I am regularly baffled at how bad government IT infrastructure can be
I’m not surprised in the slightest. The politicians and managers in charge of said gov systems are usually of an age that have no idea the basics of how technology works, let alone infosec importance. It’s then contracted out to the lowest bidder on deadlines that wouldn’t permit proper hardening anyways. It’s not even a US specific issue, Australians deal with this dumb fuckery regularly.
Then you get some piss poor public apology, someone gets thrown under a bus, and the cycle repeats ad infinatum.
Iirc: It’s because the government contracting is an arcane bureaucratic nightmare of a process that benefits firms who’s business model focuses on navigating the system over firms that focus on performing competent work.
Reminds me of big corporations, most of the time. My personal identification has been leaked or compromised by dozens of companies - some multiple times.
People also tend to underestimate the scope of something as large as the government. The US government is not just the biggest employer in the US, but is the largest by almost a factor of 2 (2.9M to WalMart’s 1.6M). It’s been around longer than basically any corporation in America, and was often on the cutting edge of IT, which means the number of legacy systems involved in anything is an order of magnitude larger than any private entity. Throw on the pile that many government systems are consider life or safety critical and cannot be taken offline very frequently for maintenance (ATC, military, food and health services, etc) and that they are often delicately intertwined with other systems (gotta make IRS talk to BLM for ranchers, for example) and the “simple” process of upgrading becomes a quagmire very quickly.
Not to mention that the US has a fixed scale of pay, and the IT salaries you see at most large tech firms would not be tenable to the governments bill payers (aka you and me, as represented by 535 men and women who need to be re-elected every 2/6 years).
Oh yeah, corporate IT is often (but not always) a dumpster fire.
Is this even news anymore? What don’t they have by this point? It’s the digital equivalent of opening the refrigerator, seeing nothing new/interesting, closing it, and immediately opening it again.
How is this not an act of war?
Probably the US does it too.
Do people have such short memory? The US does it, yeah, it was a super major scandal years ago. Spying not just on “enemy” states but also supposed allies, as well as all citizens all over.
That’s not good at all but sadly I am not surprised. Gov’'t does a lot of stupid shit.
Isn’t this like tantamount to a declaration of war?
Not really? Every country is spying on every other country. It’s just a big failure on our end.
If you ain’t spyin’, you ain’t tryin’.
Nah, only because everyone is doing that to everyone else that they can, china is an particular target for the west at large. War declaration would be any attacks on infrastructure and production. Then there’s skin in the game and you can’t say you were just looking.
Beyond the “the US does it too, non-responses”, it’s very unlikely we have solid proof the group that hacked the state department was directly linked the the Chinese Government. Were they? Probably, but you don’t burn diplomatic bridges on possibilities.