China and Russia are using hacked data to target U.S. spies, officials say
By Brian Bennett and W.J. Hennigan
Los Angeles Times, 2015-08-31

Foreign spy services, especially in China and Russia, are aggressively aggregating and cross-indexing hacked U.S. computer databases — including security clearance applications, airline records and medical insurance forms — to identify U.S. intelligence officers and agents, U.S. officials said.

At least one clandestine network of American engineers and scientists who provide technical assistance to U.S. undercover operatives and agents overseas has been compromised as a result, according to two U.S. officials.


[This article has been discussed in this report:
"China and Russia cross-referencing OPM data, other hacks to out US spies"]

U.S. officials claim spies at risk as China, Russia review hacked data from OPM, Anthem breach
By Andrew Blake
Washington Times, 2015-08-31

China, Russia amassing personal info seized in hacks for counter-intelligence
By Jim Sciutto
CNN, 2015-09-01


"Individually, the OPM breach and the Ashley Madison breach both present significant dangers to U.S. personnel, including intelligence personnel, but taken together, they really ratchet up the level of harm," said Marc Zwillinger, a lawyer handling data breach and privacy cases. "The OPM breach has confidential information about U.S. personnel and people that have applied for security clearances, and the Ashley Madison breach reveals people's most intimate secrets about the affairs they might be having, and together, it provides a lot of leverage that could be used to blackmail and possibly influence U.S. personnel."


However, internal reports have repeatedly found that U.S. government systems remain vulnerable.

Many U.S. government agencies still lack urgency in addressing the problem,
leaving U.S. systems open to further attacks.

[And whose fault is that?
One man's: Barack Obama.
Everyone in his administration serves at the pleasure of the president.
If he wants to get his officials to make cybersecurity a priority,
all he has to do is start firing people who are not performing in that regard.
The message would get across.

As it is, what are the consequences for all those agency chiefs
who fail to bring their IT operations up to a standard
that yields a clean IG annual audit?
What are the consequences for failing, year after year,
to resolve those IG-identified discrepancies?

All Obama has to do is make clear that failing grades from those IG audits
will have real consequences.
As it is, when have you ever heard of an agency head
being fired over cybersecurity failures, other than the OPM Director?

This is clearly Obama's fault, and Obama's responsibility to fix.]

The U.S. official described as "likely" the prospect of additional successful cyberattacks on sensitive U.S. government systems.

"What the OPM breach really revealed is that government cybersecurity isn't even up to the par of the private sector, and the private sector suffers security breaches all the time," said Zwillinger. "So it's a wake-up call both for the government networks and commercial networks."


Report: Chinese Hackers Used OPM Data To Steal US Military Intel;
'Significant Risk To US Military'

by Lisa Brownlee
Forbes, 2015-09-19

Chinese hackers used data stolen from April’s OPM breach
in recent thefts of terabytes of sensitive data from U.S. defense contractors,
according to Trend Micro’s Vice President of Cybersecurity Thomas Kellerman.

Labels: , ,