[Infowarrior] - OPM hack includes clearance info
Richard Forno
rforno at infowarrior.org
Fri Jun 12 16:37:04 CDT 2015
Chinese hack of U.S. network compromised security files
By Ellen Nakashima
http://www.washingtonpost.com/world/national-security/chinese-hack-of-government-network-compromises-security-clearance-files/2015/06/12/9f91f146-1135-11e5-9726-49d6fa26a8c6_story.html
The Chinese breach of the Office of Personnel Management network was wider than first acknowledged and officials said Friday that a database holding sensitive security clearance information on millions of federal employees and contractors also was compromised.
An official announcement about the breach is expected soon.
“This is potentially devastating from a counterintelligence point of view,” said Joel Brenner, a former top counterintelligence official for the U.S. government. “These forums contain decades of personal information about people with clearances. ..which makes them easier to recruit for foreign espionage on behalf of a foreign country.”
Last week, the Office of Personnel Management announced that a massive database containing personal information of roughly 4 million current and former federal employees was hacked. Privately, U.S. officials said that the Chinese government was behind the breach.
The breach of the data system announced by OPM last week affected 4.1 million individuals--all 2.1 million current federal civilian employees and 2 million retired or former employees. Information of officials as senior as cabinet secretaries may have been breached. The president’s and vice-president’s data were not, officials said.
The second OPM database that was breached contains sensitive background check information --called SF-86 data --that includes applicants’ financial histories and investment records, children’s and relatives’ names, foreign trips taken and contacts with foreign nationals, past residences and names of neighbors and close friends.
That database was also breached last year by the Chinese in a separate incident and the new intrusion underscores how persistent and determined the adversary is in going after data valuable to counterespionage.
“That database is very huge and very old and it has lots of interfaces to it,” said a U.S. official, who spoke on condition of anonymity because of the ongoing investigation. So figuring out exactly what part of it was breached has taken some time, the official said.
Employees of intelligence agencies such as the CIA generally do not have their clearance checks records held by the OPM, though some do, officials said.
“That’s the open question--whether it’s going to hit CIA folks,” said a second U.S. official. “It would be a huge deal. They could start unmasking identities.”
The administration timed its announcement last week to comply with its own policy, as reflected in proposed legislation, to notify individuals of a breach within 30 days of determining that there is a “reasonable basis to believe” that people’s personal information has been compromised, the U.S. official said.
Though the breach was discovered in April, it was not until early May that the FBI, OPM and Department of Homeland Security determined that employees’ personal likely were taken. That led to the announcement last week even though, the official said, the investigation was not complete.
“In an ideal world, people doing the investigation would say ‘We need to wait until we’re completely done,’ “ the official said.
A senior DHS official briefed Congressional staff last week and tried to explain why it took four weeks to alert employees to the breach. “It takes time to do the forensics and to understand what’s happened, and even to understand what data, if any, has been exposed,” said Ann Barron-Dicamillo, director of the U.S. Computer Emergency Readiness Team, according to notes taken by a Congressional aide. “It’s a lot of data. It takes time for DHS and all the partners to analyze that data and come to a conclusion.”
The breach, she said, took place in December. “It took awhile to pinpoint what actually went out the door because it happened six months ago,” she said.
Adam Goldman and Lisa Rein contributed to this report.
--
It's better to burn out than fade away.
More information about the Infowarrior
mailing list