Intruders who hacked the databases of the US federal government’s Office of Personnel Management have stolen security clearance data on intelligence and military personnel, AP reports, citing officials who say the breach is far worse than acknowledged.
The hackers managed to
steal the entire federal database of Standard Form 86, according
to officials who spoke with AP on condition of anonymity. The
form is submitted by individuals for a cavity-like background
search, prior to gaining security clearance.
The 127-page-long
form contains highly personal information
about the individual, including possible drug and alcohol abuses,
and financial and criminal histories. In addition, it contains a
reference section with extremely sensitive information concerning
the applicant’s contacts and relatives including their personal
data.
Nearly all clearance holders working with the CIA, National
Security Agency and military special operations personnel, have
potentially been exposed, sources believe. The time of the
intrusion so far remains unknown.
READ
MORE: ‘Outrageous failure’: Database hack compromised all US
federal workers – union
The Office of Personnel Management (OPM), which was the target of
the hack, has not officially confirmed that the security
clearance data of military or intelligence was breached. However,
news of the second hack has been starting to circulate in both
the Pentagon and the CIA.
“You don’t need these records to blackmail or exploit someone,
but it would sure make the job easier,” Evan Lesser, managing
director of ClearanceJobs.com, told AP.
Sources claimed the attack originated in China, accusations which
Beijing has denied.
“This tells the Chinese the identities of almost everybody
who has got a United States security clearance,” Joel
Brenner, a former top US counterintelligence official, told AP.
Brenner believes that access to the information exposes the cover
of some intelligence agents.
“The database also tells the Chinese an enormous amount of
information about almost everyone with a security clearance.
That’s a gold mine. It helps you approach and recruit
spies,” Brenner said.
Sources familiar with the matter in the Pentagon and the CIA said
this was a different security breach than the earlier one
announced by the OPM, in which the agency originally claimed only
some four million people have been affected. The latest estimates
suggest hackers might have managed to steal between nine and 14
million records, stretching back to the 1980s.
READ MORE: US govt agency hacked, 4 million federal workers
affected
The OPM is still continuing their assessment of the damage caused
by the intrusion that occurred in December 2014. On Thursday, the
American Federal of Government Employees (AFGE) Union called the
cyber-security failure “absolutely indefensible and
outrageous.”
In their last press release, the OMP states that at “this time”
there is no evidence that there has been “any use or attempted
use” of personal data derived from the hack.
Since the attack, the OPM said it has implemented new security
measures, such as restricting access and powers of remote
administrators, and utilizing anti-malware software for further
protection. A review of all connections to the network was also
initiated.