Bryan brought my attention to this blog item by a national security expert:
The other day I explained in detail how the mega-hack of the Office of Personnel Management’s internal servers looks like a genuine disaster for the U.S. Government, a setback that will have long-lasting and painful counterintelligence consequences. In particular I explained what the four million Americans whose records have been purloined may be in for:
Whoever now holds OPM’s records possesses something like the Holy Grail from a CI perspective. They can target Americans in their database for recruitment or influence. After all, they know their vices, every last one — the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side (perhaps with someone of a different gender than your normal partner) — since all that is recorded in security clearance paperwork (to get an idea of how detailed this gets, you can see the form, called an SF86,here).
Do you have friends in foreign countries, perhaps lovers past and present? They know all about them. That embarrassing dispute with your neighbor over hedges that nearly got you arrested? They know about that too. Your college drug habit? Yes, that too. Even what your friends and neighbors said about you to investigators, highly personal and revealing stuff, that’s in the other side’s possession now.
The bad news keeps piling up with this story, including reports that OPM records may have appeared, for sale, on the “darknet.” Moreover, OPM seems to have initially low-balled just how serious the breach actually was. Even more disturbing, if predictable, is a new report in the New York Times that case “investigators believe that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.”
Yikes. I had no idea that this sort of information had been compromised. If you read a lot of spy novels the way I do, you can see how valuable such information would be for someone looking to recruit Americans to spy on America. And even if you don’t, the danger should be self-evident.
Related Posts
We’re all Icarus, aren’t we? The speed and convenience of computers and the internet has swept us up in its grip and we’re not going back, but ultimately every single bit of information about us is less secure than it was back in the good old days when stealing this sort of information would have required an old-fashioned break-in and rummaging through some file cabinets (Watergate-style).
Indeed.
I’m just waiting until someone tells me this security breach is why we need to spend eleventy billion more on cyber security.
“I am Icarus.” “I am Icarus.” “i am Icarus.”
In Breughel’s Icarus, for instance: how everything turns away
Quite leisurely from the disaster; the ploughman may
Have heard the splash, the forsaken cry,
But for him it was not an important failure; the sun shone
As it had to on the white legs disappearing into the green
Water, and the expensive delicate ship that must have seen
Something amazing, a boy falling out of the sky,
Had somewhere to get to and sailed calmly on.
I thought they were all saying, “I am Spartacus”… 🙂
Seriously, that’s a great poem.
And Bryan — we need to spend eleventy billion more on cyber-security…
I think, when I start my band, I’ll write a song about the Auden poem.
Then we’d have a song about a poem about a painting about a myth…
Auden is da man….
I love how every single screw-up or instance of incompetency is followed by calls for MOAR FUNDING!
In the world where I live, screw-ups and incompetence are followed by negative consequences.
But there are screwups and incompetence caused by lack of funding to hire the competent or to ensure adequate quality equipment and personnel …
Without going into any detail about the use of IT in government, one fact I know for sure. Most of the IT functions for the government are outsourced to firms located not only in the US but in other countries as well. The pay is outstanding and a decent IT specialist can make a six figure income without any problem if he or she has enough training and experience. In some instances, experience for the particular field is not required as long as the individual has enough credentials that are loosely related to the field they are hired for.
Hundreds of millions are spent annually for IRS process and security as just one example. The company that employed Snowden is a prime example. They have contracts into the hundreds of millions with the government even today. His actions did not do any harm to Booze Allen at all.
The SC DoR hack was reportedly a result of skimping, though.
Hey, I have very few problems that would not be solved by, as you say, MOAR funding…