National Security & Defense

The Corner

How Much Worse Can the China Data Hacking Get?

First, as John Schindler, a Naval War College professor and former NSA employee, explains, it’s gradually being revealed that the Chinese hackers who broke into the federal government’s Office of Personnel Management got more than just, say, the Social Security numbers of federal employees. The Times reports that intelligence officials are now telling members of Congress that huge swaths of data on federal employees, including information like contacts with foreign nationals (ahem, including Chinese nationals) disclosed on background-investigation forms, was probably stolen. If the hackers have all the information that goes into said forms, held by the OPM . . . Schindler explains:

Whoever now holds OPM’s records possesses something like the Holy Grail from a CI perspective.  They can target Americans in their database for recruitment or influence. After all, they know their vices, every last one — the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side (perhaps with someone of a different gender than your normal partner) — since all that is recorded in security clearance paperwork (to get an idea of how detailed this gets, you can see the form, called an SF86,here).

Do you have friends in foreign countries, perhaps lovers past and present? They know all about them. That embarrassing dispute with your neighbor over hedges that nearly got you arrested? They know about that too. Your college drug habit? Yes, that too. Even what your friends and neighbors said about you to investigators, highly personal and revealing stuff, that’s in the other side’s possession now.

More:

OPM seems to have initially low-balled just how serious the breach actually was. Even more disturbing, if predictable, is a new report in the New York Times that case “investigators believe that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.”

We can safely replace “may” in that quote with “almost certainly did” since for Chinese intelligence that would be some of the most valuable information in any of those millions of OPM files. Armed with lists of Chinese citizens worldwide who are in “close and continuing contact” (to cite security clearance lingo) with American officials, Beijing can now seek to exploit those ties for espionage purposes.

And to add insult to injury, the federal government may have been less than forthcoming about how the breach was uncovered. The Journal reports:

Last week, the Office of Personnel Management disclosed that hackers had breached its networks, warning that the personnel records of roughly four million people—many of them current or former government workers—could have been stolen. At the time, OPM said the breach was discovered as the agency “has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks.”

But four people familiar with the investigation said the breach was actually discovered during a mid-April sales demonstration at OPM by a Virginia company called CyTech Services, which has a networks forensics platform called CyFIR. CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network. Investigators believe the hackers had been in the network for a year or more.

An OPM spokesman didn’t respond to a request for comment.

Great.

Patrick Brennan — Patrick Brennan is a writer and policy analyst based in Washington, D.C. He was Director of Digital Content for Marco Rubio's presidential campaign, writing op-eds, policy content, and leading the ...

Most Popular

U.S.

The Gun-Control Debate Could Break America

Last night, the nation witnessed what looked a lot like an extended version of the famous “two minutes hate” from George Orwell’s novel 1984. During a CNN town hall on gun control, a furious crowd of Americans jeered at two conservatives, Marco Rubio and Dana Loesch, who stood in defense of the Second ... Read More
Film & TV

Why We Can’t Have Wakanda

SPOILERS AHEAD Black Panther is a really good movie that lives up to the hype in just about every way. Surely someone at Marvel Studios had an early doubt, reading the script and thinking: “Wait, we’re going to have hundreds of African warriors in brightly colored tribal garb, using ancient weapons, ... Read More
Law & the Courts

Obstruction Confusions

In his Lawfare critique of one of my several columns about the purported obstruction case against President Trump, Gabriel Schoenfeld loses me — as I suspect he will lose others — when he says of himself, “I do not think I am Trump-deranged.” Gabe graciously expresses fondness for me, and the feeling is ... Read More
Science & Tech

Set NASA Free

The Trump administration has proposed shifting the International Space Station from a NASA-exclusive research facility to a semi-public, semi-private one. Its plan would nix all government funding for the ISS by 2025 and award at least $150 million per year to NASA to help with the transition. This would be a ... Read More