Friday, June 26, 2015

The OPM Hacking Attack Is Fast Becoming A Sputnik Crisis

Posted: 6/26/2015

Trigger

This week (e.g. here, here) we learnt that the hack into the U.S. Office of Personnel Management was far more serious than previously acknowledged by the administration. China is alleged to have perpetrated it.

I use Sputnik Crisis here in a polemic sense.

Hacking Attack On The German Bundestag

Recently, the German parliament was target of a massive hacking attack into their computer systems as reported around June of this year (see e.g. here). The Russians are believed to have perpetrated this one.

China Drove Home Another Lesson

In 2007, China killed a satellite in space.

“Way back in March 2014, OPM knew that Chinese hackers had accessed its system without having downloaded files. So the agency was on notice as a target.” (Source). Incredibly, the Chinese probed their target first a year ahead of their two main attacks and the Obama administration was sleeping at the switch like a leader from behind.

We also learnt this week, what the attackers were really after: Millions of background check documents (e.g. security clearing forms)! An excellent Wall Street Journal Opinion page article (Obama’s Cyber Meltdown The Chinese attack on federal personnel files keeps getting worse.) described in great detail how harmful this breach is to e.g. U.S. spies anywhere in the world. This is a very serious blow to the U.S.!

Salient excerpts from the article above:
  1. “These include reports on Americans who work for, did work for, or attempted to work for the Administration, the military and intelligence agencies. They even include Congressional staffers who left government—since their files are also sent to OPM.”
  2. “This means the Chinese now possess sensitive information on everyone from current cabinet officials to U.S. spies. Background checks are specifically done to report personal histories that might put federal employees at risk for blackmail.”
  3. “These background checks are also a treasure trove of names, containing sensitive information on an applicant’s spouse, children, extended family, friends, neighbors, employers, landlords. Each of those people is also now a target, and in ways they may not contemplate. In many instances the files contain reports on applicants compiled by federal investigators, and thus may contain information that the applicant isn’t aware of.
    Of particular concern are federal contractors and subcontractors,  ...”
  4. “The volume of data also allows the Chinese to do what the intell pros call “exclusionary analysis.” [process of elimination] We’re told, for instance, that some highly sensitive agencies don’t send their background checks to OPM. So imagine a scenario in which the Chinese look through the names of 30 State Department employees in a U.S. embassy. Thanks to their hack, they’ve got information on 27 of them. The other three they can now assume are working, undercover, for a sensitive agency. Say, the CIA.”
  5. “Or imagine a scenario in which the Chinese cross-match databases, running the names of hacked U.S. officials against, say, hotel logs. They discover that four Americans on whom they have background data all met at a hotel on a certain day in Cairo, along with a fifth American for whom they don’t have data. ”

I am not sure whether this obstinate moron in the White House really understands what happened here, if this is true!

No comments: