Chinese Cyber Attack on OPM

WASHINGTON (AP) — Hackers linked to China have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, U.S. officials said Friday, describing a cyberbreach of federal records dramatically worse than first acknowledged.

The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant's Social Security number and that of his or her cohabitant is required.

In a statement, the White House said that on June 8, investigators concluded there was "a high degree of confidence that ... systems containing information related to the background investigations of current, former and prospective federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated."

"This tells the Chinese the identities of almost everybody who has got a United States security clearance," said Joel Brenner, a former top U.S. counterintelligence official. "That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That's a gold mine. It helps you approach and recruit spies."

The Office of Personnel Management, which was the target of the hack, did not respond to requests for comment. OPM spokesman Samuel Schumach and Jackie Koszczuk, the director of communications, have consistently said there was no evidence that security clearance information had been compromised.

The White House statement said the hack into the security clearance database was separate from the breach of federal personnel data announced last week — a breach that is itself appearing far worse than first believed. It could not be learned whether the security database breach happened when an OPM contractor was hacked in 2013, an attack that was discovered last year. Members of Congress received classified briefings about that breach in September, but there was no public mention of security clearance information being exposed.

Nearly all of the millions of security clearance holders, including some CIA, National Security Agency and military special operations personnel, are potentially exposed in the security clearance breach, the officials said. More than 4 million people had been investigated for a security clearance as of October 2014, according to government records.

Regarding the hack of standard personnel records announced last week, two people briefed on the investigation disclosed Friday that as many as 14 million current and former civilian U.S. government employees have had their information exposed to hackers, a far higher figure than the 4 million the Obama administration initially disclosed.

American officials have said that cybertheft originated in China and that they suspect espionage by the Chinese government, which has denied any involvement.

The newer estimate puts the number of compromised records between 9 million and 14 million going back to the 1980s, said one congressional official and one former U.S. official, who spoke to The Associated Press on condition of anonymity because information disclosed in the confidential briefings includes classified details of the investigation.

There are about 2.6 million executive branch civilians, so the majority of the records exposed relate to former employees. Contractor information also has been stolen, officials said. The data in the hack revealed last week include the records of most federal civilian employees, though not members of Congress and their staffs, members of the military or staff of the intelligence agencies.

On Thursday, a major union said it believes the hackers stole Social Security numbers, military records and veterans' status information, addresses, birth dates, job and pay histories; health insurance, life insurance and pension information; and age, gender and race data.

The personnel records would provide a foreign government an extraordinary roadmap to blackmail, impersonate or otherwise exploit federal employees in an effort to gain access to U.S. secrets —or entry into government computer networks.

Outside experts were pointing to the breaches as a blistering indictment of the U.S. government's ability to secure its own data two years after a National Security Agency contractor, Edward Snowden, was able to steal tens of thousands of the agency's most sensitive documents.

After the Snowden revelations about government surveillance, it became more difficult for the federal government to hire talented younger people into sensitive jobs, particularly at intelligence agencies, said Evan Lesser, managing director of ClearanceJobs.com, a website that matches security-clearance holders to available slots.

"Now, if you get a job with the government, your own personal information may not be secure," he said. "This is going to multiply the government's hiring problems many times."

The Social Security numbers were not encrypted, the American Federation of Government Employees said, calling that "an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce."

"Unencrypted information of this kind this is disgraceful — it really is disgraceful," Brenner said. "We've had wakeup calls now for 20 years or more, and we keep hitting the snooze button."

The OPM's Schumach would not address how the data was protected or specifics of the information that might have been compromised, but said, "Today's adversaries are sophisticated enough that encryption alone does not guarantee protection." OPM is nonetheless increasing its use of encryption, he said.

The Obama administration had acknowledged that up to 4.2 million current and former employees whose information resides in the Office of Personnel Management server are affected by the December cyberbreach, but it had been vague about exactly what was taken.

J. David Cox, president of the American Federation of Government Employees, said in a letter Thursday to OPM director Katherine Archuleta that based on incomplete information OPM provided to the union, "the hackers are now in possession of all personnel data for every federal employee, every federal retiree and up to 1 million former federal employees."

Another federal employee group, the National Active and Retired Federal Employees Association, said Friday that "at this point, we believe AFGE's assessment of the breach is overstated." It called on the OPM to provide more information.

Former Rep. Mike Rogers, one-time chairman of the House Intelligence Committee, said last week that he believes China will use the recently stolen information for "the mother of all spear-phishing attacks."

Spear-phishing is a technique under which hackers send emails designed to appear legitimate so that users open them and load spyware onto their networks.

--------------------------------------------------------------------------------------------------------------------------------------------------------
Not good at all. This one pisses me off quite a bit.

 

We have members here who should be concerned with this (myself included). This is our private information (SSN, family members names/addresses, every foreign contact we have had, any debts we may have, medical conditions, basically our entire private lives......they chinese know everything about us and our loved ones). The information on a SF 86 is enough to do anything a person wants with our names; buy a house/car, take out credit...... I know that every government spies and attempts to gain access to private systems of other countries. The purpose of posting was to warn any members that have filled out an SF 86.

It appears that I forgot an important link in my OP. If anyone feels that this may concern them the government is offering services for free to protect your name from fraudsters. OPM | CSID

 

BTW: This concerns not only Americans as we are required to put down any and all foreign contacts that we know on this form (this includes Brits, Australians, Germans, Filipinos and so on.) You are supposed to write down anyone that has said more than "hello" to you. Personally, I limited it to only close contacts (my gf and close friends). If war ever broke out guess who gets looked at first and treated as enemies of China.

 

Such as writing down "Jack Peterson: UK National - retired military - type of contact: online acquaintance" on the SF 86 (a form used to apply for a US Secret Clearance). It goes on to ask if the person had ever inquired about my job, asked about sensitive information or if I have ever financially supported that person.

During my last interview I was informed that I had to write down any and all foreign contacts I have ever met in my life (p*ss off, I would need my own personal scribe to follow me around and take notes to remember all those names and nationalities). The woman giving the interview was not being entirely truthful on the rules though. Foreign Contacts Pose Questions for Security Clearance Applicants - ClearanceJobs (Best to go the "I don't know" route unless you wish to spend the next month trying to recall every single person you have ever met from another country.)

Spoiler: SF 86 Foreign Contacts/Activities

6.3.11 Section 19 – Foreign Contacts

• A foreign national is defined as any person who is not a citizen or national of the U.S.
• You must indicate whether you have or have had close and/or continuing contact with a foreign national within the last seven years with whom you, or your spouse, or cohabitant are bound by affection, influence, common interests, and/or obligation.
• If you have, you will be prompted to provide additional information.
• Include associates as well as relatives not previously listed in Section 18 (Relatives).

6.3.12 Section 20a – Foreign Activities

• You must indicate whether you, your spouse, your cohabitant, or any of your dependent children have EVER had any foreign financial interests such as stocks, property, bank accounts, businesses or investments.
• Exclude financial interests in companies or diversified mutual funds that are publicly traded on a U.S. exchange.
• If you answer “Yes,” you will be prompted to provide additional information.

https://www.opm.gov/investigations/e-qip-application/completingsf86.pdf

That is what we are supposed to write down. Basically, if you are a friend or share "common interests" (is Dumaguete a common interest?) with a foreign national....this includes people your spouse/gf might know as well...you have to give that information to the USG.

Note: this is just what an applicant would write on the form. The government would go on to add notes about the people listed on SF86 as they did their investigation. So they very well might include more personal information about people listed on the form. And the Chinese now have all of this.

 

I reported several Iranians and my gf also had no documentation that proved she existed at the time I filled it out the form (and when I got to the actual interview her name had changed (her BC had a different name on it from what she had always thought her name was lol). Given all that I didn't think there would be anyway I would get the clearance. I ended up having to fly back to the US to answer several questions about the information I submitted. The main problem: I stated that I owed over 170k USD to the USG in unpaid taxes. Turned out they could have cared less about the Iranians or my gf, the interview was entirely about unpaid taxes.....which I didn't actually owe. That was an expensive typo.

I suspect if you applied during the cold war the USG would have problems with you having close ties to communists though.