The SF-86, a 127-page document, asks government employees to disclose information about family members, friends and past employment as well as details on alcohol and drug use, mental illness, credit ratings, bankruptcies, arrest records and court actions
David Larter and Andrew Tilghman report: Anxiety is spreading among defense officials and the military community that the recent theft of federal government data linked to China may affect hundreds of thousands of service members.
“They had access on everyone who has applied for a security clearance: families, residences and job assignments, bank records. If that’s not an absolute calamity, I don’t know what is.”
Compounding those concerns is the limited information made public by the Office of Personnel Management.
“They got everyone’s SF-86.”
Some military officials believe the recent hack targeting the civilian-run OPM seized information from tens of thousands of Standard Form 86s, which are required for all service members and civilians seeking a security clearance. That includes service members of all ranks, officers and enlisted, in a wide range of job specialties and assignments.
“This is a surreal new world and they are not being truthful. The way this works now is that they tell you a little bit of the truth, and then they obfuscate.”
“They got everyone’s SF-86,” one Pentagon official familiar with the investigation told Military Times.
The SF-86, a 127-page document, asks government employees to disclose information about family members, friends and past employment as well as details on alcohol and drug use, mental illness, credit ratings, bankruptcies, arrest records and court actions.
Given the scale of the breach as publicly disclosed by the Obama administration and OPM, it’s likely that the hackers obtained the SF-86 data of every military member who filled out the form on a computer, something that has been standard practice in Defense Department for well over a decade, said a retired senior intelligence community official who writes a blog under the pen name Victor Socotra.
The services began to make the digital SF-86 form mandatory in 2007, but service members used the digital form for years before that. Read the rest of this entry »
OPM IT Outsourced to Foreigner Contractors, with Root Access, Working from their Home Country. In this Case, Oh Yeah, ChinaPosted: June 17, 2015
Encryption ‘would not have helped’ at OPM, says DHS official: Attackers had valid user credentials and run of network, bypassing security
Sean Gallagher reports: During testimony today in a grueling two-hour hearing before the House Oversight and Government Reform Committee, Office of Personnel Management (OPM) Director Katherine Archuleta claimed that she had recognized huge problems with the agency’s computer security when she assumed her post 18 months ago. But when pressed on why systems had not been protected with encryption prior to the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, she said, “It is not feasible to implement on networks that are too old.” She added that the agency is now working to encrypt data within its networks.
But even if the systems had been encrypted, it likely wouldn’t have mattered. Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network.
House Oversight Chairman Jason Chaffetz (R-Utah) told Archuleta and OPM Chief Information Officer Donna Seymour, “You failed utterly and totally.” He referred to OPM’s own inspector general reports and hammered Seymour in particular for the 11 major systems out of 47 that had not been properly certified as secure—which were not contractor systems but systems operated by OPM’s own IT department. “They were in your office, which is a horrible example to be setting,” Chaffetz told Seymour. In total, 65 percent of OPM’s data was stored on those uncertified systems.
Chaffetz pointed out in his opening statement that for the past eight years, according to OPM’s own Inspector General reports, “OPM’s data security posture was akin to leaving all your doors and windows unlocked and hoping nobody would walk in and take the information.”
When Chaffetz asked Archuleta directly about the number of people who had been affected by the breach of OPM’s systems and whether it included contractor information as well as that of federal employees, Archuleta replied repeatedly, “I would be glad to discuss that in a classified setting.” That was Archuleta’s response to nearly all of the committee members’ questions over the course of the hearing this morning.
At least we found it
Archuleta told the committee that the breach was found only because she had been pushing forward with an aggressive plan to update OPM’s security, centralizing the oversight of IT security under the chief information officer and implementing “numerous tools and capabilities.” She claimed that it was during the process of updating tools that the breach was discovered. “But for the fact that OPM implemented new, more stringent security tools in its environment, we would have never known that malicious activity had previously existed on the network and would not have been able to share that information for the protection of the rest of the federal government,” she read from her prepared statement. Read the rest of this entry »
China appears to have scored a major win here
Tom Rogan writes: ‘We have a lot of information about people, and that is something that our adversaries want.”
That’s how Donna Seymour, an Office of Personnel Management (OPM) official recently described the OPM hacking to a reporter for the Washington Post. As we found out yesterday, in April, Chinese hackers intruded OPM networks and potentially acquired the personal information of 4 million U.S. government employees.
“China has exceptionally capable, experienced, and wide-ranging cyber-hacking forces. These units are experts at both physical access and remote penetration of network-security systems.”
So how did this happen? Well, according to an OPM press release, the agency has been upgrading its network security over the past year. That said, yesterday’s press release also notes that it was only after the April hacking that OPM focused on “restricting remote access for network administrators…and deploying anti-malware software” against
programs that might “compromise the network.” In short, OPM hasn’t beenmoving fast enough to prevent hacking.
“In short, everything you would never want your enemy to know about you – from a counterintelligence viewpoint, this breach represents a true nightmare scenario.”
Regardless, it makes sense that China was involved in the intrusion. For a start, China has exceptionally capable, experienced, and wide-ranging cyber-hacking forces. These units are experts at both physical access and remote penetration of network-security systems.
Moreover, China has a penchant for attacking the OPM. In July last year, the New York Times reported on China’s hacking of OPM information on applicants for top-secret security clearances.
That the OPM didn’t urgently upgrade its security after that 2014 incident is inexcusable. We’ve paid the price in our damaged national security. Read the rest of this entry »
Posted By Josh Peterson
Former National Security Agency contractor Edward Snowden impersonated the electronic identities of top NSA officials in order to access the highly classified documents he leaked to the press, NBC News reports.
While the NSA says it doesn’t know exactly what Snowden took, reports the publication, it estimates that he stole as many as 20,000 documents from the agency.
By impersonating senior officials in the agency, Snowden was able to access documents not even available to him with his “top secret” clearance.