Saturday, June 13, 2015

Making Off With The Crown Jewels

We're learning more and more about just what a mother lode of intelligence information hackers got from raiding the US government's personnel files, and as John Schindler points out, if the hackers are working for the Chinese or Russians, then America is in real trouble.

With each passing day the U.S. government’s big hacking scandal gets worse. Just what did hackers steal from the Office of Personnel Management? Having initially assured the public that the loss was not all that serious, OPM’s data breach now looks very grave. The lack of database encryption appears foolhardy, while OPM ignoring repeated warnings about its cyber vulnerabilities implies severe dysfunction in Washington.

To say nothing of the news that hackers were scouring OPM systems for over a year before they were detected. It’s alarming that intruders got hold of information about every federal worker, particularly because OPM previously conceded that “only” 4 million employees, past and present, had been compromised, including 2.1 million current ones. Each day brings worse details about what stands as the biggest data compromise since Edward Snowden stole1.7 million classified documents and fled to Russia.

Then there’s the worrisome matter of what OPM actually does. A somewhat obscure agency, it’s the federal government’s HR hub and, most important, it’s responsible for conducting 90 percent of federal background investigations, adjudicating some 2 million security clearances every year. If you’ve ever held a clearance with Uncle Sam, there’s a good chance you’re in OPM files somewhere.

And of course the problem is the hack was extensive and allowed reams of information out.

Here’s where things start to get scary. Whoever has OPM’s records knows an astonishing amount about millions of federal workers, members of the military, and security clearance holders. They can now target those Americans for recruitment or influence. After all, they know their vices, every last one—the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side—since all that is recorded in security clearance paperwork. (To get an idea of how detailed this gets, you can see the form, called an SF86, here.) Speaking as a former counterintelligence officer, it really doesn’t get much worse than this.

Do you have friends in foreign countries, perhaps lovers past and present? The hackers know all about them. That embarrassing dispute with your neighbor over hedges that nearly got you arrested? They know about that, too. Your college drug habit? Yes, that too. Even what your friends and neighbors said about you to investigators, highly personal and revealing stuff, that’s in the other side’s possession now.

Perhaps the most damaging aspect of this is not merely that millions of people are vulnerable to compromise, through no fault of their own, but that whoever has the documents now so dominates the information battlespace that they can halt actions against them. If they get word that an American counterintelligence officer, in some agency, is on the trail of one of their agents, they can pull out the stops and create mayhem for him or her: Run up debts falsely (they have all the relevant data), perhaps plant dirty money in bank accounts (they have all the financials, too), and thereby cause any curious officials to lose their security clearances. Since that is what would happen.

So yes, this hack was bad.  We need to clean up this mess, but the reality is that between this and the Snowden documents, US intelligence is all but in complete tatters in 2015.  This is where government is most certainly not working properly, and fixing it will take years of not decades.

2 comments:

Scopedog said...

So yes, this hack was bad. We need to clean up this mess, but the
reality is that between this and the Snowden documents, US intelligence
is all but in complete tatters in 2015.



...Not that Greenwald and the Snowdenites would give a damn about this anyway. The sad truth is that funds need to be put into place to fix this, but the moan and groan of the day is that we do not need the NSA or that some form of cybersecurity is a backdoor for the government grabbing all of our personal info and watching us masturbate to internet porn. Remember when people were chuckling at the hack of Sony and praising Wikileaks for that?


Now we have this....and yeah, it is bad.



Meanwhile, private companies take far, far more personal info from us and we are told "So what?" by the usual suspects.

Horace Boothroyd III said...

All too true: in 2013 the kossack party line was that NSA monitoring of our masturbation habits was the *WORST* *THING* *EVER* and that attempts to interrupt the stream of perfervid denunciation with discussion of corporate surveillance was *PROOF* of malignant ties to the national surveillance state. So now it comes out that there really are legitimate security concerns, and we really don't want every bit of our personal information skipping freely across the internets - and maybe the Russians and the Chinese don't actually have our best interests at heart, freedom loving simpletons though they may be. Oops! But not sorry.

Schindler is a complicated source. He does appear to be a legitimate academic authority on some aspects of the Austrian experience in WWI, and I always enjoy chatting with someone who actually knows his business. Then he is from an NSA family and has worked there himself, which means he has the usual chowder of things he knows and things he can't talk about and things he wants you to believe - even if it's not quite true. Finally, he can be inverted-kossackian (in the evil Spock with a goatee sense) in the gibbering rage that he brings to every mention of President Obama; in that sense he likes to play nicey nicey loyal opposition on tee vee, but you better watch your back when the knife comes out.

Related Posts with Thumbnails