HP EXPOSES SCAP/STIG US GOVERNMENT SECRET CODE EXPOSED ON GITHUB FOR 2 YEARS AND ONGOING FOR TERRORIST TO DOWNLOAD

SCAP is a new compliant tool U.S Government uses to ensure security of Military and Government systems. The shocking news reveals “SSG” code that can be only accessed with a U.S Soldiers CAC, which is SCAP Security Guide that contains the same data that requires a “CAC” to access the highly sensitive repository containing Secret and Top Secret information. The spending that took off in 2009 totaled out to $700 Billion to develop security programs such as SCAP and STIG mechanisms to protect HIPAA information however the same code has been sitting in the open for anyone to download however our Investigators interviewed a DoD contract worker and has stated that this is the same “Code” that was used to do his job label “Secret”. The SCAP and STIG code the DoD contractor used on his job was, but is currently only accessed with your Military CAC ID (HIPAA Compliance Reporter for Covered Entities – Liability Reduction by Automated, Cost Effective Support of Business Associates) (2015). If you visit clearance jobs to review this job description at clearance jobs you will see a job listed mentioning the STIGS, which is only accessed on a secured DoD environment at a salary starting at $100,000 - $125,000 annual salary range (STIGS requirement on Clearance jobs)(396,000 DoD Stig Secret/Top Secret Clearance jobs listed) (2016). Investigations would have to be done thouroughly because IT Professionals could easily download the secret STIG and SCAP code and forge that they have experience doing STIG and SCAP work to get a $100,000 job. The following “DISA IASE” site reveals only sites with “SIPRNet PKI” can only access “Secret Sensitive information” ( DISA Site that contains PKI CAC Military protected Secret/ Top Secret information ) (2015). The tools under the CDM BPA also comply with the Security Content Automation Protocols (SCAP), a collection of specifications developed by the National Institute of Standards and Technology to let products from various vendors communicate and inter-operate to add to the database to deploy to 800 military bases Worldwide. When examining the Classified code used to protect US Military systems the IA Controls defines the level of classification however we seen many at the link on Github, but the IA Control “EBRP-1” is labled Sensitive Classified, which the stig viewer can be found at the following link ( EBRP-1 defined in DoD Stig Viewer)(Classified US Government STIGs exposed)(RHEL 6 STIG Classified Code exposed) (2015). This means the Stig and Scap code can be executed against servers that says " You are accessing a a U.S Government (USG)", which the following search results display roughly 150,000+ servers to query the STIG and SCAP code against those U.S Government servers, but the code was sitting for years since 2012 (Exposed U.S Government servers to execute exposed Stig and Scap code against) (2016). At this link the stig viewer viewed all IA Controls classification level, which anyone can access the code and easily determine what the code does after examining the Stig Viewer to easily break into Military Systems (  IA Control Codes specifying classification level ) (2015). The follow classified code can be seen, which shows the IA Control with EBRP-1 defined in the code ( Link to classified code with EBRP-1 defined) (2015). The point of SCAP and the CDM program are to break down the silos of data being generated by point security products, enabling real defense in depth with tools that talk to each other. A new generation of tools is emerging, leveraging data to provide greater visibility, analysis and faster response for enterprises. ISIS can click the following link to download the “PKI” Secret / Top Secret Sensitive data in zip format to mimic U.S Government systems to retrieve Top Secret and Secret U.S information ( U.S Secret / Top Secret Sensitive data ISIS can retrieve) (2015). Through investigations our investigative unit was able to access several repositories showing the Secret Sensitive data however the companies involved are Tresys and HP, which are partners with each other according to Tresys partners website ( Tresys and HP partners among other companies) (2015). When examining the breached code we also found an HP document with Tresys being listed as a trusted Security Provider on behalf of the U.S Government however massive amounts of Lawsuits in the high $300 Billion+ and a Ban to conduct business in the U.S would have to be assessed, which the code has been sitting for anyone such as Terrorist, Enemies, and Cyber Criminals to download for 2 years and ongoing causing National Grave Damaged to U.S as a whole ( HP Document at HP.com with Tresys information) (HP.COM) 2015). According to investigations, The directory called scripts we was able to see an overwhelming amount of GEN scripts that is used to execute against U.S Government Servers to provide Secret and Top Secret security postures to prevent terrorist from entering into U.S Government systems. In the script the commented section in the script reveals terms used in DOD environments such as IAO, which is called Information Assurance Officer (What is the meaning of IAO) (2015). The complexity of the scripts are Secretive in terms of the code that is used to secure a massive amount of servers however according to the DISA information the Group ID, Group Title, Rule ID, Severity, Rule Version, and Rule Title is defined in the Secret and Top Secret code. The question arises however how many infected servers exist? This number is overwhelming and what information is being accessed by who, what, when, where, and why?. Currently, we already have U.S Soldiers turning into ISIS leaders, which is now over throwing U.S Government and U.S Military. ISIS can now be able to have similar technology and similar security setups to be able to invade U.S Government computer systems (Military VET charged with trying to join ISIS) (2015). The following link indicates that the software was developed by Tresys Technology LLC with U.S. Government sponsorship (Tresys Secret Sensitive code with U.S Government Sponsorship defined) (2015). After we discovered the Secret sensitive data we also discovered that Tresys received a $12 Million contract to supports the development of a comprehensive approach to defending the U.S. Government information and digital communications infrastructure. We have already detected that the Secret / Top Secret data to secure government systems was downloaded numerous amounts of times however the code has been sitting for 2 years total and counting. When our team investigated the sensitive military data the GEN001394 rule defines that the /etc/group file is critical to system security and must be protected from unauthorized modification. The group file contains a list of system groups and associated information ( Link to Secret / Top Secret sensitive script data) (2015). Since the leakage of the Secret Sensitive code U.S has now spent over $100 Billion since 2013 when investigating on U.S expenditures on Cyber Security on securing U.S government systems ( $76.9 Billion spent on Cyber Security in U.S) (2014).