SCARY STUFF! CHINESE HACK INTO FEDERAL PERSONNEL/SECURITY FILES

[libby]

This is mind-boggling when you stop to think about it --  well, maybe not to people who've never worked for the feds, but here in the Washington DC metro area 



National Security

Chinese hack of federal personnel files included security-clearance database
The massive data breach into the records of current and former federal employees is believed to be worse than first thought. (Reuters)

By Ellen Nakashima June 12 2015 at 6:51 PM

The Chinese breach of the Office of Personnel Management network was wider than first acknowledged, and officials said Friday that a database holding sensitive security clearance information on millions of federal employees and contractors also was compromised.

In an announcement, OPM said that investigators concluded this week with "a high degree of confidence" that the agency's systems containing information related to the background investigations of "current, former and prospective" federal employees, and others for whom a background check was conducted, were breached.

OPM is assessing how many people were affected, spokesman Samuel Schumach said. "Once we have conclusive information about the breach, we will announce a notification plan for individuals whose information is determined to have been compromised," he said.

The announcement of the hack of the security-clearance database comes a week after OPM disclosed that another personnel system had been compromised. The discovery of the first breach led investigators to find the second — all part of one campaign by the Chinese, U.S. officials say, evidently to obtain information valuable to counter­espionage.

"This is potentially devastating from a counter­intelligence point of view," said Joel Brenner, a former top counter­intelligence official for the U.S. government, speaking about the latest revelation. "These forums contain decades of personal information about people with clearances . . . which makes them easier to recruit for foreign espionage on behalf of a foreign country."

What China's hacking means for national security(1:17)

China hacked into the federal government's network, compromising four million current and former employees' information. The Post's Ellen Nakashima talks about what kind of national security risk this poses and why China wants this information. (Alice Li/The Washington Post)

[How the Internet became so vulnerable]

Last week, OPM announced that a database containing the personal information of about 4 million current and former federal employees was hacked. Privately, U.S. officials said the Chinese government was behind the breach. The administration has not publicly pointed a finger at Beijing.

The breach of that data system affected 4.1 million individuals — all 2.1 million current federal civilian employees and 2 million retired or former employees. Information on officials as senior as Cabinet secretaries may have been breached. The president's and vice president's data were not, officials said.

Sponsor-Generated ContentTelehealth provides a clearer picture of patient needs
By Philips The growing field provides more options for treating chronic disease.READ MORE
China has dismissed the hacking allegations, with a Foreign Ministry spokesman last week calling them "irresponsible and unscientific."

The separate background-check database contains sensitive information — called SF-86 data — that includes applicants' financial histories and investment records, children's and relatives' names, foreign trips taken and contacts with foreign nationals, past residences, and names of neighbors and close friends.

[The career-spanning details that were hacked]

That database was also breached last year by the Chinese in a separate incident, and the new intrusion underscores how persistent and determined Beijing is in going after data valuable to counter­espionage.

Four million people affected by U.S. cyber hack(0:38)

Chinese hackers breached the computer system of the Office of Personnel Management in December, compromising the personal information of four million former and current employees. (Reuters)

"The adversary is obviously very interested in that data," said a U.S. official, who, like several others who were interviewed, spoke on the condition of anonymity because of the ongoing investigation.

The discovery of the second compromise was not exactly a surprise. "It's like cancer," a second U.S. official said. "Once you start operating on the cancer, you find it has spread to other areas of the body."

Employees of intelligence agencies, such as the CIA, generally do not have the records of their clearance checks held by OPM, although some do, officials said.

"That's the open question — whether it's going to hit CIA folks," the second official said. "It would be a huge deal. They could start unmasking identities."

Matthew Olsen, a former National Security Agency general counsel and former head of the National Counter­terrorism Center, said the breach is "truly significant." The data can be used in many different ways to target people, "whether it's blackmail, to recruit, to punish individuals in China who are connected to people in the United States."

In the past year or two, the Chinese government has begun building massive databases of Americans' personal information obtained through cyber ­espionage. Besides the series of OPM intrusions, a federal government contractor that conducted background investigations for OPM and the Department of Homeland Security was hacked last year by the Chinese. And Beijing has been linked to penetrations of several health insurance companies that hold personal data on tens of millions of Americans.

"Who can be surprised?" Brenner said. "They're making a concerted effort to gather vast quantities of information about Americans. This is perfectly clear. That they have all this clearance information is a disaster."

President Obama, as with previous high-profile breaches, has been briefed on the investigation. What steps, if any, the administration can or should take in response is a difficult discussion, current and former officials said.

"There are a whole array of things we need to do across the board, from raising our defenses to making sure that this stuff isn't actually on the criminal underground to understanding the full scope" of the breach, the first official said. "We haven't gotten there yet."

What complicates this case is that unlike many other Chinese breaches­ of U.S. networks, the OPM hacks do not involve theft of commercial secrets. Last year, the United States indicted five Chinese military officials on charges of commercial cyber­espionage. With traditional espionage, the options are fewer.

"You're not going to start a shooting war over this," a former intelligence official said. "We need to improve our ­defenses. We also want to go on the offense."

Offensive actions might include directing a U.S. agency to locate the servers holding the stolen data and deleting or altering the data, the former official said.

The administration timed its announcement last week of the initial OPM breach to comply with its own policy, as reflected in proposed legislation, to notify individuals of a breach within 30 days of concluding that there is a "reasonable basis to believe" that personal information has been compromised, the first U.S. official said.

Although the breach was discovered in April, it was not until early May that investigators determined that employees' personal data probably was taken. That led to the announcement last week even though, the official said, the investigation was not complete.

During a briefing for congressional staff last week, Ann Barron-DiCamillo, a senior DHS official, tried to explain the delay in alerting employees to the breach. "It takes time to do the forensics and to understand what's happened, and even to understand what data, if any, has been exposed," she said, according to notes taken by a congressional aide.

The breach, she said, took place in December. "It took awhile to pinpoint what actually went out the door because it happened six months ago," she said.

Adam Goldman and Lisa Rein contributed to this report.

Ellen Nakashima is a national security reporter for The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.

www.washingtonpost.com

[libby]

Russia, China, and former NSA contractor traitor Edward Snowden in one sentence is truly scary!   

Report: Britain pulls out spies as Russia, China crack Snowden files

The headquarters of Britain's Secret Intelligence Service (MI6) in central London. (Michael Crabtree/Reuters)
By Reuters June 14, 2014 at 2:11 PM

LONDON — Britain has pulled out agents from live operations in "hostile countries" after Russia and China cracked top-secret ­information contained in files leaked by former National Security Agency contractor Edward Snowden, the Sunday Times ­reported.

MI6, Britain's version of the CIA, has removed agents from certain countries, the newspaper said, citing unnamed officials at the office of British Prime Minister David Cameron, the Home Office (interior ministry) and security services.

Snowden downloaded more than 1.7 million secret files from security agencies in the United States and Britain in 2013, and he leaked details about mass surveillance of phone and Internet communications to the news media, including The Washington Post. The United States wants him to stand trial.

Moscow granted asylum to Snowden in 2013. Although he has claimed that the encrypted files remain secure, British authorities think Russia and China have cracked documents containing details that could allow British and U.S. spies to be identified, the newspaper said, citing officials.

British Foreign Secretary Philip Hammond said Snowden has badly damaged the West's ability to protect its citizens. "As to the specific allegations this morning, we never comment on operational intelligence matters, so I'm not going to talk about what we have or haven't done in order to mitigate the effect of the Snowden revelations, but nobody should be in any doubt that Edward Snowden has caused immense damage," he told Sky News.

A person with the Home Office told the newspaper that Russian President Vladimir Putin did not grant Snowden asylum for nothing. "His documents were encrypted, but they weren't completely secure, and we have now seen our agents and assets being targeted," the person said.

A person with British intelligence said Snowden had done "incalculable damage."
"In some cases, the agencies have been forced to intervene and lift their agents from operations to stop them being identified and killed," that person was quoted as saying.

British security agencies declined to comment, and the Russian and Chinese governments were not available for comment.

The revelations about the impact of Snowden on intelligence operations come days after Britain's terrorism law watchdog said the rules governing the security services' abilities to spy on the public needed to be overhauled.

Cameron has promised new security measures, including more powers to monitor Britons' communications and online activity in what critics have dubbed a "snoopers' charter."

www.washingtonpost.com

[Anne]

If they can hack this type of government records imagine how easy it would be for them to hack into local or regional power and water suppliers.

[libby]

 

If they can hack this type of government records imagine how easy it would be for them to hack into local or regional power and water suppliers.

[Exterminator]

If they can hack this type of government records imagine how easy it would be for them to hack into local or regional power and water suppliers.

And you don't think we can do that to them?

[Palehorse]

And you don't think we can do that to them?

Hell, the Saint Louis Cardinals hacked into the Houston Astros player databases. 

They're taking a page from the Patriots playbook! 

[Anne]

Oh, I'm pretty sure we could do it to them, too. The point is most people, imo, only think about cyber attacks in the terms of identity theft, etc. They forget that so much of our lives are controlled by computers. Water plants, electrical grids, traffic lights and grocery store checkouts are all wholly or partly ran by computers. If they (China, Russia, or Joe Jones, fiction) wanted to cause havoc that would certainly be a way to do it.

[The Troll]

Oh, I'm pretty sure we could do it to them, too. The point is most people, imo, only think about cyber attacks in the terms of identity theft, etc. They forget that so much of our lives are controlled by computers. Water plants, electrical grids, traffic lights and grocery store checkouts are all wholly or partly ran by computers. If they (China, Russia, or Joe Jones, fiction) wanted to cause havoc that would certainly be a way to do it.

  And just think Anne, all the Chinese have to do is to drop one Neutron bomb on the middle of the United States and shut down all electricity and all of the computers.     They have already proved that they can shoot down our satellites knocking out all of our GPS.  Our military will be blinded, none of our GPS controlled missiles and bombs won't work.  All of our satellite controlled Drones won't work.    How about that and we depend on China to make all the stuff we buy and all of the electronics we put in our missiles and military gear.  Just how stupid can congress get, if we get into full out war with them, they will kill all of our asses. 

  Does anyone out there agree with the Troll on this thinking.   

[libby]

  And just think Anne, all the Chinese have to do is to drop one Neutron bomb on the middle of the United States and shut down all electricity and all of the computers.     They have already proved that they can shoot down our satellites knocking out all of our GPS.  Our military will be blinded, none of our GPS controlled missiles and bombs won't work.  All of our satellite controlled Drones won't work.    How about that and we depend on China to make all the stuff we buy and all of the electronics we put in our missiles and military gear.  Just how stupid can congress get, if we get into full out war with them, they will kill all of our asses. 

  Does anyone out there agree with the Troll on this thinking.   

  It's the stuff of science fiction coming true.  I worry about what might happen to our minds:  with everything computerized, with all the smart phones, apps, and yes, GPS, what about critical thinking, short term memory? Use or lose? What about all that's happening in medicine -- the aim seems to be everything, from records to medications to surgery, computerized.

On a lighter (I think) note, makes me think of an old movie about just that: it got to the point where the computers here and those in Russia hooked up and excluded humans  from the decision making.

[Henry Hawk]

  And just think Anne, all the Chinese have to do is to drop one Neutron bomb on the middle of the United States and shut down all electricity and all of the computers.     They have already proved that they can shoot down our satellites knocking out all of our GPS.  Our military will be blinded, none of our GPS controlled missiles and bombs won't work.  All of our satellite controlled Drones won't work.    How about that and we depend on China to make all the stuff we buy and all of the electronics we put in our missiles and military gear.  Just how stupid can congress get, if we get into full out war with them, they will kill all of our asses. 

  Does anyone out there agree with the Troll on this thinking.   

no

[The Troll]

no

     It's the stuff of science fiction coming true.  I also worry about what will happen to our minds:  with everything computerized, with all the smart phones, apps, and yes, GPS, what will happen to critical thinking, short term memory? Use or lose? What about all that's happening in medicine -- the aim seems to be everything, from records to medications to surgery, computerized.

On a lighter (I think) note, makes me think of an old movie about just that: it got to the point where the computers here and those in Russia hooked up and excluded humans  from the decision making.

  Computers making decisions?  That is what we have on Wall Street now, computer controlled selling programs on stock.  Which can cause a Wall Street depression.   

[The Troll]

no

  OK Birdy, please tell us what you're thinking is.      Hawk, you don't know shit!