First, as John Schindler, a Naval War College professor and former NSA employee, explains, it’s gradually being revealed that the Chinese hackers who broke into the federal government’s Office of Personnel Management got more than just, say, the Social Security numbers of federal employees. The Times reports that intelligence officials are now telling members of Congress that huge swaths of data on federal employees, including information like contacts with foreign nationals (ahem, including Chinese nationals) disclosed on background-investigation forms, was probably stolen. If the hackers have all the information that goes into said forms, held by the OPM . . . Schindler explains:
Whoever now holds OPM’s records possesses something like the Holy Grail from a CI perspective. They can target Americans in their database for recruitment or influence. After all, they know their vices, every last one — the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side (perhaps with someone of a different gender than your normal partner) — since all that is recorded in security clearance paperwork (to get an idea of how detailed this gets, you can see the form, called an SF86,here).
Do you have friends in foreign countries, perhaps lovers past and present? They know all about them. That embarrassing dispute with your neighbor over hedges that nearly got you arrested? They know about that too. Your college drug habit? Yes, that too. Even what your friends and neighbors said about you to investigators, highly personal and revealing stuff, that’s in the other side’s possession now.
OPM seems to have initially low-balled just how serious the breach actually was. Even more disturbing, if predictable, is a new report in the New York Times that case “investigators believe that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.”
We can safely replace “may” in that quote with “almost certainly did” since for Chinese intelligence that would be some of the most valuable information in any of those millions of OPM files. Armed with lists of Chinese citizens worldwide who are in “close and continuing contact” (to cite security clearance lingo) with American officials, Beijing can now seek to exploit those ties for espionage purposes.
And to add insult to injury, the federal government may have been less than forthcoming about how the breach was uncovered. The Journal reports:
Last week, the Office of Personnel Management disclosed that hackers had breached its networks, warning that the personnel records of roughly four million people—many of them current or former government workers—could have been stolen. At the time, OPM said the breach was discovered as the agency “has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks.”
But four people familiar with the investigation said the breach was actually discovered during a mid-April sales demonstration at OPM by a Virginia company called CyTech Services, which has a networks forensics platform called CyFIR. CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network. Investigators believe the hackers had been in the network for a year or more.
An OPM spokesman didn’t respond to a request for comment.