+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

The massive China hack on US data 'will be debilitating to US intelligence for a generation'

Jul 10, 2015, 20:00 IST

Hackers stole the personally identifying information of more than 20 million people, the Office of Personnel Management (OPM) revealed yesterday, in a breach that threatens to compromise US intelligence capabilities for years to come.

Advertisement

"Presuming these attacks came from China, it's debilitating to America's human intelligence capabilities for a generation," geopolitical expert Ian Bremmer, founder of Eurasia Group, told Business Insider via email.

Every single person who had applied for government security clearance - whether they were federal employees or not - in the last 15 years had their sensitive background information stolen when the database storing their personnel files was breached by Chinese hackers last year.

"If you underwent a background investigation through OPM in 2000 or afterwards ... it is highly likely that you are impacted by the incident involving background investigations," the OPM stated.

OPM reported that the types of compromised data may include 21.5 million Social Security numbers, as well as any information revealed on an SF86 form - a 120-page questionnaire that examines an applicant's personal history, including their financial records (including gambling addictions and any outstanding debt), drug use, alcoholism, arrests, psychological and emotional health, foreign travel, foreign contacts, and all relatives.

Advertisement

"I'm sure the adversary has my SF-86 now," FBI Director James Comey said to a Senate panel earlier this week. "My SF-86 lists every place I've ever lived since I was 18. Every foreign travel I've ever taken. All of my family, [and] their addresses."

REUTERS/Kevin LamarqueFBI Director James Comey testifies during a Senate Judiciary Committee hearing on "Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy" in Washington July 8, 2015. Some fear the stolen information could be used by the Chinese government to blackmail, exploit, or recruit US intelligence officers, compromising the success and safety of agents operating at home and abroad, but not all experts agree that the hack constitutes a severe threat to US intelligence.

"There is no blackmail threat," Dave Aitel, CEO of cybersecurity company Immunity, Inc., told Business Insider. "If there was any chance you could be blackmailed by a foreign government, the US would not have given you security clearance in the first place."

"If I sent you my SF86, you'd be pretty bored," he added.

In any case, the Obama administration has yet to call out the Chinese directly for its role in the hack - even though all evidence points to China as the origin of the attack - likely because the US regularly engages in the same kind of cyber espionage.

Advertisement

"The US has blamed China repeatedly but with little consequence," Bremmer said. "The US engages in cyber espionage as well, and China finds the practice far too profitable to give up - even as it risks further deterioration of the relationship."

Aitel agreed. "We may say, 'hey, cut that out,' but it is not a red line. If anything, it's standard government tradition," he said. "Unlike economic espionage, regular espionage is considered above board and normal."

In any case, Aitel noted, the breach was "hugely embarrassing" for the US government.

While OPM's database, which was largely unencrypted and monitored by a security department with little to no IT experience, was especially vulnerable to attack, the breach also reflects the narrowing gap between the cyber capabilities of the US and its adversaries.

"US officials make very clear that Chinese cyberattacks are the most serious challenge in relations between the two countries," Bremmer said. "The U.S. doesn't have the kind of lead on cyber that it does on conventional military force."

Advertisement

The massive breach - discovered by network-forensics company CyTech Services while it was doing a product demo of its new software package, CyFIR, for OPM in early June - was "classic espionage" on an unprecedented scale, a senior administration official told The New York Times last month.

"If there's compensation, it's that the U.S. almost surely has the same information on China," Bremmer said. "But if the Cold War is any guide, Americans won't be happy with a level playing field."

NOW WATCH: Gen. Stanley McChrystal on how Uber operates just like a special forces unit

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article