Posted on 06/07/2015 12:46:52 AM PDT by 2ndDivisionVet
Those of us who have had security clearances in the past endured plenty of lectures on the need to secure sensitive material. The Office of Personnel Management in the Obama administration apparently needed to listen a little more carefully. A hack by China’s intelligence service not only exposed four million current federal employees, but also thirty years of data from security clearances, with the most personally sensitive information possible now exposed to foreign spies:
(VIDEO-AT-LINK)
Data stolen from U.S. government computers by suspected Chinese hackers included security clearance information and background checks dating back three decades, U.S. officials said on Friday, underlining the scope of one of the largest known cyber attacks on federal networks. …
The cyber attack was among the most extensive thefts of information on the federal work force, and one U.S. defense official said it was clearly aimed at gaining valuable information for intelligence purposes.
“This is deep. The data goes back to 1985,” a U.S. official said. “This means that they potentially have information about retirees, and they could know what they did after leaving government.”
Access to data from OPM’s computers, such as birth dates, Social Security numbers and bank information, could help hackers test potential passwords to other sites, including those with information about weapons systems, the official said.
“That could give them a huge advantage,” the official said.
Indeed, and not just for second-order hacking, either. The raw files on these background checks can contain incredibly sensitive personal information that could be used for blackmail or extortion. That’s why the discovery of hundreds of raw FBI files in the Clinton White House created such a stir, although not nearly enough of one. The only people who are allowed access to the raw files are the investigators, not political operatives, for that very reason. Those who apply for clearances get assurances that their information, some of which is gleaned from family, neighbors, and financial institutions, will never get seen outside of the clearing agency.
So far, the scope of this breach hasn’t been fully explained. Were the full investigative files breached, or just summaries? Did it encompass only those who worked directly for the White House since 1985, or for all federal agencies? Did this include those who got cleared — as I did — through DISCO (Defense Industrial Security Clearance Office), now the DSS, to work for defense contractors? How about personnel files from our own intelligence services? None of these are good options, but some are a lot worse than others.
No one’s quite sure of the answers, actually:
The Office of Personnel Management and the Interior Department have declined to publicly identify which database in the business center was targeted in the breach disclosed Thursday, one of the largest intrusions into federal employees’ personal information. But experts in and out of government in technology and federal personnel systems say they strongly suspect that a central database hosted by the Interior Business Center containing all executive branch personnel information, called Enterprise Human Resources Integration, was targeted.
The database contains a trove of data on every civilian employee in the government that goes way beyond their Social Security numbers. It’s a compendium of personnel files containing 35 years of historical data on federal employees. The records track an employee’s career in the government, from salary to benefits to training and certification. They also connect to other federal data sources on employees, including sites containing former employees’ retirement status and benefits.
Right now, the administration is pointing fingers at China. It’s pretty easy to see why they would want this data, but what’s the end game? The Washington Post thinks that China wants to build the kind of Big Brother database that some fear the US government might have wanted:
China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary, U.S. officials and analysts say.
Groups of hackers working for the Chinese government have compromised the networks of the Office of Personnel Management, which holds data on millions of current and former federal employees, as well as the health insurance giant Anthem, among other targets, the officials and researchers said.
“They’re definitely going after quite a bit of personnel information,” said Rich Barger, chief intelligence officer of ThreatConnect, a Northern Virginia cybersecurity firm. “We suspect they’re using it to understand more about who to target [for espionage], whether electronically or via human recruitment.”
It’s not just useful for recruitment, but to see who the US has recruited, too:
Once harvested, the data can be used to glean details about key government personnel and potential spy recruits, or to gain information useful for counterintelligence. Records in OPM’s database of background investigations, for instance, could contain a complete history of where an individual has lived and all of his or her foreign contacts in, say, China. “So now the Chinese counterintelligence authorities know which American officials are meeting with which Chinese,” a China cyber and intelligence expert said.
The data could help Chinese analysts do more effective targeting of individuals, said a former National Security Agency official. “They can find specific individuals they want to go after, family members,” he said.
Ironically, the Obama administration has lectured incessantly on cyber security for the last six years, demanding more federal regulation and oversight over private networks to harden communications. Maybe they should focus closer to home first.
Wonder how much $$$$ Bubba and Hildebeast got from their Red China connection.
Back in the late 90’s....those of us who required security clearances suddenly woke up and realized the review episodes were now all computerized records that we had to complete and were input into someone’s database system. I sat there for one episode and questioned them over a huge bit of personal data that I was giving them....addresses, bank accounts, etc...which would be sitting out there for someone to hack into. The security guys didn’t have any appreciation of the personal data. Over the next decade....time and time again...same attitude.
Personally, I think a class-action lawsuit is in order....sue the heck out of OPM for long-term stupidity.
Presidents don’t need a security clearance, they are the grantors of such. Catch 22.
That information should be on a classified government computer system impossible to be hacked anywhere in the public. Calling it “Chinese hackers” is a steaming pile of bovine excrement.
“If comrade dictator obama was granted a security clearance, I can see how that could have corrupted the system.”
I was being interviewed by an FBI contractor (a retired FBI agent) about a security clearance for a former coworker. At the end I asked if I could ask him a few questions. He said yes. I asked him that if I told him my mentor was Frank Marshal Davis and I had been personal friends with Bill Ayers if I would be granted a clearance. He blushed and stammered for a moment, then said, “no.” So there you have it. The president would not have been allowed access to classified information.
I wondered if it was possible we could have any secrets left after he was gone. The answer I keep coming up with is no.
Since most of my work carried clearance requirements, I know I am
Oh sure thing
No system is guaranteed hack proof, some systems are tougher than others
Happened to me when they breached OPM the last time.
They send you a letter offering free credit reports for 18 months.
These people are clowns.
I just want to know who deosn’t have my info yet. I have been notified half a dozen times that a government agency or contractor had a security breech and they will provide a free credit watch service for a year.
It’s freaking insulting! This isn’t about someone’s credit card; it is the golden key for blackmail and extortion.
I’m one of those who’ll be informed that I’m affected by this one. I wonder if I wouldn’t almost be better just putting it out there for the taking. It seems like this happens all the time. I think, seriously, this is at least the fourth or fifth time.
So all my data history, for all my employment histories,
from all those alphabet soup government offices, have
been stolen.
Well now, this brings out a contractual legal quandry,
(dirt) to throw in our gargantuan government’s face.
(Whaddya mean, Smith?)
“Federal Disclosure Forms”! The same forms argued recently
with Hillary, the SEAL team and Bergdahl, and every one
one here who was a G.I., or some kind of government
employee. The form that says the federal government
won’t acknowledge what you did, while employed, for 25
years, if you keep your trap shut for all that time, too.
Now, in a contract, both parties sign agreememts, for it to
be effective, right?
When I left each office, it was me and an OPM official,
who signed those forms.
Now., with this hacking, which effects all my post-G.I. wonk workings,
does this not “null and void” those agreements, since the
government, in it’s so-called security, now has all that
information disbursed across the globe, with no intention
of secrecy or discretion?
So if I start spouting facts, figures, and events covered by
those agreements, can I, now a victim of identity exposure,
be held accountable, since the other party of the agreement,
has demonstrated inappropriate and lackadaisical information
security?
Later
Link to a picture and bio of the Director of the Office of Personnel Management:
https://www.opm.gov/about-us/our-people-organization/senior-staff-bios/katherine-archuleta/
Explains a lot
The first “Latina” to run OPM and a Colorado school teacher to boot.
Obviously not even remotely qualified, the Chinese probably hacked in using her credentials.
This is a huge story and just like last week when the TSA was caught letting 95% of fake bombs through checkpoints,nothing is going to be done about it.
I’m trying to think of something I wasn’t read in on, but I left in 1983.
1985 means they could have mine.
Thanks to Barry, looks like the ChiComs got all my sensitive data...but hey 14-yr-old hackers and FBI/CIA traitors probably gave that stuff to the KGB, direct marketers and the ChiComs long ago, right?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.