Hackers compromised US security-clearance database – report
The hackers managed to steal the entire federal database of Standard Form 86, according to officials who spoke with AP on condition of anonymity. The form is submitted by individuals for a cavity-like background search, prior to gaining security clearance.
The 127-page-long form contains highly personal information about the individual, including possible drug and alcohol abuses, and financial and criminal histories. In addition, it contains a reference section with extremely sensitive information concerning the applicant’s contacts and relatives including their personal data.
Nearly all clearance holders working with the CIA, National Security Agency and military special operations personnel, have potentially been exposed, sources believe. The time of the intrusion so far remains unknown.
The Office of Personnel Management (OPM), which was the target of the hack, has not officially confirmed that the security clearance data of military or intelligence was breached. However, news of the second hack has been starting to circulate in both the Pentagon and the CIA.
“You don't need these records to blackmail or exploit someone, but it would sure make the job easier,” Evan Lesser, managing director of ClearanceJobs.com, told AP.
Sources claimed the attack originated in China, accusations which Beijing has denied.
“This tells the Chinese the identities of almost everybody who has got a United States security clearance,” Joel Brenner, a former top US counterintelligence official, told AP. Brenner believes that access to the information exposes the cover of some intelligence agents.
“The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies,” Brenner said.
Sources familiar with the matter in the Pentagon and the CIA said this was a different security breach than the earlier one announced by the OPM, in which the agency originally claimed only some four million people have been affected. The latest estimates suggest hackers might have managed to steal between nine and 14 million records, stretching back to the 1980s.
The OPM is still continuing their assessment of the damage caused by the intrusion that occurred in December 2014. On Thursday, the American Federal of Government Employees (AFGE) Union called the cyber-security failure “absolutely indefensible and outrageous.”
In their last press release, the OMP states that at “this time” there is no evidence that there has been “any use or attempted use” of personal data derived from the hack.
Since the attack, the OPM said it has implemented new security measures, such as restricting access and powers of remote administrators, and utilizing anti-malware software for further protection. A review of all connections to the network was also initiated.