You think it has to get better at some point, but it never does.
More news keeps coming out regarding the suspected Chinese government hack of the Office of Personnel Management and it only gets worse with each new bit.
Where to begin?
- On June 4, when OPM announced the data breach of more than 4 million government employees, they stated that “additional PII exposures may come to light.” However, by that time they had already been aware of and alerted congress to a second breach where hackers also penetrated a database containing security background forms, which some consider the “crown jewels.” It is still not known how many people were affected by the second breach.
- What makes these background forms the “crown jewels”? The stolen records include information on intelligence and military personnel. It is suspected that the hackers made off with data related to Standard Form-86, which has information related to “financial trouble, past convictions, drug use and close relationships with citizens of other countries,” and is used for background checks of current, former and prospective federal employees. According to Joel Brenner, a former NSA senior counsel, “this is crown jewels material … a gold mine for a foreign intelligence service.”
- This could have resounding consequences for the U.S. intelligence community because as former officials have noted, it would make it extremely difficult for anyone in the database to operate in a covert capacity. “This is not the end of American human intelligence, but it’s a significant blow,” said Brenner.
- Additionally, this information can be combed to piece together other secrets. According to a former Navy special security officer, “Chinese agents could search the database for instances when agents with NSA covers were in the same place at the same time and make reasonable deductions about what they were doing there.” Experts warn that any DoD related agencies including NSA and the Defense Intelligence Agency could be accessed through OPM. However, the CIA should be insulted from the breach because they hold all information internally, not trusting outside agencies with their employees personal information.
- However, experts are saying that this is not the cyber Pearl Harbor.
- Many are warning that the scope of the breach is significantly more then the previously reported 4 million.
- OPM Director Katherine Archuleta told members of Congress that OPM IT systems were “too old” to use encryption. As you might imagine that didn’t go over well. However, DHS’s Andy Ozment argued in a separate hearing encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked, he said.
- During a hearing Oversight Chairman Jason Chaffetz has called for the president to fire OPM Director Katherine Archuleta and Chief Information Officer Donna Seymour.