Russia & China Use Hacked Databases to Find US Spies

id-2958070-cyberespionage_3-100601454-orig.jpg

Foreign spy agencies, including those from Russia and China, are cross checking hacked databases to identify U.S. intelligence operatives, according to a news report.

One secret network of US engineers and scientists, providing technical assistance to the country's overseas undercover agencies, has been compromised according to a story in the Los Angeles Times.

Foreign intelligence agencies are cross-referencing several compromised databases, whose information includes security clearance applications and airline records, to identify US intelligence agents, the report said.
The US Office of Personnel Management announced a breach of its security clearance database in June. That breach compromised information on the government’s Standard Form 86, a 127-page questionnaire that asks about an applicant’s past military experience, criminal background, computer hacking activities, financial problems and links to terrorism groups.

US lawmakers have worried that the OPM breach would endanger intelligence agents and open up applicants to blackmail.
With the OPM breach and other recent compromises, "our biggest fear has been that these data breaches were not isolated incidents, but part of a larger campaign with the intent to expose intelligence agents and others with security clearances around the world," Ken Westin, security analyst for cybersecurity Tripwire, said by email.
There is growing evidence that exposing intelligence agents was the motivation behind several breaches, he added.
The report raises several concerns for government agencies and private businesses, Westin said. "Our risk and threat models don't take into account the exponential damage that can come when datasets from multiple breaches are correlated," he said. "Big data isn't just used in business, but also cybercrime and espionage, and this is more apparent now than ever."

A "massive amount of data" that people willingly share helps make this type of espionage possible, said Tim Erlin, director of IT security and risk strategy at Tripwire. "The actual government records provide a key set of data, but when correlated with other information, enemy nation-states can assemble a dangerously complete picture," he said.
Computreworld:http://http://bit.ly/1J9PTLM

 

« Should the US Use Hidden Data to Warn Industry of Attacks?
Five Months After the OPM Attack. »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Secure Identity Alliance (SIA)

Secure Identity Alliance (SIA)

The Secure Identity Alliance is dedicated to supporting sustainable worldwide economic growth and prosperity through the development of trusted digital identities and the adoption of secure eServices.

CERT-MU

CERT-MU

CERT-MU is the Mauritian National Computer Security Incident Response Team.

Foregenix

Foregenix

Foregenix are global specialists in Digital Forensics and information security including Penetration testing and Website Security.

Ethoca

Ethoca

Ethoca is a secure network for card issuers and merchants to connect and work cooperatively outside the payment network in a unique and powerful way.

Zettaset

Zettaset

Zettaset’s XCrypt Data Encryption Platform delivers proven protection for Object, Relational/SQL, NoSQL, and Hadoop data stores…in the cloud and on-premises.

Elliptic

Elliptic

Elliptic solve the crucial problem of identity in cryptocurrencies, with the sole purpose of combating suspicious and criminal activity.

Wise-Mon

Wise-Mon

Wise-Mon is expert in its field of network monitoring and control. We give solutions to huge organizations with tens of thousands of ports, as well as small companies with one switch.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

CWSI

CWSI

CWSI provide a full suite of enterprise mobility, security and productivity solutions to many of Ireland and the UK’s most respected organisations across a wide range of industry and public sectors.

ImmuniWeb

ImmuniWeb

We Simplify, Accelerate and Reduce Costs of Security Testing, Protection and Compliance.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

Transparity Cyber

Transparity Cyber

Transparity Cyber is dedicated to cybersecurity. As part of the Transparity Group we’re an established name in the Microsoft Cloud landscape, with a focus on cybersecurity excellence.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

Kontra

Kontra

Kontra application security training is an interactive and intuitive learning experience that engages developers.

Worksent Technologies

Worksent Technologies

Worksent is a Trusted white-label offshore support partner for MSPs and MSSPs.

Symbiotic Security

Symbiotic Security

Symbiotic Security revolutionizes code security by integrating an AI-driven security coach directly within developers' IDEs.