Posted on 06/12/2015 9:29:06 PM PDT by Jet Jaguar
Hackers linked to China appear to have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, several U.S. officials said Friday, describing a second cyberbreach of federal records that could dramatically compound the potential damage.
The forms authorities believed to have been accessed, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant's Social Security number and that of his or her cohabitant is required.
The officials spoke on condition of anonymity because the security clearance material is classified.
"This tells the Chinese the identities of almost everybody who has got a United States security clearance," said Joel Brenner, a former top U.S. counterintelligence official. "That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That's a gold mine. It helps you approach and recruit spies."
The Office of Personnel Management, which was the target of the hack, has not officially notified military or intelligence personnel whose security clearance data was breached, but news of the second hack was starting to circulate in both the Pentagon and the CIA.
The officials said they think the hack into the security clearance database was separate from the breach of federal personnel data announced last week a breach that is itself appearing far worse than first thought. It could not be learned whether the security database breach happened when an OPM contractor was hacked in 2013, an attack that was discovered last year. Members of Congress received classified briefings about that breach in September, but there was no mention of security clearance information being exposed.
The OPM had no immediate comment Friday.
Almost all of the millions of security clearance holders, including CIA, National Security Agency and military special operations personnel, are potentially exposed in the security clearance breach, the officials said. More than 4 million people had been investigated for a security clearance as of October 2014, according to government records.
In the hack of standard personnel records announced last week, two people briefed on the investigation disclosed Friday that as many as 14 million current and former civilian U.S. government employees have had their information exposed to hackers, a far higher figure than the 4 million the Obama administration initially disclosed.
American officials have said that cybertheft originated in China and that they suspect espionage by the Chinese government, which has denied any involvement.
The newer estimate puts the number of compromised records between 9 million and 14 million going back to the 1980s, said one congressional official and one former U.S. official, who spoke to The Associated Press on condition of anonymity because information disclosed in the confidential briefings includes classified details of the investigation.
There are about 2.6 million executive branch civilians, so the majority of the records exposed relate to former employees. Contractor information also has been stolen, officials said. The data in the hack revealed last week include the records of most federal civilian employees, though not members of Congress and their staffs, members of the military or staff of the intelligence agencies.
On Thursday, a major union said it believes the hackers stole Social Security numbers, military records and veterans' status information, addresses, birth dates, job and pay histories; health insurance, life insurance and pension information; and age, gender and race data.
The personnel records would provide a foreign government an extraordinary roadmap to blackmail, impersonate or otherwise exploit federal employees in an effort to gain access to U.S. secrets or entry into government computer networks.
Outside experts were pointing to the breaches as a blistering indictment of the U.S. government's ability to secure its own data two years after a National Security Agency contractor, Edward Snowden, was able to steal tens of thousands of the agency's most sensitive documents.
After the Snowden revelations about government surveillance, it became more difficult for the federal government to hire talented younger people into sensitive jobs, particularly at intelligence agencies, said Evan Lesser, managing director of ClearanceJobs.com, a website that matches security-clearance holders to available slots.
"Now, if you get a job with the government, your own personal information may not be secure," he said. "This is going to multiply the government's hiring problems many times."
The Social Security numbers were not encrypted, the American Federation of Government Employees said, calling that "an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce."
"Unencrypted information of this kind this is disgraceful it really is disgraceful," Brenner said. "We've had wakeup calls now for 20 years or more, and we keep hitting the snooze button."
Samuel Schumach, an OPM spokesman, would not address how the data was protected or specifics of the information that might have been compromised, but said, "Today's adversaries are sophisticated enough that encryption alone does not guarantee protection." OPM is nonetheless increasing its use of encryption, he said.
The Obama administration had acknowledged that up to 4.2 million current and former employees whose information resides in the Office of Personnel Management server are affected by the December cyberbreach, but it had been vague about exactly what was taken.
J. David Cox, president of the American Federation of Government Employees, said in a letter Thursday to OPM director Katherine Archuleta that based on incomplete information OPM provided to the union, "the hackers are now in possession of all personnel data for every federal employee, every federal retiree and up to 1 million former federal employees."
Another federal employee group, the National Active and Retired Federal Employees Association, said Friday that "at this point, we believe AFGE's assessment of the breach is overstated." It called on the OPM to provide more information.
Rep. Mike Rogers, the former chairman of the House Intelligence Committee, said last week that he believes China will use the recently stolen information for "the mother of all spear-phishing attacks."
Spear-phishing is a technique under which hackers send emails designed to appear legitimate so that users open them and load spyware onto their networks.
Associated Press writer Lolita C. Baldor contributed to this story.
Hillarys server got hacked, and that opened a way into the bowels of the secure state department servers (imho). All it would take is one of those, I found this cool video attachments sent from a spoof of Hillarys email, and someone in state opens it, thinking it came from her thighness. Boom. Trojan implanted into state server. From there, it is childs play for the kind of hackers the Chinese and Russians employ.
Actually, the whole thing would be childs play for probably 1000+ hackers around the world. Guccifer was just screwing with them at their expenseand still has 30 gigabytes stashed in the cloud. He was not even malicious.
Guarantee the espionage guys were there too, only they planted stuff all over the fedguv servers. Theyve been there for years. Our entire fedgov secret server system has very likely been hacked. And every employee compromisedwe already know that. This is not hyperbole. It is that bad. And Hillarys ego did it.
“Is Chinese the new nickname for the Democratic National Committee?”
Good one!
5.56mm
One time is happenstance.
Twice is coincidence.
Three times is enemy action.
Goldfinger
TPP GIVES CHINA PERMANENT MOST FAVORED NATION TRADING STATUS.
China has committed an act of war against the United States.
Ho, hum.
I would be willing to bet my life savings that the breach was the result of someone on an H1B IT visa giving all the passwords to China.
This was obviously an inside job. You don’t get these passwords and access by just playing with the keyboard.
There is treason and espionage going on here.
Undoubtedly some Chinese H1B visa holder was given a job an American couldn’t do; i.e, turning over all this information to China.
That’s actually a very good point. What access is automatically made easier just because a person is an insider at GE, for example? And an H1B at GE would be an insider....whose loyalty is overseas someplace.
I’m sure there are hundreds if not thousands of Chinese IT people on H1B visas with access to passwords for the Federal Government databases.
And those with pentagon contracts are too numerous to count: GE, Boeing, GM, etc.
And every one of those international companies has subsidiaries in Communist China and every other country in the world.
There are very few "American" companies anymore.
The concept credit monitoring is allowing you to keep track of everything done in your name so you can refute that which you didn’t do.
This however is an indefensible position given the shear scale of the problem and the amount of information that is out there on every single american. There is really no way for some distant 3rd party credit monitor or otherwise to know which one is you.
The reality is with so much information leaked Nobody has anyway to prove to anyone they don’t personalty known in person are who they are anymore. Every record of verification is breached.
With the age of computers and massive amounts of databases maintained by various 3rd parties this was somewhat inevitable. But I must admit even I didn’t think it would happen so quickly. I figured we would have anther decade or so of relive security.
But I suppose there is no point in waiting to address the problem from the business side and eliminate the digital identity. Instead treat everyone whom you cannot personalty verify as anyone.
It is no longer possible to hold people accountable for digital actions you can no longer prove they took.
As for the blackmail threat, this is of course very serous and it completely compromises the U.S. Government’s security system. A drastic downsizing and compartmentalization will be necessary.
Centralization in the OPM and FBI simply made one big target which of course allowed an enemy to at once compromise everyone and everything. This is a catastrophic disaster compounded further by the policy of theses investigative agency to retain digitally theses record for remote access.
There is nothing like physical security, and never will be simply because physical Security is limited to attack by those physically nearby. Internet security is always open to the entire world all the time. An no fortress no matter how strong can endure unlimited attack by everyone all the time. This is why OPM and the FBI are at fought for the attack, their retaining of the record with remote access made them available for anyone to take.
You know, P-M, there’s probably a time and a place for an H1B visa, but now isn’t the time in the USA.
How politicians don’t see that is beyond me.
“And every one of those international companies has subsidiaries in Communist China and every other country in the world.
There are very few “American” companies anymore.”
that doesn’t really make a difference, its the passwords and security policy that are the real weakness. Anyone and everyone with access to the information is a potential security risk in that their access can be compromised in a wide range of ways ranging from someone simply cracking their password to someone actually cracking them(blackmail or turncoat).
The password believe it or not may actually be the easier of the two to crack. For a computer it is just letters and numbers. In ether event it all boils down to a numbers game. The more people with access to the information the more passwords and/or people there are that can compromise it all.
The U.S. Federal government is huge and its size is in fact its biggest security problem.
The fact that they apparently allowed remote access to theses systems and data only multiplied the digital threat by making its potential attackers the entire world rather than just those who can reach the facility where its stored.
You can’t build a fortress capable of perpetually standing up to such a threat, and so it was really only a matter of time. I figured we had more time.
Well, I guess they should close the barn door.
Why are we not returning the favor here???
We could hack the ever livin’ crap out of the PRC...
The only problem is do they, ChiComs, really have anything of value, we don’t already know, that’s worth a crap???
I don't understand why this isn't front and center news every day. I also don't understand why the Republicans running for President haven't excoriated Hillary. I know Cruz and Paul have mentioned it. Maybe they're waiting for the actual election.
And shame on the democrat party for even thinking about running someone who has basically gutted the security of our military and the whole of the national government. Can you imagine if Reagan or Nixon had done this? What a disgrace. As I've said numerous times, Hillary should recuse herself in shame and drop out tomorrow. How do you live with the fact you've put every American at risk? Now That's pretty heavy.
Oh, I forgot: "The end justifies the means."
Oh, and does she get a payout for the free hack? Does it go to the Clinton Foundation?
Is she Really going to be the nominee and is there really a chance she could win the Presidency?
May God help us all.
“Incompetent to the core...”
On a good day.
I’ll be surprised when China hacks it’s way into Obama’s birth certificate.
Mark Levin and Laura Ingraham said China could hack our grid.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.