Patterico's Pontifications

6/12/2015

The OPM Hack Worse Than Originally Led To Believe

Filed under: General — Dana @ 6:26 am



[guest post by Dana]

Hackers stole personnel data and Social Security numbers for every federal employee, a government worker union said Thursday, saying that the cyber theft of U.S. employee information was more damaging than the Obama administration has acknowledged. J. David Cox, president of the American Federal of Government Employees, said in a letter to OPM director Katherine Archuleta that based on OPM’s internal briefings, “We believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees.” The OPM data file contains the records of non-military, non-intelligence executive branch employees, which covers most federal civilian employees but not, for example, members of Congress and their staffs. The union believes the hackers stole military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; and age, gender and race data, he said.

How bad is it?:

The other day I explained in detail how the mega-hack of the Office of Personnel Management’s internal servers looks like a genuine disaster for the U.S. Government, a setback that will have long-lasting and painful counterintelligence consequences. In particular I explained what the four million Americans whose records have been purloined may be in for: Whoever now holds OPM’s records possesses something like the Holy Grail from a CI perspective. They can target Americans in their database for recruitment or influence. After all, they know their vices, every last one — the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side (perhaps with someone of a different gender than your normal partner) — since all that is recorded in security clearance paperwork (to get an idea of how detailed this gets, you can see the form, called an SF86,here). Do you have friends in foreign countries, perhaps lovers past and present? They know all about them. That embarrassing dispute with your neighbor over hedges that nearly got you arrested? They know about that too. Your college drug habit? Yes, that too. Even what your friends and neighbors said about you to investigators, highly personal and revealing stuff, that’s in the other side’s possession now.

What are the dangers of such an extensive breach?

U.S. officials speaking on the condition of anonymity say unequivocally such information was put at serious risk by the OPM hack. Of utmost concern are U.S. employees stationed overseas, including in countries such as China, whose government would covet personal information on relatives and contacts of American officials living in the communist country, according to officials.

“If the SF-86’s associated with this hack were, in their entirety, part of the stolen information, then that would mean the potential release of a staggering amount of information, affecting an exponential amount of people,”

There are claims that the stolen government records are already being sold on the “darknet”.

And to the further embarrassment of the government (via John Ekdahl on Twitter):

According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ’s Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. “CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network,” Paletta and Hughes reported.

Malware may have been in place for over a year.

The White House had been warned in the past of a possible breach, and as recently as November. By then, it was far too late.

But don’t worry, we’re in the best of hands.

–Dana

37 Responses to “The OPM Hack Worse Than Originally Led To Believe”

  1. Good morning.

    Dana (86e864) 6/12/2015 @ 6:27 am

  2. As with the VA, we’ll be told sixty people were fired and, a year later, find none were.
    Don’t see any way to immunize those affected from pressue. OTOH,it’s probably easy to plant something on a computer and “discover” it when convenient, so perhaps this is redundant.

    Richard Aubrey (f6d8de) 6/12/2015 @ 6:32 am

  3. poor federal employees

    happyfeet (831175) 6/12/2015 @ 6:35 am

  4. In the modern world when governmental, industrial, financial or other computers are hacked it is either an act of treason, an act of terrorism or an act of war depending upon who the hacker(s). It should then be dealt with appropriately by punishment, retribution or counter attack in force.

    Hoagie (f4eb27) 6/12/2015 @ 6:39 am

  5. An intelligent government will fire all the critical individuals who might be compromised and thereby pose a danger to national security, and replace them with ones whose personal information is still secure.

    nk (dbc370) 6/12/2015 @ 6:41 am

  6. The best way to make a sale.

    Can we have an official open forum Friday thread? I have some things to ask of the cumulative brain trust for anyone interested in giving their 2cents.

    MD in Philly (f9371b) 6/12/2015 @ 6:58 am

  7. anyone interested in giving their 2cents.

    Typical doctor, MD in Philly. You start out asking for money!

    Hoagie (f4eb27) 6/12/2015 @ 7:38 am

  8. do people here not realize what a massive breach this was?

    seeRpea (0cf003) 6/12/2015 @ 7:38 am

  9. So, any chance the malware happened to pull emails, such as those possibly sent from a certain private email server that only sent messages about yoga and marriage planning?

    Another Anon (f43943) 6/12/2015 @ 8:28 am

  10. We are well and truly f@cked.

    JD (d7747e) 6/12/2015 @ 9:47 am

  11. well, ti’m certainly glad i threw away the only SF-86 anyone ever handed me to fill out…

    i got about 10 pages in and decided that Uncle Sam didn’t have need to know all the info he wanted me to give him, what with me being just another NG E-4 in a divisional Cav squadron.

    they came back the next month and asked where mine was: i told them i had turned it in already, and that was the last i heard of it.

    redc1c4 (6d1848) 6/12/2015 @ 9:52 am

  12. The government will be asking for more money to deal with this problen in 3, 2, …

    felipe (56556d) 6/12/2015 @ 10:14 am

  13. I know what to say and wont’.

    Idiots.

    The Empty Chair would be a VAST improvement over the Man with the Minus Touch.

    htom (4ca1fa) 6/12/2015 @ 12:05 pm

  14. do people here not realize what a massive breach this was?

    i’m panicking as we speak for reals

    i wonder if this means they also have Hillary’s emails???

    christ on a cracker

    I’m beginning to question the government’s competence

    happyfeet (831175) 6/12/2015 @ 12:22 pm

  15. Utter incompetence by federal officials and yet as all-inclusive as the lost data is about the lives of current and former government employees it pales in comparison to what google and other commercial aggregators know about us. Whatever data the feds are going to keep on us needs to be stored and protected properly but perhaps it’s time to rethink this whole process. As manpower intensive and time-consuming as the background investigation process is maybe there’s an opportunity here to redesign this mess and bring it into the 21st century.

    crazy (cde091) 6/12/2015 @ 12:35 pm

  16. like
    a
    boss

    happyfeet (831175) 6/12/2015 @ 4:08 pm

  17. you think your friend snowden, didn’t give them some tips

    narciso (ee1f88) 6/12/2015 @ 4:11 pm

  18. oh man i think his birthday’s coming up

    i’m thinking mini-cheesecake sampler

    happyfeet (831175) 6/12/2015 @ 4:17 pm

  19. Well, you know, Prom Queen did tell Vlad he could be more flexible after his reelection.

    Maybe we’re only now learning how flexible.

    Yeah, Team America!

    Steve57 (48418e) 6/12/2015 @ 4:29 pm

  20. Hey, kids!

    Let’s put all our medical records on government computers.

    Yeah, Obamacare!

    Steve57 (48418e) 6/12/2015 @ 4:32 pm

  21. i just want everything to go back like it was

    you know

    before

    happyfeet (831175) 6/12/2015 @ 4:33 pm

  22. The details of TPA/TPP must be kept secret.

    Hey, kids, let’s hire a SecState who’ll store that data on an unencrypted private email server.

    Yeah, team China hackers!

    Steve57 (48418e) 6/12/2015 @ 4:34 pm

  23. 21. i just want everything to go back like it was

    you know

    before
    happyfeet (831175) — 6/12/2015 @ 4:33 pm

    I want a world where I can watch the Adam’s Family on TV instead of the Kardashians.

    Ain’t gonna happen.

    Steve57 (48418e) 6/12/2015 @ 4:37 pm

  24. I’m serious now, since he was an IT analyst, did Snowden create a back dooe into the Company and other data bases, or other Team Assuange sympathizers,

    narciso (ee1f88) 6/12/2015 @ 4:38 pm

  25. cozi has a whole series of old programs, like the lone ranger, although I don’t think they have Adams Family on this rotation,

    narciso (ee1f88) 6/12/2015 @ 4:41 pm

  26. narciso @24, if you’re right, and Snowden was how many years ago, and there’s a vulnerability we just discovered, shouldn’t (pace our illustrious host, I’m speaking figuratively) somebody or several somebodies be crucified?

    Steve57 (48418e) 6/12/2015 @ 4:52 pm

  27. well considering new developments:

    http://20committee.com/2015/06/12/snowden-is-a-fraud/

    recall it took Ephialtes, to show the Persians the back door, to Thermopylae,

    narciso (ee1f88) 6/12/2015 @ 4:57 pm

  28. you can’t make this up:

    https://twitter.com/verumserum/status/609495928051888128

    narciso (ee1f88) 6/12/2015 @ 6:28 pm

  29. Idiot doesn’t even know what “liability insurance” means.

    nk (dbc370) 6/12/2015 @ 6:36 pm

  30. well there’s that, which would total 18 trillion dollars, plus credit monitoring, you know what they were supposed to do before,

    narciso (ee1f88) 6/12/2015 @ 6:40 pm

  31. DEFINITION of ‘Liability Insurance’ Any type of insurance policy that protects an individual or business from the risk that they may be sued and held legally liable for something such as malpractice, injury or negligence.

    BTW, what “liability insurance” did the soldiers whom Bradley Manning sold out get?

    nk (dbc370) 6/12/2015 @ 6:56 pm

  32. i originally was led to believe this hack was bad but now i know it was even worse

    poor federal employees

    FEDERAL EMPLOYEE HACK-RAPE PANCAKE SUPPER

    SAT, JUN 13, LION’S CLUB ANNEX

    bring your friends

    happyfeet (831175) 6/12/2015 @ 7:45 pm

  33. *trigger warning*

    happyfeet (831175) 6/12/2015 @ 7:46 pm

  34. But, But, But, Scooter Libby outed Valerie Plame. One Cia operative being ” outed ” Is a national crisis for the MSM . All intelligence officials personal dossiers handed to the ChiComs – Crickets

    Rick Skalka (78b00e) 6/13/2015 @ 3:06 pm

  35. Fun thought for the day.

    Hillary! the smartest woman in the world thought it was smart to do her SecState work on an unencrypted and unprotected homebrew server.

    The kind of work product the Obama administration now insists when it comes to TPP/TPA is so secret our Congresscritters can only look at in a basement room, no notes or copies allowed, nor is any discussion of what they’ve seen permitted.

    This is what was on Hillary!’s server. Her private, unencrypted, unprotected server.

    Steve57 (48418e) 6/14/2015 @ 3:13 am

  36. This is what was on Hillary!’s server. Her private, unencrypted, unprotected server.

    But in the light of this hack, it seems the Hillary PC was as safe and secure as a government server.

    kishnevi (adea75) 6/14/2015 @ 5:57 am

  37. I’d have to squint really hard and peer through the right prism (rejecting the first dozen) after drinking ten Martinis to see that right light, kishnevi.

    Steve57 (48418e) 6/14/2015 @ 12:06 pm


Powered by WordPress.

Page loaded in: 0.0967 secs.