Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Senator Sasse: The OPM Hack May Have Given China a Spy Recruiting Database

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 10 Jul 2015 07:06:46 +0000 (UTC)
http://www.wired.com/2015/07/senator-sasse-washington-still-isnt-taking-opm-breach-seriously/

By Senator Ben Sasse
Security
Wired.com
07.09.15
AS A NEWLY elected Senator, I am here to tell you a hard truth: Washington does not take cybersecurity seriously.
But you probably already knew that if you’ve read anything about the massive OPM data breach. To recap today’s news from OPM, since 2013, a malicious attacker—likely the Chinese government—breached government databases and stole information on some 21 million federal employees. This included personal information like addresses and Social Security numbers. Most of these people held security clearances and for them it also included nearly 150 pages of material in what are called Standard Form 86s (SF-86), which detail nearly every aspect of their lives.
Here’s the kicker: despite today’s jaw-dropping news, the attackers were in our networks so long that it may still be a while before we figure out everything they stole. Most news coverage has centered on federal employees. But that’s an incomplete picture because it’s now clear many victims never worked for the federal government. When applying for a security clearance with the SF-86, applicants list their family members, neighbors, co-workers, foreign contacts, and even college roommates.
What this means is that not only do the hackers know lots of sensitive information about millions of government employees, they also know a great deal about many of the people they know and love. The implications for threats, intimidation, and blackmail are chilling. “Oh, you don’t want to sell out your country? OK, we get it. By the way, your parents still live at 2911 Rainbow Drive, right?” 

China may now have the largest spy-recruiting database in history.

[...]


--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: