House Oversight and Government Reform Committee Releases Comprehensive Report Confirming CyFIR Software Located and Identified Malware in OPM Data Breach

Majority members of the House Oversight and Government Reform Committee today released a comprehensive and documented report outlining their findings regarding the April 2015 Office of Personnel Management (OPM) data breach, which includes a confirmation that CyTech Services played a key role in identifying and responding to the intrusion that compromised 21 million sensitive government records.
As the report indicates, at OPM’s invitation, CyTech demonstrated their CyFIR Enterprise digital forensics and incident response platform at OPM on April 21-22, 2015. Using CyTech’s innovative endpoint vulnerability assessment methodology, CyFIR identified, within 12 minutes, a set of unknown processes running on a limited set of endpoints. This information was immediately provided to OPM security staff upon detection and was ultimately revealed to be zero day malware that had been in place on the OPM network for more than a year.

Specifically, the report stated, “During CyTech’s April 21, 2015 demonstration, CyTech identified or ‘discovered’ malware on the live OPM IT environment related to the incident. There is no evidence showing CyTech was aware [of the incident] at the time of the April 21 demonstration…Beginning on April 22, 2015, CyTech offered and began providing significant incident response and forensic support to OPM related to the 2015 incident. The documents and testimony show OPM and Cylance recognized CyFIR’s ability to quickly obtain forensic images. CyTech provided an expert to manage the CyFIR tool and continue to provide onsite support through May 1, 2015.” [Chapter 5: The CyTech Story; Page 125]

CyTech CEO Ben Cotton, a 21-year veteran of the U.S. Army Special Forces, lauded the findings outlined in the report, stating, “We are pleased that the report officially confirms what we have known to be true since the day we deployed the software on OPM’s network – By leveraging CyFIR’s total dynamic visibility (TDV) on the endpoint the CyFIR platform detected the malware in OPM’s network within 12 minutes of installation, and CyFIR was able to provide OPM the technical capabilities to forensically investigate, respond to the breach and perform these activities with an unprecedented speed to resolution (S2R). CyFIR worked exactly as it was supposed to in identifying and locating the cyber threat existent in OPM’s production systems.”

John Irvine, Chief Technology Officer of CyTech Services, added, “This validates the efficacy and efficiency of the CyFIR platform, demonstrating its value to the federal government and any organization where network security is a priority. All government entities should be secure and protected with the most comprehensive data security tools available, especially when our national security is at risk. Our concern now is that the large number of government departments and agencies that are connected to the OPM network may have also been compromised and should now be evaluated.

CyFIR’s rapid threat assessment module was designed and built specifically for this type of analysis at the speed and breadth necessary to identify and contain the problem quickly. The technology can rapidly scan all running processes on individual computers and at the enterprise level, dramatically shortening the time it takes to discover, investigate, and remediate a breach through its unique distributed architecture. CyTech remains committed to providing one of the most comprehensive forensic investigation and incident response tools on the market and protecting the privacy and security of trusted information.”