SF86 Data Captured In OPM Hack

Etherwalk writes: The security clearance process in the United States includes filling out the 127-page SF86 form, which includes things like the citizenships of all your relatives and housemates, foreign contacts and financial interests, foreign travel, psychological and emotional health, illegal drug use, and many other matters. The recent breach by the Chinese Government apparently included that information for all executive employees up to cabinet level. It's pretty much a gold mine for intelligence work and social engineering of any kind.

Bah! Media!

[quonsar]

So, what exactly do they mean by "breach". Someone got into some systems? Once there, did they take copies of data? That's a lot of data. Why didn't anyone see the mass exodus of gigabytes? The weasel worded breathless media reports are just dripping with a lack of specificity and reek of "omg phear the evil hackerz!" - they feel more designed to generate fear than inform. I view the whole thing with a jaundiced, skeptical eye.

if it's somehow accessible by the internet

[turkeydance]

it's Out There. All of it.

OK, I'll bite.

[ledow]

"U.S. officials privately said China was behind it."

Which officials, and why won't they speak on-record? Because they know that, stupidly, they've said that cyber-attacks could be seen as an act of war. And none of them are stupid enough to directly declare war on China on the basis of fuck-all evidence beyond "we got hacked, looked like the last hop had a whois somewhere in China".

This isn't enough to put in the papers, this isn't enough to act upon, but fuck if the US won't let *that* stand in their way.

You have NO WAY of knowing whether China are doing this, officially or not. When you do, you can make news stories and bring it up in international committees. Until then, it's some Chinese kid who's found a good source of credit card data to buy some Steam games for all the fuck you know.

Dickheads like these "officials" are either a) trying to put so much implication into people's heads that people just assume you ARE at war with China or b) have fuck-all to go on and speak carelessly and dangerously.

I'm not American, nor Chinese. But, fuck, this is a slippery slope if every time some hacker in Beijing touches your systems you're going to cry wolf and accuse China of officially stealing sensitive data.

What's the matter? Been too long since you had a decent enemy who could shoot back?

Schadenfreude on so many levels

[sideslash]

The NSA has been hacking pretty much everybody in the world and their little sister, so nobody should be shocked when the same thing happens to us.

The real kicker is the perennial lecture from clueless politicians about how we should put back doors into all our private sector encryption so law enforcement can take a peek whenever it likes. Because our information will be safe with the government. *snort*

Re:If it is the Chinese

[rickb928]

Doubtful. The OPM has been negligent in this area for decades. And they are not the only agency.

A bottom - to - top review and security renovation is critically needed, and should cost closer to $100Bn than not if it's done right. Everything, from .mil and DOD to mainline agencies and even .gov customer service sites, everything.

And not a review. A complete reimagining and reinstallation.

Not going to happen in this Administration, as they fear any analysis.

The fiasco of our former Secretary of State running a private server at their own residence for official email is a example of the utter and total lack of actual information security in our government, a situation that (or should be) intolerable.

But, politics.

Re:Bandwidth Leak over Time

[Rich0]

He's probably referring to the amount of bandwidth used to move the data. Honestly someone should have been watching for mass uploads or downloads.

The breach occurred in December, was detected IIRC in April. Plenty of time to move data slowly and prioritize what you take, making you less likely to show a bandwidth spike.

Also, it isn't like they're copying HD video here. A detailed register of every financial transaction you've ever made in your life including every time you dropped a quarter in an arcade machine as a kid might actually only be maybe a gigabyte in size, if that.

You can fit every book ever written on a ~1TB hard drive, uncompressed. A 127 page form doesn't actually take that much space to store.

And of course you can stream the data slowly as you point out, but unless the US is blocking sites like weather/news/etc this kind of bandwidth barely registers in the noise. If they let people listen to spotify at work that would be vastly more data than what was likely stolen.

Re:If it is the Chinese

[rworne]

China flexes their hacking skills while security researchers in the USofA worry they'll be jailed as terrorists by their own government?

Yup, I see no problem here.