The biggest heist of secret US personnel data in cyber history is still ongoing
The White House has admitted that systems containing deeply personal information, submitted by current, former and prospective federal government employees for security clearances, had been “exfiltrated.” If the breach of the Office of Personnel Management (OPM) was conducted by hackers linked to China, as suspected, access to the Standard Form 86 submitted by an estimated 41 million federal employees provided them with what may be the world’s largest stolen data base of US intelligence and military personnel. This is a “gold mine” of unencrypted data that leave US intelligence officers, for example, open to blackmail or coerced recruitment.
While officials speak of two hacks, debkafile’s cyber security and intelligence experts report that it was a single breach and is still ongoing. Known to experts as an “Advanced Persistent Threat,” it amounts to slow, continuous penetration by a computer virus, planted in an individual computer of a network which duplicates itself gradually and insidiously.
Access may have been initiated by sowing particles of malicious code months or even years ago in the mega network of thousands of computers and terminals holding all the records of US federal employees. It could have happened when A OPM staff member surfed rogue Internet sites, opened a contaminated Word or Excel file – or even inserted a Memory Stick (Disk On Key).
The bad news is that it is not over and the damage may not be reversible. Not only was it discovered belatedly, but more of those malware particles are certainly buried inside communications and data bases serving OPM, waiting for a remote signal from the hackers’ command and control centers, which are believed to be working for China.
According to our experts, it is almost impossible to totally sanitize all the affected computers, servers, switches and other components. The only practical remedy would be for the OPM to totally segregate its computers from the public Internet and severely restrict and supervise data transfers into the system’s different segments. This device would act like highway roadblocks that allow police officers to inspect each individual vehicle.
According to the information published by cyber intelligence magazines, the hackers got away with copies of every Standard Form 86 filed by US intelligence and security personnel and passed it on to an unknown destination.
This form lists mental illnesses, drug and alcohol use, past arrests and bankruptcies. Applicants are required to list contacts and relatives, potentially exposing any foreign relatives of US intelligence employees to coercion. Both the applicant's Social Security number and that of his or her cohabitant are required, as well as driver’s license, passport and phone numbers.
The hack made available to a foreign agency all the personal particulars including photos of every officer employed by US security agencies.
"Recent events underscore the need to accelerate the administration's cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation's cyber infrastructure," the White House statement said.
However, the global ramifications can’t be overlooked of a weapon that knows no borders.
In February, the big US medical insurance firm Anthem reported that the administrative data of “only” 80 million clients were hacked. Smaller breaches may not be reported at all, but are believed to be taking place daily. In all, America’s government, health and financial in infrastructure is under tremendous constant cyber attack.
China is believed to possess the biggest data base in the world, larger even than the US National Security Agency. Its super computers are operated and maintained by thousands of staff around the clock, their data bases constantly supplemented by information hacked from every US institution, public or private.