Giant OPM Data Hack Did Blow U.S. Spies’ Cover

Uploaded on 2015-07-30 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

images?q=tbn:ANd9GcSUZsj160Hptc_PF2SxWO-AhSci06s9nLoiMgli9wUPeHkr_G0sDw

US investigators fear that the identity of spies working undercover could be revealed by the cyber security breach, which was revealed last month and exposed the private information of more than 21 million people.
 
A data breach at the US Office of Personnel Management (OPM) could blow the cover of US spies working overseas, say US intelligence officials, who fear the information could be used by another state to determine the activities of US citizens working within its borders.  

US officials had sought to downplay the risks of US spies being uncovered by the data hack, which the OPM announced on June 4, when it promised to notify 4.1 million current and former federal employees whose records had been accessed.

Earlier this month the OPM disclosed the fuller extent of the breach, estimating that more than 21 million people had had some form of their data exposed in the hack, including more than 1.1 million fingerprint records.  

Social Security numbers, job assignments, performance ratings and the training information on employees and contractors were included in the accessed data, but agency officials have maintained that the personal data of intelligence officials was not kept in the database.

Though it is unclear if the personal information of US spies was held in the OPM database, it is feared that even if the spies' data has not been entered into the OPM records, as intelligence officials maintained, it is possible for those with access to the hacked records to nevertheless analyze the data and uncover American spies.

By comparing the list of federal employees with a list of people granted visas to work in US diplomatic posts, a common cover for US intelligence officers who are gathering information in a foreign state, the identity of spies could be deduced, since their names would be on the latter list, but not the former.

Though some US government officials and politicians have publicly attributed the attacks to hackers based in China, other US officials such as NSA chief Rogers have declined to allege that Chinese hackers are behind the attacks, and the Chinese government has rejected the claims, described as "irresponsible and counterproductive" by the Chinese Embassy in the United States.
 
"China, itself a major victim of cyber-attacks, has made it clear that it is against all forms of hacking attacks, and it believes that members of the international community need better communication and cooperation to address cyber security breaches," said the Chinese news agency Xinhua in the aftermath of the breach.

Sputnik

« Don't Make These IT Mistakes in Your Organisation
In The War of 2050, The Robots Call The Shots »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Brookings Institution

Brookings Institution

The Brookings Institution is a nonprofit public policy organization. Cyber security is covered within the various study areas.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

Allgress

Allgress

Allgress solutions converge disparate risk silos across enterprise networks and automate governance, risk and compliance management processes.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

CERT Bulgaria (CERT.BG)

CERT Bulgaria (CERT.BG)

CERT Bulfaria is the National Computer Security Incidents Response Team for Bulgaria.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

Marvell Technology Group

Marvell Technology Group

Marvell is a semiconductor company providing solutions for storage, processing, networking, security and connectivity.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

Police CyberAlarm

Police CyberAlarm

Police CyberAlarm is a free tool to help members understand and monitor malicious cyber activity. This service is made up of two parts; monitoring and vulnerability scanning.

Tetrate.io

Tetrate.io

Tetrate Service Bridge provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

Kompleye

Kompleye

Kompleye is a recognized cybersecurity and compliance audit organization that offer a comprehensive solution for different industries.

Normalyze

Normalyze

Normalyze are solving some of the most painful problems enterprise IT security teams face in the cloud and data security space. We help enterprises protect all the data they run in the cloud.

PCCW Global

PCCW Global

PCCW Global is a leading communications service provider, offering mobility, voice and data solutions to multinational enterprises, telecomms partners, cloud and application service providers.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.