Giant OPM Data Hack Did Blow U.S. Spies’ Cover

Uploaded on 2015-07-30 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

images?q=tbn:ANd9GcSUZsj160Hptc_PF2SxWO-AhSci06s9nLoiMgli9wUPeHkr_G0sDw

US investigators fear that the identity of spies working undercover could be revealed by the cyber security breach, which was revealed last month and exposed the private information of more than 21 million people.
 
A data breach at the US Office of Personnel Management (OPM) could blow the cover of US spies working overseas, say US intelligence officials, who fear the information could be used by another state to determine the activities of US citizens working within its borders.  

US officials had sought to downplay the risks of US spies being uncovered by the data hack, which the OPM announced on June 4, when it promised to notify 4.1 million current and former federal employees whose records had been accessed.

Earlier this month the OPM disclosed the fuller extent of the breach, estimating that more than 21 million people had had some form of their data exposed in the hack, including more than 1.1 million fingerprint records.  

Social Security numbers, job assignments, performance ratings and the training information on employees and contractors were included in the accessed data, but agency officials have maintained that the personal data of intelligence officials was not kept in the database.

Though it is unclear if the personal information of US spies was held in the OPM database, it is feared that even if the spies' data has not been entered into the OPM records, as intelligence officials maintained, it is possible for those with access to the hacked records to nevertheless analyze the data and uncover American spies.

By comparing the list of federal employees with a list of people granted visas to work in US diplomatic posts, a common cover for US intelligence officers who are gathering information in a foreign state, the identity of spies could be deduced, since their names would be on the latter list, but not the former.

Though some US government officials and politicians have publicly attributed the attacks to hackers based in China, other US officials such as NSA chief Rogers have declined to allege that Chinese hackers are behind the attacks, and the Chinese government has rejected the claims, described as "irresponsible and counterproductive" by the Chinese Embassy in the United States.
 
"China, itself a major victim of cyber-attacks, has made it clear that it is against all forms of hacking attacks, and it believes that members of the international community need better communication and cooperation to address cyber security breaches," said the Chinese news agency Xinhua in the aftermath of the breach.

Sputnik

« Don't Make These IT Mistakes in Your Organisation
In The War of 2050, The Robots Call The Shots »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Encode

Encode

Encode delivers a cutting edge Security Analytics & Response Orchestration platform and best of breed Cyber Security Operations and Services.

INSUREtrust

INSUREtrust

INSUREtrust is a pioneer in the industry, inventing the concept of cyber insurance.

Vaddy

Vaddy

Vaddy provide an automatic web vulnerability scanner for DevOps that performs robust security checks to ensure that web app code is secure.

Conix

Conix

Conix offerings include Governance and Risk Management, Auditing and Penetration Testing, Digital Forensics, Managed Security Operations Centre (SOC).

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

Applied Risk

Applied Risk

Applied Risk is an established leader in Industrial Control Systems security, focused on critical infrastructure security and combating security breaches that pose a significant threat.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Slovenska Akreditacija (SA)

Slovenska Akreditacija (SA)

Slovenska Akreditacija is the national accreditation body for Slovenia. The directory of members provides details of organisations offering certification services for ISO 27001.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Jamf

Jamf

Jamf is the only Apple Enterprise Management solution of scale that remotely connects, manages and protects Apple users, devices and services.

FiVerity

FiVerity

FiVerity provides financial institutions with cyber fraud defense to combat a dangerous and growing threat - the convergence of fraud-related theft with sophisticated, high-volume cyber attacks.

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center of Vietnam has a central monitoring function and is a technical focal point for monitoring and supporting information security for people, businesses and systems.

Internet Initiative Japan (IIJ)

Internet Initiative Japan (IIJ)

IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers.

ClearFocus Technologies

ClearFocus Technologies

ClearFocus Technologies provides advanced cybersecurity services that secure our nation’s most sensitive assets.