoid. Nope, it’s far more than that.
For us non-Fed people, PIV is a Personal Identity Verification card issued by a Federal agency.
(When I was in IT and dealt with vendors, one of my biggest complaints was their use of acronyms unfamiliar to most people outside of the vendors’ area of expertise.)
IT, the Federal government, and telecom suffer from TMAS… Too Many Acronyms Syndrome.
AT*.
*. Aviation too.
I don’t think you’re being paranoid at all. I am employed by a company that does a lot of contract work for the government. Currently, I am on a project for welfare. People call in and I help them apply for or renew foodstamps and/or medical assistance from the state. When I first started, I was on a project for Pennsylvania Unemployment. It was terrible. I was briefly on a project for the Defense Manpower Data Center. Before any of us could start on that project, we underwent minor background screening. I had to visit a military base and get a CAC card. I was issued a USB card reader. If my CAC card was not in the reader, I was automatically logged out. We also had to watch a bunch of security training videos and take tests at the end of the videos. All this was for an excedingly minor level of security clearance. Just as you said, the videos stressed that most problems were not the result of some leet hacker. They were the result of loading unauthorized programs and apps onto official computers or phones. They were the result of leaving yourself signed in, or leaving information where it was easily visible. They were the result of holding the door for somebody instead of closing it behind you and making them use their own badge for entry.
I was demoted from the Defense Manpower Data Center. I miss the higher pay. I miss the sense that I had been entrusted with a great responsibility. I do not miss the faster pace. I do not miss having points taken off for not wanting to waste the time of veterans who called in by asking them survey questions at the end of every call.
Sorry. I’m so used to TLAs, and FLAs. 
TLA - Three Letter Acronyms.
FLA - Four/Five Letter Acronyms.
WTFIT - What The F*CK Is This?
Wouldn’t that be the Federal Reserve and not the Treasury Dept?
Everyone already knows who holds the keys to the pots of gold. That’s completely public knowledge. You need more than that to do damage.
I’m not really sure what we should take away from this. They tried to do damage and failed? I’m not going to panic because they tried, because of course they tried. And of course I’m not going to panic because they failed.
In any context where this is actually a danger, there needs to be more security than just telling people not to hold the door, because at busy times (like in the morning when everyone is coming in to work) everyone’s going to be going through an already-opened door. If that’s a problem, then you need mantrap door pairs manned by a security guard who will only open the inner door if the outer door is closed and there’s only one person in the trap, or something like that. I know that that level of security is actually in place in some places, but anywhere that it’s not, you just have to accept that it’s possible for unauthorized people to get into the building, and don’t rely on the doors doing anything.
The FED manages the economy (policy), but Treasury has the keys to the accounts.
We were told they failed. We have no empirical evidence they actually failed.
I thought it was the Fed that dealt with banks and Treasury dealt with the Fed.
But if you don’t trust the govt to be upfront, then we have no empirical evidence of an attempted hack, either.
Depending on the specific agency, I suspect the feds might also be a bit more nervous than usual with the new series of banknotes that are finally supposed to start printing in 2025 and releasing in 2026. I doubt they want even the possibility of a new “superdollar” counterfeit to hit, even if it’ll be another decade before the new $100.
Of course, after the successful hacking of OPM a decade ago, anything could seem possible.
There are lots of things Feds do and know that cannot be fully shared. Maybe in time, but not always. At the same time a lot is shared. And some of it is hidden in plain sight. You just have to connect the dots.