WASHINGTON—Hackers who raided the U.S. government’s personnel office gained access to secret background investigations conducted on current and former employees, senior administration officials said Friday—an ominous development in the recent theft of federal data, one of the largest in history.
The hackers had access to at least two separate background-investigation forms that must be completed for many U.S. officials to work in select national-security and other government jobs, and these forms are often necessary for someone to obtain security clearance.
The two forms—known as Standard Form 85 and 86—contain extensive information about family members, mental health, and credit history. They also include records of “foreign contacts”—lists of non-U.S. officials that a person might know or have relationships with. This information could be valuable to foreign spies and intelligence agencies as they work to determine whom U.S. officials communicate with overseas.
“It has more data than a mortgage application,” said Phillip Carter, a senior fellow at the Center for a New American Security and a lawyer who has handled security-clearance cases.
Security clearances are conducted for people who work in the military, intelligence agencies, Secret Service, federal-law enforcement and other sensitive posts.
The senior administration officials wouldn’t say how many people may have been affected by the breach, but the numbers could be sizable. Many of the records held by the U.S. government’s Office of Personnel Management weren’t encrypted.
OPM officials previously had said they didn’t believe the background-check information had been stolen.
The senior administration officials also wouldn’t say how many years’ worth of background-check records could have been obtained by the hackers.
COMPROMISED SECRETS
The hacking attack on the federal government’s personnel department gained access to forms filled out by those seeking security clearances to perform sensitive government jobs. The form, known as an (SF) 86 background check document, is a 127-page form that includes details about highly personal information, including foreign travel (page 4), any mental health conditions (page 84), police record (page 86), history of drug use (page 93), or bankruptcy filings (page 106).
OPM officials said as recently as Thursday evening that they believed 4.2 million people—including 2.1 million current employees—were affected by the breach, but the background-investigation form breach suggests the number could be larger. The stolen records include people who were screened by the federal government for certain jobs but decided not to accept the job after the background check was concluded, as well as people whom the government declined to hire.
Several U.S. lawmakers briefed on the investigation into the breach said they believed the hack emanated from China, though the White House hasn’t confirmed this allegation. Chinese officials have said they weren’t involved.
On June 4, OPM announced that its systems had been hacked and began notifying current and former federal employees that their Social Security numbers and other personal information could have been stolen. Other federal agencies, including intelligence agencies, aided the investigation, and officials soon learned that a wider network of data was compromised.
The background-investigation records are held on a separate system within OPM, but government officials discerned that these records were also tapped into, the senior administration officials said Friday.
The senior administration officials wouldn’t say whether the records of U.S. military or intelligence officers were stolen during the hack, though numerous Pentagon civilian employees have already been notified that their records were compromised, several officials said.
The Standard Form 86 background-check document is a 127-page form that includes details about highly personal information, including foreign travel, any mental-health conditions, police record, history of drug use and bankruptcy filings.
Such information could be considered a treasure trove of information for foreign intelligence agencies, as the records would provide access to the personal lives and relationship networks of some of the U.S. government’s most carefully screened and vetted officials, and could expose them to blackmail.
U.S. officials across numerous agencies, including intelligence and law-enforcement agencies, are now searching through the hacked data to determine what the national-security vulnerabilities could be and how the records could be exploited by foreign governments in particular.
The senior administration officials wouldn’t say whether the hackers had access to all background investigations conducted in recent years. In 2013, OPM ordered 2.3 million such investigations.
The U.S. government and dozens of companies have had information stolen through cyberattacks for more than a decade, as hackers have scouted out commercial or customer information. But several large-scale breaches in recent years have alarmed national-security officials, as the hackers appear to seek records that could be used for intelligence gathering and not for more run-of-the-mill purposes such as opening up new credit cards.
U.S. officials have been careful not to disclose what they know hackers might have stolen, as they fear it could help perpetrators decide how to use the information. But the senior administration officials said they are working to analyze the latest breach to try to make sure the stolen information doesn’t pose a danger to any of the potential victims.
U.S. lawmakers have expressed outrage about the breach, but until Friday they didn’t have a clear idea about the sensitivity of the stolen data. White House officials and other agencies are expected to brief lawmakers in classified and unclassified hearings next week as they learn more about the implications of the thefts for national security.
Secretary of State John Kerry and U.S. Treasury Secretary Jacob Leware set to meet their Chinese counterparts in Washington June 22 on a range of economic and strategic issues. Cybersecurity and hacking has taken top priority in previous discussions, including last year’s meeting in Beijing.
U.S. officials are still working to determine the origin of the breach. Hackers initially gained access to OPM’s network at least a year ago, but several more intrusions have been discovered since then. Some U.S. officials believe that these could have been separate incidents, though others believe it could have been a single hack that moved throughout the agency’s networks.
One reason the breach was so difficult to detect is because it didn’t have the “signature” of prior intrusions that make them easier to detect. These types of breaches are much more sophisticated and prove harder to block.
No comments:
Post a Comment
Comments always welcome!