How did Chinese hackers break into the Office of Personnel Management (mentioned earlier)? The OPM gave them root access.

John Schindler on Twitter says that the Office of Personnel Management data breach is much worse than reported given the types of information that is in this database, including blackmail material and identities of foreign contacts.

Let me explain a bit about why the compromise of OPM information is so serious from a security & counterintelligence (CI) viewpoint. We can take it as a given that career/HR type info has been compromised on 4M FedGov employees (2.1M current) whose data got hacked. That's important -- but far more is background investigation (BI) info which OPM first denied was compromised, now admits it has been.

A USG BI, which OPM handles a lot of for many different agencies, is NOT some sort of glorified credit check, it's much more than that. BI contains very personal & private information, supplied by security clearance applicants then verified (one hopes) by adjudicators. BI data includes your personal life, travels, full bio, details on finances and any "troubles" -- legal, private, sexual, you name it. BI also goes into great detail about "foreign national contacts" of clearance holders and applicants -- a goldmine for foreign intel.

Whoever has this info now can say about FedGover X that they know more about them than that person's best friends, even spouse/partner. This is EXACTLY the sort of information any FI service would love to have in order to influence, recruit, or compromise USG personnel. From any CI viewpoint, OPM hack is a certified disaster that it will be difficult to repair in less than decades. A truly epic #FAIL

Only people who may know me as well as my BI paperwork does are my lawyer, my doctor & my priest. Nearly all cleared people = similar. Although OPM says "only" 4M FedGov are impacted, I strongly advise ANYBODY who's had a clearance since 1985 to watch credit rprts etc.

Page generated Sep. 23rd, 2017 09:59 pm
Powered by Dreamwidth Studios