As was mentioned just the other day, all U.S. intelligence agencies have been compromised in addition to all other government entities that were attacked.
The White House has admitted that systems containing deeply personal information, submitted by current, former and prospective federal government employees for security clearances, had been “exfiltrated.” If the breach of the Office of Personnel Management (OPM) was conducted by hackers linked to China, as suspected, access to the Standard Form 86 submitted by an estimated 41 million federal employees provided them with what may be the world’s largest stolen data base of US intelligence and military personnel.
This is a “gold mine” of unencrypted data that leave US intelligence officers, for example, open to blackmail or coerced recruitment.
While officials speak of two hacks, debkafile’s cyber security and intelligence experts report that it was a single breach and is still ongoing. Known to experts as an “Advanced Persistent Threat,” it amounts to slow, continuous penetration by a computer virus, planted in an individual computer of a network which duplicates itself gradually and insidiously.
The bad news is that it is not over and the damage may not be reversible. Not only was it discovered belatedly, but more of those malware particles are certainly buried inside communications and data bases serving OPM, waiting for a remote signal from the hackers’ command and control centers, which are believed to be working for China.
According to our experts, it is almost impossible to totally sanitize all the affected computers, servers, switches and other components. The only practical remedy would be for the OPM to totally segregate its computers from the public Internet and severely restrict and supervise data transfers into the system’s different segments. This device would act like highway roadblocks that allow police officers to inspect each individual vehicle.
According to the information published by cyber intelligence magazines, the hackers got away with copies of every Standard Form 86 filed by US intelligence and security personnel and passed it on to an unknown destination.
This form lists mental illnesses, drug and alcohol use, past arrests and bankruptcies. Applicants are required to list contacts and relatives, potentially exposing any foreign relatives of US intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant are required, as well as driver’s license, passport and phone numbers.
The hack made available to a foreign agency all the personal particulars including photos of every officer employed by US security agencies.
China is believed to possess the biggest data base in the world, larger even than the US National Security Agency. Its super computers are operated and maintained by thousands of staff around the clock, their data bases constantly supplemented by information hacked from every US institution, public or private.
Full article: The biggest heist of secret US personnel data in cyber history is still ongoing (DEBKAfile)