CIA pulled officers from Beijing embassy following OPM database hack

Office of Personnel ManagementThe Central Intelligence Agency (CIA) pulled a number of officers from the United States embassy in Chinese capital Beijing, after a massive cyber hacking incident compromised an American federal database containing millions of personnel records. Up to 21 million individual files were stolen in June of this year, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances —including intelligence officers.

According to sources in the US government, the records of CIA employees were not included in the compromised OPM database. However, that is precisely the problem, according to The Washington Post. The paper said on Wednesday that the compromised OPM records contain the background checks of employees in the US State Department, including those stationed at US embassies or consulates around the world. It follows that US diplomatic personnel stationed abroad whose names do not appear on the compromised OPM list “could be CIA officers”, according to The Post. The majority of CIA officers stationed abroad work under diplomatic cover; they are attached to an embassy or consulate and enjoy diplomatic protection, which is typically invoked if their official cover is blown. However, they still have to present their credentials and be authorized by their host country before they assume their diplomatic post. The CIA hopes that foreign counterintelligence agencies will not be able to distinguish intelligence personnel from actual diplomats.

Although the US has not officially pointed the finger at a particular country or group as being behind the OPM hack, anonymous sources in Washington have identified China as the culprit. If true, The Post’s claim that the CIA pulled several of its officers from the US embassy in Beijing would add more weight to the view that the Chinese intelligence services were behind the cyber theft. The paper quoted anonymous US officials who said that the CIA’s decision to remove its officers from Beijing was directly related to the OPM hack, and it was meant to safeguard their personal security, as well as to protect CIA programs currently underway in China.

Author: Joseph Fitsanakis | Date: 1 October 2015 | Permalink

Hackers stole 5.6 million US government employee fingerprints

Office of Personnel Management 2A massive cyber hacking incident that compromised a United States federal database containing millions of personnel records also resulted in the theft of 5.6 million fingerprint records, American officials have said. Up to 21 million individual files were stolen in June of this year, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for all agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances —including intelligence officers.

Back in July, OPM officials told reporters that just over 1 million fingerprint records had been compromised by the cyber hack. However, a new statement issued by the White House last week said that the actual number of stolen fingerprints from the OPM database was closer to 5.6 million. In a subsequent statement, the OPM said there was little that the hackers could do with the fingerprint records, and that the potential for exploitation was “currently limited”. But it added that, as technology continued to be developed, the risk of abuse of the stolen fingerprint records could increase. Therefore, an interagency working group would be put together to “review the potential ways adversaries could misuse fingerprint data now and in the future”, the OPM statement said. It added that the group would be staffed with fingerprint specialists for the Federal Bureau of Investigation, the Department of Defense and the Department of Homeland Security.

External American intelligence agencies, which typically send their officers abroad posing as diplomats, and sometimes under cover identities, are reportedly concerned that certain foreign counterintelligence agencies will be able to use the stolen fingerprints to identify the true identities or professional background of US government employees stationed abroad.

Author: Ian Allen | Date: 29 September 2015 | Permalink

US Congressional review considers impact of federal database hack

Office of Personnel Management 2A United States Congressional review into last month’s cyber theft of millions of government personnel records has concluded that its impact will go far “beyond mere theft of classified information”. Up to 21 million individual files were stolen in June, when hackers broke into the computer system of the Office of Personnel Management (OPM). Part of OPM’s job is to handle applications for security clearances for all agencies of the US federal government. Consequently, the breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans —including intelligence officers— who have filed applications for security clearances.

So far, however, there is no concrete proof in the public domain that the hack was perpetrated by agents of a foreign government for the purpose of espionage. Although there are strong suspicions in favor of the espionage theory, there are still some who believe that the cyber theft could have been the financially motivated work of a sophisticated criminal ring. But a new report produced by the Congressional Research Service, which is the research wing of the US Congress, seems to be favoring the view that “the OPM data were taken for espionage rather than for criminal purposes”. The report was completed on July 17 and circulated on a restricted basis. But it was acquired by the Secrecy News blog of the Federation of American Scientists, which published it on Tuesday.

The 10-page document points out that strictly financial reasons, such as identity theft or credit card fraud, cannot be ruled out as possible motivations of the massive data breach. But it points out that the stolen data have yet to appear in so-called “darknet” websites that are used by the criminal underworld to buy and sell such information. This is highly unusual, particularly when one considers the massive size of the data theft, which involves millions of Americans’ credit card and Social Security numbers. Experts doubt, therefore, that the OPM data “will ever appear for sale in the online black market”. This inevitably leads to the conclusion that the breach falls “in the category of intelligence-gathering, rather than commercial espionage”, according to the report.

The above conclusion could have far-reaching consequences, says the report. One such possible consequence is that high-resolution fingerprints that were contained in the OPM database could be used to blow the covers of American case officers posing as diplomats, and even deep-cover intelligence operatives working secretly abroad. Furthermore, the hackers that are in possession of the stolen files could use them to create high-quality forged documents, or even publish them in efforts to cause embarrassment to American intelligence agencies.

Author: Ian Allen | Date: 30 July 2015 | Permalink: https://intelnews.org/2015/07/30/01-1746/

US spies voiced concerns about Fed database prior to massive hack

Office of Personnel ManagementUnited States intelligence officials expressed concerns about a federal database containing details of security-clearance applications in the years prior to a massive cyber hacking incident that led to the theft of millions of personnel records. Up to 18 21 million individual files were stolen last month, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for all agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances –including intelligence officers.

Until a few years ago, however, Scattered Castles, the database containing security clearance applications for the US Intelligence Community, was not connected to the OPM database. But in 2010, new legislation aiming to eliminate the growing backlog in processing security-clearance applications required that Scattered Castles be merged with the OPM database. The proposed move, which aimed to create a unified system for processing security clearances made sense in terms of eliminating bureaucratic overlap and reducing duplication within the federal apparatus. But, According to the Daily Beast, US intelligence officials expressed concerns about the merging of the databases as early as 2010. The website said that security experts from the Intelligence Community expressed “concerns related to privacy, security and data ownership” emerging from the impending merge. One official told the Daily Beast that there were fears that the “names, Social Security numbers, and personal information for covert operatives would be exposed to hackers”.

However, the merge went ahead anyway, and by 2014 parts of the Scattered Castles databases were gradually becoming accessible through the OPM network. The Daily Beast cited an unnamed US official as saying that there was “no connection between Scattered Castles and the OPM hack”. But when asked whether Scattered Castles was linked to the OPM system, he referred the website to the Federal Bureau of Investigation, which is probing last month’s hack attack.

Author: Joseph Fitsanakis | Date: 1 July 2015 | Permalink: https://intelnews.org/2015/07/01/01-1726/