This page has been archived and commenting is disabled.
BLS Seeks To Hire IT Specialist To Prevent Hacking And Data Leaks
Whether or not this is a direct result of the Snowden whistleblower affair is unclear, but the following BLS job posting just hit the tape. In brief: suddenly the Bureau of [insert favorite L and S words here] is just a little concerned about the "proper security and unauthorized disclosure" of its data and making sure it is not "vulnerable to purposeful denial-of-access or alteration by unauthorized persons." The right candidate will "participate in network and systems design to ensure incorporation and implementation of appropriate systems security controls and policies, which ensures the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools."
So we wonder: will the next whistleblower to emerge be from the BLS, and just what tidbits of ARIMA-X-12 "seasonal adjustments" will they unleash upon the world?
We are confident at least one of our computer savvy, if temporarily unemployed readers, would be delighted to provide their skillset to the BLS.
- Job Title: IT Specialist (INFOSEC)
- Department: Department Of Labor
- Agency: Bureau of Labor Statistics
- Job Announcement Number: DH-13-BLS-OT-110
- $74,872.00 to $97,333.00 / Per Year
Opportunities are Open! Begin a challenging career with the U.S. Department of Labor (DOL), and you will help shape the workforce of tomorrow. DOL offers rewarding opportunities to contribute to a noble mission; to serve and protect American workers, prepare them for new and better jobs, and to ensure the safety and fairness of American workplaces.
The Department of Labor values its customers. Every DOL employee is responsible for delivering good customer service through accurate, courteous, efficient and effective transactions.
DOL seeks to attract and retain a high performing and diverse workforce in which employees' differences are respected and valued to better meet the varying needs of the diverse customers we serve. DOL fosters a diverse and inclusive work environment that promotes collaboration, flexibility and fairness so that all individuals are able to participate and contribute to their full potential.
The Bureau of Labor Statistics (BLS) is the principal fact-finding agency for the Federal Government in the broad field of labor economics and statistics. The BLS is an independent national statistical agency that collects, processes, analyzes, and disseminates essential statistical data to the American public, the U.S. Congress, other Federal agencies, State and local governments, business and labor. The BLS also serves as a statistical resource to the DOL.
This position is located in the Department of Labor, Bureau of Labor Statistics, Office of Technology and Survey Processing, Division of Network and Information Assurance. The Division of Network and Information Assurance (DNIA) is the lead authority within the BLS for ensuring computer systems owned and leased by the BLS, and the data stored or transmitted thereon, are properly secured from unauthorized disclosure and are not vulnerable to purposeful denial-of-access or alteration by unauthorized persons. This division also serves as consultants to Bureau personnel in the development, operation, and maintenance of computer systems to ensure that they are developed and operated according to policy and with regard to the most recent security guidelines available in the field of Information Technology (IT).
DUTIES:
Duties may include but are not limited to:
1. The employee participates in network and systems design to ensure incorporation and implementation of appropriate systems security controls and policies, which ensures the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.
2. The employee investigates breaches and improper use of BLS computer systems; including, as appropriate, the gathering, analysis, and preservation of evidence, as well as the development and implementation of necessary countermeasures.
3. The employee participates in the execution of annual third-party security assessments. These assessments typically include the use of external experts in the field of IT security in auditing key components of the Bureau’s environment to ensure that they are configured in compliance with Federal statute and regulation.
4. The employee serves as a leading BLS technical authority/resource for IT security by providing sound guidance, comment, and advice at internal and external settings of various types, including conferences and intra-agency groups. In addition, the expertise is used in ensuring the organization’s review of all BLS proposals for new and modified IT systems and procedures to ensure and certify their adherence to required IT security requirements and best practices in the ever changing IT security field.
5. The employee assists division management in their efforts to prepare IT security policy by performing discrete tasks associated with the overall policy development process, such as evaluating and recommending adoption, non use, or use with modification of new or enhanced approaches to the operation of BLS IT systems.
6. The employee participates in the performance of security compliance reviews, risk and vulnerabilities assessments, audits and/or reviews of planned and installed IT systems to identify vulnerabilities, risks, and protection needs; and, engages in and individually investigates security infractions and incidents, such as attempted penetration of BLS systems by unauthorized parties when it includes assessing security events to determine impact and proposes corrective actions.
- 5207 reads
- Printer-friendly version
- Send to friend
- advertisements -


Bureau of Leakable Statistics?
"best practices" aka - just enough to cover our asses and claim 'but everyone else does it this way'
Seems to me that the data has been "jacked" for some time now.
Can't let the truth leak, can we?
P.S.- Must have experience with Anonymous hacking techniques.
I suspect the "external" bonuses will make up for the salary shortfall of said position.
$97k for a solid infosec cat is pence.
I would imagine that anyone who's home computer background check reveals considerable time perusing ZH, probably would find themselves rejected before the interview process.
a sample question on ap.
1) 1+1=
a) 7
b) 5
c) 19
d) all the above
e) 11
Dr Bernanke is pleased to show you he's created some jobs. Now I know a certain chap currently in Hong Kong who could do with the job but its a bit a pay drop. On the plus side he has a good history with this sort of thing...
"a sample question on ap. 1) 1+1="
Answer: e) What would you like it to be?
.
Correct answer: Cannot be determined without knowing both the month from which the value of '1' is sourced and the month during which the '+' operation is performed.
How many birth/death modelz hiding under the '=' sign?
HAHAHAHAHAHAH...it is all made up anyway, so who needs them?
They need a gatekeeper to insure that the REAL data never gets made public...
We need a sapper to take the job. ;)
Mess with the best... DIE like the rest...
Bureau of Lies & Spin
Sign me up, I have a great imagination.
Yes, but can your imagination leak in micro-seconds??????
I can stream leaks, watch me.
.
...and can write my name in the snow.
oh please. we know they purposely leak it to the investment banks, and all other interested parties. hiring one more drone is hardly the window dressing this (yet another) bit of corruption needs.
The employee investigates breaches and improper use of BLS computer systems;...
So, the BLS has at least one computer now - not just a fax machine? If it weren't for this one sentence I wouldn't even be so sure of that.
The have a DOS computer running Lotus 1-2-3 with a track feed impact ribbon printer.
.
The new hire's first project will be to replace those old daisy wheel clunkers and move the bureau forward into the dot matrix era.
Throw in my old D&D dice for determining metrics and that should round out their technology.
pods
.
You get additional paid vacation for every critical hit you score.
I have limited IT skills but I think I am up to the task. Where do I send my donation to Obama to secure my position?
Winning the caddy tournament will give you a leg up.
Being handy with a reach-around wouldn't hurt either. Nor would having access to top-grade choom.
Already applied do I have a 15 nano second advantage
7. The employee participates in the embellishment of employment data in periods preceding national elections.
Who's hacking the BLS? I thought it was all 'Reuters' fault. /s
Is there some reason they can't just put it into an envelope, walk out at the pre-appointed time and READ it? Publish it on the website 15 minutes later. No more news-reading bots and algos to worry about.
Oh, no. Couldn't do THAT. That would be way too low-tech. How could the HFTs do DDOS attacks and get in front of everyone if they did that?
I can pretty much guarantee that the REAL leaks (the ones happening days in advance, not miliseconds) are NOT happening through hacking or algos. Somebody is grabbing the report, reading it and making phone calls. Those will never be stopped by "computer security experts."
Like all PCs, their internal clock chip probably drifts -- don't they have access to NTP?
One final criteria is that you must be a whore for Bernanke and company!
Limericks & Satire ?
We've got severed limbs here spurting blood! Anyone got a bandaid?
Just a joke....if anything this is a job to hide tracks of who they leak to, and that job will have to pay WAY more than $70 thou a year.
I think I'd be worried they're looking for a sacrificial lamb to place upon the altar.
BLieS hates competition in the make up numbers and leaks dept....
do you remember the movie "our man in havana", pretending that hoovers were missile launchers.
Maybe the bureau of lies and spies has the same ambitions; they need a guy like Alec G badly.
There's very good reasons that truly talented white/grey/black hats don't work for the government.
I don't know, perhaps throwing the book at them for terrorism every time a Corporate squeaks about "OMG OUR DOLLARS" when their own shitty defense is hit might be a contributing factor?
The State friendly versions always give me the wrong vibe. An example. Artemis was the hunter, but a droopy eye is often the tell of something or other.
Is that salary a joke? No wonder they can't keep anything secure. Guess they're fine hiring people right out of government schools or community colleges.
They have data?????
I thought all they needed was a thin air number plucker
Bureau of Little Substance
...Lickspittle Swinewhores.
Meh, just need to update my phone and email PRISM access to include BLS. Then, set up a quote stuff a couple milliseconds before the release, clear the decks and get my trades in first. After that is done, get some chocolate chip pancakes.
Edit: Oh wait, I am already doing that..... Edit 2: Is PRISM the the greatest corporate espionage tool ever created?
Search for "PROMIS" S/W...
Actually the job has been filled. The continuing ads are to find those who pose a threat (got the mad skills) and put them on the Drone waiting list.
Why do we need a BLS when we have shadowstats.com?
Guys, apply quick, then leak everything!
Seriously, there should be a fund set-up for the legal defense of whistleblowers. They could also be rewarded.
I would gladly donate towards this, it seems this is the only tool to prevent the global elites to gain even more power. Wikileaks and Anonymous are dead.
Here I'll save them some time. The Five Unpatchable Security holes as they relate to Access DB’s. They are applicable to all systems.
1)
OSI - Disable DB services on local machine and try to open to cap authentication. If that doesn`t work, copy to a folder and change ACL`s to read/write everyone.
a.
If there is a remote secondary repository all the data can be replicated to a local third database for further examination.
2)
Business planning – Examine the history of the DB in question and the Infrastructure around it.
a.
Design, or lack of a design, or clear business requirement. These all allow access in unorthodox ways.
3)
People – Code reuse and customization. More customized = more secure
a.
Code reuse and looking for reused code with google to determine the exploit associated with the object. Old known source means there are old known holes.
4)
Developer Backdoors – For Access Hold down SHIFT and Double click
a.
Shift double click. First thing to try.
5)
Exploits – Too Numerous to mention in the context of Access database.
a.
ASP Mask impersonation, act as the system and execute system tasks in the database.
b.
Poor planning and items are left undone from a comprehensive implementation plan.
History:
95-97 Databases have plain text embedded that hold the security. Use a hex editor to modify and remove any admin account bound to the DB. In the Oracle universe it would be like removing the SA account and publically presenting it.
2003-greater Access Databases (mdb, accdb file formats) Shift click and database replication is built into the application and can be used to pull information.
Business conditional:
This is all dependent on the data in the database. If it`s need to know, it should be on a SQL server and the screws tightened. The app has to be tested with a regular functional testing cycle (make sure nothing breaks) and another TRA should be run.
General rule of thumb; if there are people`s names in the data…then it belongs on a server under a monitored lock and key guarded by wild haired engineers armed with blackberries and really strong coffee.
---and the more esoteric fun stuff at the end.
http://www.shodanhq.com/
This is the website with the handy google dork front end. Find any physical network object that isn`t properly managed on the public side and play with it. Unfortunately, this includes little websites and city traffic control systems.
Good luck to whomever takes the position at BLS. I can smell the general level of retardation in the organization miles away and it will be easier to get tooth paste back into the tube than change the corporate attitudes.
So to whomever walks in there. The organisation needs a fall guy to blame on the security there when all presented ideas are ignored and cases presented to change. Again...that enterprise model is not built to change, so anyone getting a cheque cut by them be aware of this.
My suggestion is if someone does walk in there the first place they go to is Licensing and write a spread on the amount and level of internal piracy being done by such a large and 'profitable' organisation serves as a terrible and easily fixed problem. Remember security starts with ownership.
If they don't own it or aren't licensed for it. It's not secure and therefore a lawsuit waiting to happen. A single 'rogue' employee will be the least of their concerns if ignoring the possibility of full scale audits, media and lawyers crawling all over the place. ;-)
Take their money and give them real value by running software reports on all installed systems in the enterprise then pointing out the potential tens of billions of dollars waiting in legal and court costs.
Their IT specialists need to throw monkey wrenches into the code.
That would be called code reuse. When given a square peg of time to delivery and a round hole of business requirements.
Hammer hard.
Right or left-handed? Are you sure they're not already doing it?
Yea, because, God forbid the real statistics ever get revealed to anyone by any means.
I'd like a wistleblower from the FED, please........
I just got a leaked e-mail from within GS that encourages it's IT staff to apply for the BLS moonlighting job.
It's only a leak if the info is passed to those who don't have friends in high places.
I hear Edward Snowden is available. But, actually, I'd much prefer he work at the Fed.
There's a back door built in for the algos. I'm sure whoever is hired will never find it.
Shut down the BLS