This page has been archived and commenting is disabled.

BLS Seeks To Hire IT Specialist To Prevent Hacking And Data Leaks

Tyler Durden's picture




 

Whether or not this is a direct result of the Snowden whistleblower affair is unclear, but the following BLS job posting just hit the tape. In brief: suddenly the Bureau of [insert favorite L and S words here] is just a little concerned about the "proper security and unauthorized disclosure" of its data and making sure it is not "vulnerable to purposeful denial-of-access or alteration by unauthorized persons." The right candidate will "participate in network and systems design to ensure incorporation and implementation of appropriate systems security controls and policies, which ensures the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools."

So we wonder: will the next whistleblower to emerge be from the BLS, and just what tidbits of ARIMA-X-12 "seasonal adjustments" will they unleash upon the world?

We are confident at least one of our computer savvy, if temporarily unemployed readers, would be delighted to provide their skillset to the BLS.

From the BLS:

  • Job Title: IT Specialist (INFOSEC)
  • Department: Department Of Labor
  • Agency: Bureau of Labor Statistics
  • Job Announcement Number: DH-13-BLS-OT-110
  • $74,872.00 to $97,333.00 / Per Year

Opportunities are Open! Begin a challenging career with the U.S. Department of Labor (DOL), and you will help shape the workforce of tomorrow. DOL offers rewarding opportunities to contribute to a noble mission; to serve and protect American workers, prepare them for new and better jobs, and to ensure the safety and fairness of American workplaces.

The Department of Labor values its customers. Every DOL employee is responsible for delivering good customer service through accurate, courteous, efficient and effective transactions.

DOL seeks to attract and retain a high performing and diverse workforce in which employees' differences are respected and valued to better meet the varying needs of the diverse customers we serve. DOL fosters a diverse and inclusive work environment that promotes collaboration, flexibility and fairness so that all individuals are able to participate and contribute to their full potential.

The Bureau of Labor Statistics (BLS) is the principal fact-finding agency for the Federal Government in the broad field of labor economics and statistics. The BLS is an independent national statistical agency that collects, processes, analyzes, and disseminates essential statistical data to the American public, the U.S. Congress, other Federal agencies, State and local governments, business and labor. The BLS also serves as a statistical resource to the DOL.

This position is located in the Department of Labor, Bureau of Labor Statistics, Office of Technology and Survey Processing, Division of Network and Information Assurance.  The Division of Network and Information Assurance (DNIA) is the lead authority within the BLS for ensuring computer systems owned and leased by the BLS, and the data stored or transmitted thereon, are properly secured from unauthorized disclosure and are not vulnerable to purposeful denial-of-access or alteration by unauthorized persons.  This division also serves as consultants to Bureau personnel in the development, operation, and maintenance of computer systems to ensure that they are developed and operated according to policy and with regard to the most recent security guidelines available in the field of Information Technology (IT).

 

DUTIES:

Duties may include but are not limited to:

1. The employee participates in network and systems design to ensure incorporation and implementation of appropriate systems security controls and policies, which ensures the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.

2. The employee investigates breaches and improper use of BLS computer systems; including, as appropriate, the gathering, analysis, and preservation of evidence, as well as the development and implementation of necessary countermeasures.

3. The employee participates in the execution of annual third-party security assessments.  These assessments typically include the use of external experts in the field of IT security in auditing key components of the Bureau’s environment to ensure that they are configured in compliance with Federal statute and regulation.

4. The employee serves as a leading BLS technical authority/resource for IT security by providing sound guidance, comment, and advice at internal and external settings of various types, including conferences and intra-agency groups.  In addition, the expertise is used in ensuring the organization’s review of all BLS proposals for new and modified IT systems and procedures to ensure and certify their adherence to required IT security requirements and best practices in the ever changing IT security field.

5. The employee assists division management in their efforts to prepare IT security policy by performing discrete tasks associated with the overall policy development process, such as evaluating and recommending adoption, non use, or use with modification of new or enhanced approaches to the operation of BLS IT systems.

6. The employee participates in the performance of security compliance reviews, risk and vulnerabilities assessments, audits and/or reviews of planned and installed IT systems to identify vulnerabilities, risks, and protection needs; and, engages in and individually investigates security infractions and incidents, such as attempted penetration of BLS systems by unauthorized parties when it includes assessing security events to determine impact and proposes corrective actions.

 

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Tue, 06/11/2013 - 09:26 | 3645623 THX 1178
THX 1178's picture

Bureau of Leakable Statistics?

Tue, 06/11/2013 - 09:29 | 3645641 Joe Davola
Joe Davola's picture

"best practices" aka - just enough to cover our asses and claim 'but everyone else does it this way'

Tue, 06/11/2013 - 09:32 | 3645655 espirit
espirit's picture

Seems to me that the data has been "jacked" for some time now.

Can't let the truth leak, can we?

Tue, 06/11/2013 - 09:38 | 3645682 SheepDog-One
SheepDog-One's picture

P.S.- Must have experience with Anonymous hacking techniques.

 

Tue, 06/11/2013 - 09:44 | 3645722 malikai
malikai's picture

I suspect the "external" bonuses will make up for the salary shortfall of said position.

$97k for a solid infosec cat is pence.

Tue, 06/11/2013 - 10:15 | 3645884 gmrpeabody
gmrpeabody's picture

I would imagine that anyone who's home computer background check reveals considerable time perusing ZH, probably would find themselves rejected before the interview process.

Tue, 06/11/2013 - 09:59 | 3645788 smlbizman
smlbizman's picture

a sample question on ap.

1) 1+1=

     a) 7

     b) 5

     c) 19

    d) all the above

Tue, 06/11/2013 - 10:16 | 3645890 gmrpeabody
gmrpeabody's picture

e) 11

Tue, 06/11/2013 - 10:55 | 3646077 giggler123
giggler123's picture

Dr Bernanke is pleased to show you he's created some jobs.  Now I know a certain chap currently in Hong Kong who could do with the job but its a bit a pay drop.  On the plus side he has a good history with this sort of thing...

Tue, 06/11/2013 - 11:16 | 3646158 AlaricBalth
AlaricBalth's picture

"a sample question on ap.  1) 1+1="

Answer: e) What would you like it to be?

Tue, 06/11/2013 - 12:36 | 3646484 TheFourthStooge-ing
TheFourthStooge-ing's picture

.

a sample question on ap.

1) 1+1=

Correct answer: Cannot be determined without knowing both the month from which the value of '1' is sourced and the month during which the '+' operation is performed.

Tue, 06/11/2013 - 20:10 | 3648482 StychoKiller
StychoKiller's picture

How many birth/death modelz hiding under the '=' sign?

Tue, 06/11/2013 - 09:30 | 3645647 Meme Iamfurst
Meme Iamfurst's picture

 

 

HAHAHAHAHAHAH...it is all made up anyway, so who needs them?

Tue, 06/11/2013 - 09:34 | 3645662 francis_sawyer
francis_sawyer's picture

They need a gatekeeper to insure that the REAL data never gets made public...

Tue, 06/11/2013 - 09:57 | 3645774 kralizec
kralizec's picture

We need a sapper to take the job.  ;)

Tue, 06/11/2013 - 11:14 | 3646148 francis_sawyer
francis_sawyer's picture

Mess with the best... DIE like the rest...

Tue, 06/11/2013 - 10:18 | 3645900 sgorem
sgorem's picture

Bureau of Lies & Spin

Tue, 06/11/2013 - 09:27 | 3645624 BandGap
BandGap's picture

Sign me up, I have a great imagination.

Tue, 06/11/2013 - 09:32 | 3645656 Meme Iamfurst
Meme Iamfurst's picture

Yes, but can your imagination leak in micro-seconds?????? 

Tue, 06/11/2013 - 09:37 | 3645674 BandGap
BandGap's picture

I can stream leaks, watch me.

Tue, 06/11/2013 - 12:38 | 3646492 TheFourthStooge-ing
TheFourthStooge-ing's picture

.

I can stream leaks, watch me.

...and can write my name in the snow.

Tue, 06/11/2013 - 09:27 | 3645627 unwashedmass
unwashedmass's picture

oh please. we know they purposely leak it to the investment banks, and all other interested parties. hiring one more drone is hardly the window dressing this (yet another) bit of corruption needs. 

Tue, 06/11/2013 - 09:34 | 3645629 Mercury
Mercury's picture

The employee investigates breaches and improper use of BLS computer systems;...

So, the BLS has at least one computer now - not just a fax machine? If it weren't for this one sentence I wouldn't even be so sure of that.

Tue, 06/11/2013 - 09:35 | 3645667 insanelysane
insanelysane's picture

The have a DOS computer running Lotus 1-2-3 with a track feed impact ribbon printer.

Tue, 06/11/2013 - 12:40 | 3646503 TheFourthStooge-ing
TheFourthStooge-ing's picture

.

The have a DOS computer running Lotus 1-2-3 with a track feed impact ribbon printer.

The new hire's first project will be to replace those old daisy wheel clunkers and move the bureau forward into the dot matrix era.

Tue, 06/11/2013 - 09:37 | 3645678 pods
pods's picture

Throw in my old D&D dice for determining metrics and that should round out their technology.

pods

Tue, 06/11/2013 - 12:41 | 3646511 TheFourthStooge-ing
TheFourthStooge-ing's picture

.

Throw in my old D&D dice for determining metrics and that should round out their technology.

You get additional paid vacation for every critical hit you score.

Tue, 06/11/2013 - 09:28 | 3645635 ImReady
ImReady's picture

I have limited IT skills but I think I am up to the task. Where do I send my donation to Obama to secure my position?

Tue, 06/11/2013 - 09:30 | 3645648 insanelysane
insanelysane's picture

Winning the caddy tournament will give you a leg up.

Tue, 06/11/2013 - 09:35 | 3645669 TeamDepends
TeamDepends's picture

Being handy with a reach-around wouldn't hurt either.  Nor would having access to top-grade choom.

Tue, 06/11/2013 - 09:29 | 3645638 gamera9
gamera9's picture

Already applied do I have a 15 nano second advantage

Tue, 06/11/2013 - 09:29 | 3645642 Uncle Zuzu
Uncle Zuzu's picture

7. The employee participates in the embellishment of employment data in periods preceding national elections.

Tue, 06/11/2013 - 09:31 | 3645645 Yen Cross
Yen Cross's picture

    Who's hacking the BLS? I thought it was all 'Reuters' fault. /s

Tue, 06/11/2013 - 09:33 | 3645660 NoDebt
NoDebt's picture

Is there some reason they can't just put it into an envelope, walk out at the pre-appointed time and READ it?  Publish it on the website 15 minutes later.  No more news-reading bots and algos to worry about.

Oh, no.  Couldn't do THAT.  That would be way too low-tech.  How could the HFTs do DDOS attacks and get in front of everyone if they did that?

I can pretty much guarantee that the REAL leaks (the ones happening days in advance, not miliseconds) are NOT happening through hacking or algos.  Somebody is grabbing the report, reading it and making phone calls.  Those will never be stopped by "computer security experts."

 

Tue, 06/11/2013 - 20:19 | 3648514 StychoKiller
StychoKiller's picture

Like all PCs, their internal clock chip probably drifts -- don't they have access to NTP?

Tue, 06/11/2013 - 09:33 | 3645661 MFLTucson
MFLTucson's picture

One final criteria is that you must be a whore for Bernanke and company!

Tue, 06/11/2013 - 09:35 | 3645665 MythicalFish
MythicalFish's picture

Limericks & Satire ?

Tue, 06/11/2013 - 09:40 | 3645668 SheepDog-One
SheepDog-One's picture

We've got severed limbs here spurting blood! Anyone got a bandaid?

Just a joke....if anything this is a job to hide tracks of who they leak to, and that job will have to pay WAY more than $70 thou a year.

Tue, 06/11/2013 - 09:44 | 3645705 espirit
espirit's picture

I think I'd be worried they're looking for a sacrificial lamb to place upon the altar.

Tue, 06/11/2013 - 09:38 | 3645677 ziggy59
ziggy59's picture

BLieS hates competition in the make up numbers and leaks dept....

Tue, 06/11/2013 - 09:39 | 3645686 falak pema
falak pema's picture

do you remember the movie "our man in havana", pretending that hoovers were missile launchers. 

Maybe the bureau of lies and spies has the same ambitions; they need a guy like Alec G badly.

Tue, 06/11/2013 - 09:40 | 3645691 Aurora Ex Machina
Aurora Ex Machina's picture

There's very good reasons that truly talented white/grey/black hats don't work for the government.

I don't know, perhaps throwing the book at them for terrorism every time a Corporate squeaks about "OMG OUR DOLLARS" when their own shitty defense is hit might be a contributing factor?

 

The State friendly versions always give me the wrong vibe. An example. Artemis was the hunter, but a droopy eye is often the tell of something or other.

Tue, 06/11/2013 - 09:41 | 3645702 D-Man
D-Man's picture

Is that salary a joke? No wonder they can't keep anything secure. Guess they're fine hiring people right out of government schools or community colleges.

Tue, 06/11/2013 - 09:44 | 3645724 Racer
Racer's picture

They have data?????

I thought all they needed was a thin air number plucker

Tue, 06/11/2013 - 09:46 | 3645731 Taint Boil
Taint Boil's picture

Bureau of Little Substance

Tue, 06/11/2013 - 10:05 | 3645829 DOT
DOT's picture

...Lickspittle Swinewhores.

Tue, 06/11/2013 - 10:00 | 3645736 spanish inquisition
spanish inquisition's picture

Meh, just need to update my phone and email PRISM access to include BLS. Then, set up a quote stuff a couple milliseconds before the release, clear the decks and get my trades in first. After that is done, get some chocolate chip pancakes.

Edit: Oh wait, I am already doing that..... Edit 2: Is PRISM the the greatest corporate espionage tool ever created?

Tue, 06/11/2013 - 20:21 | 3648521 StychoKiller
StychoKiller's picture

Search for "PROMIS" S/W...

Tue, 06/11/2013 - 10:02 | 3645806 DOT
DOT's picture

Actually the job has been filled. The continuing ads are to find those who pose a threat (got the mad skills) and put them on the Drone waiting list.

Tue, 06/11/2013 - 10:02 | 3645812 Free Wary
Free Wary's picture

Why do we need a BLS when we have shadowstats.com?

Tue, 06/11/2013 - 10:16 | 3645887 BlackVoid
BlackVoid's picture

Guys, apply quick, then leak everything!

Seriously, there should be a fund set-up for the legal defense of whistleblowers. They could also be rewarded.

 

I would gladly donate towards this, it seems this is the only tool to prevent the global elites to gain even more power. Wikileaks and Anonymous are dead.

Tue, 06/11/2013 - 10:19 | 3645905 CPL
CPL's picture

Here I'll save them some time.  The Five Unpatchable Security holes as they relate to Access DB’s.  They are applicable to all systems.

 

 

1)     

OSI  - Disable DB services on local machine and try to open to cap authentication.  If that doesn`t work, copy to a folder and change ACL`s to read/write everyone. 

a.      

If there is a remote secondary repository all the data can be replicated to a local third database for further examination.

2)     

Business planning – Examine the history of the DB in question and the Infrastructure around it.

a.      

Design, or lack of a design, or clear business requirement.  These all allow access in unorthodox ways.

3)     

People – Code reuse and customization.  More customized = more secure

a.      

Code reuse and looking for reused code with google to determine the exploit associated with the object.  Old known source means there are old known holes.

4)     

Developer Backdoors – For Access Hold down SHIFT and Double click

a.      

Shift double click.  First thing to try.

5)     

Exploits – Too Numerous to mention in the context of Access database.

a.      

ASP Mask impersonation, act as the system and execute system tasks in the database.

b.     

Poor planning and items are left undone from a comprehensive implementation plan.

 

History:

 

95-97 Databases have plain text embedded that hold the security.  Use a hex editor to modify and remove any admin account bound to the DB.  In the Oracle universe it would be like removing the SA account and publically presenting it.

 

2003-greater Access Databases (mdb, accdb file formats) Shift click and database replication is built into the application and can be used to pull information.

 

Business conditional:

This is all dependent on the data in the database.  If it`s need to know, it should be on a SQL server and the screws tightened.  The app has to be tested with a regular functional testing cycle (make sure nothing breaks) and another TRA should be run.

 

General rule of thumb; if there are people`s names in the data…then it belongs on a server under a monitored lock and key guarded by wild haired engineers armed with blackberries and really strong coffee.

 

 

---and the more esoteric fun stuff at the end.

 

http://www.shodanhq.com/

 

This is the website with the handy google dork front end.   Find any physical network object that isn`t properly managed on the public side and play with it.  Unfortunately, this includes little websites and city traffic control systems.

 

Good luck to whomever takes the position at BLS.  I can smell the general level of retardation in the organization miles away and it will be easier to get tooth paste back into the tube than change the corporate attitudes.  

So to whomever walks in there.  The organisation needs a fall guy to blame on the security there when all presented ideas are ignored and cases presented to change.  Again...that enterprise model is not built to change, so anyone getting a cheque cut by them be aware of this.

 

My suggestion is if someone does walk in there the first place they go to is Licensing and write a spread on the amount and level of internal piracy being done by such a large and 'profitable' organisation serves as a terrible and easily fixed problem.  Remember security starts with ownership.  

If they don't own it or aren't licensed for it.  It's not secure and therefore a lawsuit waiting to happen.  A single 'rogue' employee will be the least of their concerns if ignoring the possibility of full scale audits, media and lawyers crawling all over the place.  ;-)

 

Take their money and give them real value by running software reports on all installed systems in the enterprise then pointing out the potential tens of billions of dollars waiting in legal and court costs.  

Tue, 06/11/2013 - 10:29 | 3645940 One World Mafia
One World Mafia's picture

Their IT specialists need to throw monkey wrenches into the code.

Tue, 06/11/2013 - 10:35 | 3645981 CPL
CPL's picture

That would be called code reuse.  When given a square peg of time to delivery and a round hole of business requirements.

 

Hammer hard.

Tue, 06/11/2013 - 20:25 | 3648537 StychoKiller
StychoKiller's picture

Right or left-handed?  Are you sure they're not already doing it?

Tue, 06/11/2013 - 10:31 | 3645955 Downtoolong
Downtoolong's picture

Yea, because, God forbid the real statistics ever get revealed to anyone by any means.

Tue, 06/11/2013 - 10:33 | 3645966 tuttisaluti
tuttisaluti's picture

I'd like a wistleblower from the FED, please........

Tue, 06/11/2013 - 10:33 | 3645971 Yancey Ward
Yancey Ward's picture

I just got a leaked e-mail from within GS that encourages it's IT staff to apply for the BLS moonlighting job.

Tue, 06/11/2013 - 10:37 | 3645987 Smegley Wanxalot
Smegley Wanxalot's picture

It's only a leak if the info is passed to those who don't have friends in high places.

Tue, 06/11/2013 - 10:46 | 3646029 Winston Smith 2009
Winston Smith 2009's picture

I hear Edward Snowden is available.  But, actually, I'd much prefer he work at the Fed.

Tue, 06/11/2013 - 11:34 | 3646231 geotrader
geotrader's picture

There's a back door built in for the algos.  I'm sure whoever is hired will never find it.

Tue, 06/11/2013 - 13:07 | 3646615 monad
monad's picture

Shut down the BLS

Do NOT follow this link or you will be banned from the site!