• You Want to Commit Espionage with Hacked Personnel Data?

    June 15, 2015

    Tags: , ,
    Posted in: Embassy/State, Military, NSA

    obama-nsa



    Did the most-recent, recent, breach of United States government personnel files significantly compromise American security? Yes. Could a foreign government make use of such information to spy on the United States? Oh my, yes.

    China-based hackers are suspected of breaking into the computer networks of the United States Office of Personnel Management (OPM), the human resources department for the entire federal government. They allegedly stole personnel and security clearance information for at least four million federal workers. The current attack was not the first. Last summer the same office announced an intrusion in which hackers targeted the files of tens of thousands of those who had applied for top-secret security clearances; the Office of Personnel Management conducts more than 90 percent of federal background investigations, including all those needed by the Department of Defense and 100 other federal agencies.

    Why all that information on federal employees is a gold mine on steroids for a foreign intelligence service is directly related to what is in the file of someone with a security clearance.

    Most everyone seeking a clearance starts by completing Standard Form 86, Questionnaire for National Security Positions, form SF-86, an extensive biographical and social contact questionnaire.

    Investigators, armed with the questionnaire info and whatever data government records searches uncover, then conduct field interviews. The investigator will visit an applicant’s home town, her second-to-last-boss, her neighbors, her parents and almost certainly the local police force and ask questions in person. As part of the clearance process, an applicant will sign the Mother of All Waivers, giving the government permission to do all this as intrusively as the government cares to do; the feds really want to get to know a potential employee who will hold the government’s secrets. This is old fashioned shoe-leather cop work, knocking on doors, eye balling people who say they knew the applicant, turning the skepticism meter up to 11.

    Things like an old college roommate who moved back home to Tehran, or that weird uncle who still holds a foreign passport, will be of interest. Some history of gambling, drug or alcohol misuse? Infidelity? A tendency to not get along with bosses? Significant debt? Anything at all hidden among those skeletons in the closet?

    The probe is looking for vulnerabilities, pure and simple. And that’s the scary “why this really matters” part of the China-based hack into American government personnel files.



    America’s spy agencies, like every spy agency, know people are manipulated and compromised by their vulnerabilities. If someone applying for a federal position has too many of them, or even one of particular sensitivity, s/he may be too risky to expose to classified information.

    And that’s because unlike almost everything you see in the movies, the most important intelligence work is done the same way it has been done since the beginning of time. Identify a person with access to the information needed (“Qualifying an agent;” a Colonel will know rocket specifications, a file clerk internal embassy phone numbers, for example.) Learn everything you can about that person. Was she on her college tennis team? Funny thing, your intelligence officer likes tennis, too! Stuff like that is very likely in the files taken from the Office of Personnel Management.

    But specifically, a hostile intelligence agency is looking for a target’s vulnerabilities. They then use that information to approach the target person with a pitch – give us the information in return for something.

    For example, if you learn a military intelligence officer has money problems and a daughter turning college age, the pitch could be money for secrets. A recent divorce? Perhaps some female companionship is desired, or maybe nothing more than a sympathetic new foreign friend to have a few friendly beers with, and really talk over problems. That kind of information is very likely in the files taken from the Office of Personnel Management. And information is power; the more tailored the approach, the more likely the chance of success.

    Also unlike in the movies, blackmail is a last resort. Those same vulnerabilities that dictate the pitch are of course ripe fodder for blackmail (“Tell us the location of the code room or we’ll show these photos of your new female friend to the press.”) However, in real life, a blackmailed person will try whatever s/he can do to get out of the trap. Guilt overwhelms and confession is good for the soul. A friendly approach based on mutual interests and goals (Your handler is a nice guy, with a family you’ve met. You golf together. You need money, they “loan” you money. You gossip about work, they like the details) has the potential to last for many productive years of cooperative espionage.


    So much of what a foreign intelligence service needs to know to create those relationships and identify those vulnerabilities is in those hacked files, neatly typed and in alphabetical order. Never mind the huff and puff you’ll be hearing about identity theft, phishing and credit reports.

    Espionage is why this hack is a big, big deal.



    Related Articles:




    Copyright © 2017. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity. Follow me on Twitter!

    Facebooktwittergoogle_plusredditpinterestlinkedin
  • Recent Comments

    • RICH BAUER said...

      1

      Oh DCOTP, you’ve done it again. Bless your fucking incompetence.

      06/15/15 8:37 AM | Comment Link

    • RICH BAUER said...

      2

      Every current and former fed employee has the right to sue for negligence. Everyone responsible knew the OPM system was a joke and did nothing about it.

      Speaking of jokes on US: http://www.miaminewtimes.com/news/florida-health-department-to-tourists-dont-worry-about-that-flesh-eating-bacteria-7685069

      Call it “Mini-Jaws.” It’s safe to swim in the ocean as long as you are not bleeding.

      06/15/15 9:10 AM | Comment Link

    • Kyzl Orda said...

      3

      What’s to stop whomever hacked this — from selling to other parties or sharing the info with other foreign and hostile entities?

      06/15/15 9:28 AM | Comment Link

    • RICH BAUER said...

      4

      I’m worried they will sell it to telemarketers.

      06/15/15 9:35 AM | Comment Link

    • RICH BAUER said...

      5

      The DCOTP, which is guilty of giving classified information to foreign powers by its incompetence, accuses Edward Snowden, who is guilty of exposing the threat of blackmail by the government’s illegally gathered data.

      https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden-files-journalism-worst-also-filled-falsehoods/

      06/15/15 10:01 AM | Comment Link

    • RICH BAUER said...

      6

      Obama’s legacy – Blackmail

      06/15/15 10:04 AM | Comment Link

    • starknakedtruth said...

      7

      At what point does the US government’s incompetence become liable for a class action lawsuit by those people whose information was compromised?

      06/15/15 10:48 AM | Comment Link

    • Bruce said...

      8

      Yes, he $CAM$ (e.g., TAA, Medicare, TPA, TPP, TTIP, TiSA, et al)! And, he Hasn’t SEEN US Feds’ $abotage, YET!

      06/15/15 5:26 PM | Comment Link

    • John Poole said...

      9

      You’d think that those who were paid nicely for keeping information about federal employees secure and failed miserably would be fired immediately. Will anyone lose their job? It doesn’t seem to happen in this administration.

      06/15/15 6:09 PM | Comment Link

    • bloodypitchfork said...

      10

      quote”Espionage is why this hack is a big, big deal.”unquote

      note to self.

      Buy stock in “typewriter and filing cabinet” companies.
      🙂

      I don’t know who said it, but the axiom “no information is safe if it’s digitized” has now been proved.

      However, I’ve been saying something else for years. At some point, digital will come back and bite us in the ass. And now it’s too late do revert to analog. It’s almost as if, some one planned it this way. Like DARPA. Orwell must be rolling on the floor in gut splitting laughter. I know I am. The DFCOTP is a massive understatement.

      06/16/15 6:23 AM | Comment Link

    • bloodypitchfork said...

      11

      On the other hand, there’s something awfully strange about this whole story.

      First off, do you really believe everything the Federal government tells you? Given the astounding revelations at the Intercept, of blatant stenography of government lies by the Sunday Times, as linked above by Rich, it seems this story of the OPM hack is a setup to convince the American public that we must hand over what’s left of our “privacy” by virtue of our now compromised “national security”, and let the government enact new “cyber” laws that would make the Founders spit in our face.

      The proof will be if no one gets fired over this “alleged” hack. I mean, isn’t it strange this happened within days of the Congressional fight over passing a “cyber” bill, which didn’t pass??

      Even if it did happen, WHY would the USG allow the world to find out? I mean, it would appear that given the classified nature of the info, I would think they would have done every thing in their power to keep this story from leaking out. After all, notwithstanding making the USG look like pathetic incompetent morons on steroids, considering the absolute mind boggling digital power of the NSA, and the FBI’s insistence for Congress to pass laws allowing “back doors” built into communication devices, it would appear that failure of the premier collector and holder of the USG’s largest classified personnel information database to protect this data with the latest and greatest encryption scheme, will go down in history next to Pearl Harbor. Only this time, it happened without a single shot being fired.

      In fact, I submit, if this indeed happened, heads are exploding exponentially across WDC. But given Obama’s latest example of Great Moments in Stupidity by virtue of his “ordering” IMMEDIATE MASSIVE overhaul of government IT, it will become blindingly clear in the next few weeks that the nature of the Federal bureaucracy will prove impossible to do anything but make a mockery of itself. To which, I’ve got $1k that says the party that allegedly did this hack.. is also rolling on the floor in gut splitting laughter, knowing the USG is now running around, and will continue to run around for the next 5 years, like chickens with their heads cut off… Here is the living proof…..

      http://carnal0wnage.attackresearch.com/2015/06/hard-to-sprint-when-you-have-two-broken.html?utm_content=buffere4512&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

      er… make that…with both legs cut off.

      This one will make the roll out of Obamacare look like a group of children flailing about trying to knock open a pinata.

      Meanwhile..I’m betting those who are planning the next series of armed civil disobedience gatherings in various states are betting THEIR story will soon force the MSM to confront their lack of reporting, as this movement is growing exponentially, to the point, at some point, armed confrontation by the government is inevitable, as Mike Vanderbough succinctly illustrates..”We Will Not Comply” to UN-Constitutional laws…. is about to erupt nation wide.

      http://sipseystreetirregulars.blogspot.com/2015/06/once-again-i-have-folks-asking-me-not.html

      Indeed. Given the hack, I’d submit the USG is getting real fucking nervous about now. To the point…it WILL make the biggest mistake in our history. You betcha.

      06/16/15 7:35 AM | Comment Link

    • John Poole said...

      12

      Obama wearing headphones making sure he got to hear everything any citizen said at any time and place was in the league of Mr. Fish’s cartoon of Obama talking to MLK about his dreams.

      06/16/15 10:12 AM | Comment Link

    • RICH BAUER said...

      13

      Pitch,

      I don’t believe everything this corrupt government says. Hell, I don’t believe half of what this corrupt government says. And when it comes to matters of national security and the abuse of power, no one should believe anything this corrupt government says, given its Stellar Wind performance and the bogus WMD reports and the laughable Anthrax Attacks investigation. The OPM debacle is just another example of criminality masquerading as incompetence. They were all inside jobs.

      06/16/15 1:13 PM | Comment Link

    • starknakedtruth said...

      14

      For the record, I believe nothing of what the thoroughly corrupted US government says…

      06/16/15 2:08 PM | Comment Link

    • bloodypitchfork said...

      15

      Rich said..

      quote”Hell, I don’t believe half of what this corrupt government says”unquote

      I know YOU don’t. My comment was directed tongue in cheek at the DFCOTP, of which, I’d submit 90% believe EVERYTHING that the government says. After all..if the government says it..it must be true.

      Not.

      🙂

      06/16/15 3:35 PM | Comment Link

    • bloodypitchfork said...

      16

      Well well well. …

      quote”The Chinese Communists now have a list of the names and addresses of every single owner of a full-auto weapon in the country. A more powerful argument against national registration of firearms of any kind could not be made. Presumably if the ChiComs can carry off such a hack, any reasonably sophisticated criminal gang these days could accomplish the same thing. “unquote

      http://sipseystreetirregulars.blogspot.com/2015/06/an-unconfirmed-but-persistent-rumor.html

      As Mike says..this may or may not be true, but as he also says, any criminal gang could hack the list of every owner of a 50 caliber machine gun. Oh, didn’t you know citizens have a right to own a machine gun? Well, it depends on if you “meet” certain requirements. But if you do, you can. My last boss owned TWO, and one of those high powered 50 caliber sniper rifles as well. I watched him hit a target a mile away. Unbelievable. Of course, he was an ex secret commando type sniper. That may have something to do with it. 🙂

      06/17/15 6:45 AM | Comment Link

    Leave A Comment

    Mail (will not be published) (required)

IP Blocking Protection is enabled by IP Address Blocker from LionScripts.com.