SF86 Data Captured In OPM Hack

Etherwalk writes: The security clearance process in the United States includes filling out the 127-page SF86 form, which includes things like the citizenships of all your relatives and housemates, foreign contacts and financial interests, foreign travel, psychological and emotional health, illegal drug use, and many other matters. The recent breach by the Chinese Government apparently included that information for all executive employees up to cabinet level. It's pretty much a gold mine for intelligence work and social engineering of any kind.

WTF did they think would happen?

The SF86 data is essentially designed to track and identify every aspect of federal employees lives and backgrounds which would make them a target of extortion or blackmail by foreign intelligence.

Instead of keeping those records in distributed and isolated/compartmentalized silos(where the scope of any individual security failure would be non-catastrophic) where the cost-to-benefit ratio of data ex-filtration was much less attractive: they consolidated all of this data in one place where a single chink in the armor would allow an adversary to acquire the sum total knowledge in existence of their entire classified documents workforce...

TLDR: Morons put the 2nd largest and most expensive collection of blackmail material in the history of mankind(The Vatican "Archives" being the obvious #1) in a single place behind a padlock("hacker proof security" seems about as elusive to find in the wild as big foot) and then act shocked when they essentially gift wrapped a knife to cut through the fog of war for APT.

The ironic implication of this now is that the best defense against security threats is to disqualify anyone who had a security clearance previously from owning one an either:

A) Clean slate. Go back to the old way of doing things(until this happens again) and get a fresh batch of leverage,err... I mean "federal employees".
or
B) Abolish the idiotic system entirely. The spying incidents which the system was designed in reaction too were conspicuous absent of any spies who would have failed the background check process.

Get rid of ITAR/USML while you're at it!

Hell, why not just say "fuck it"?
Take the MAD approach and open source everything. When Predator drones are being 3d printed in people's basement the tree of liberty should get watered way more often.

Maybe without the illusion of secrecy, the nonsense secret squirrel playground games which caused WWII and WWIII will finally stop. While China is embroiled in a domestic insurgency/civil war America can laugh all the way to the bank.

Re:If...

[gcnaddict]

The only times we've ever heard of the US actually doing anything were with Stux and its variants, and that was always after they had done their damage. There really wasn't much of anything else, so there's no real way to know who's better because of the clandestine nature of these operations anyway.

At the very least, we know the Chinese are prolific, but we have no idea if the Chinese are better, the Russians, the United States, the Israelis... heck, maybe the Brits upstaged everyone. It's impossible to know.

Re:Bah! Media!

[rrr00bb5454]

SF86 data is extraordinarily sensitive. What they mean is that the attackers made off with a database of the financial problems, drug habits, family problems, hidden crimes, and sex fetishes of anybody that's working on anything sensitive. This data will determine who comes home to a hooker in his bed with requests for information and a crowbar in one hand and a bag of illegal drugs in the other. I'd say that the information is so sensitive, that it may actually weaken security to continue with this practice of having all of these confessions written down. I mean... if you can approach your boss and say "hey, i need to take a few weeks off to go to jail!" to which he responds "ok. you have plenty of leave!"; then that may leave you far less open to coercion then if you go into a panic over being found out by your boss for adultery. ("gah! i'll lose my clearance and never ever work again!")

Bandwidth Leak over Time

[Etherwalk]

He's probably referring to the amount of bandwidth used to move the data. Honestly someone should have been watching for mass uploads or downloads.

The breach occurred in December, was detected IIRC in April. Plenty of time to move data slowly and prioritize what you take, making you less likely to show a bandwidth spike.

Re:Bah! Media!

[lgw]

What they mean is that the attackers made off with a database of the financial problems, drug habits, family problems, hidden crimes, and sex fetishes of anybody that's working on anything sensitive.

It's worse than that. Foreign agents might be identifiable through this data. People sleeping with foreign nationals report that, and those foreign nationals might find their own government treats them like a spy now.

People will get killed behind this - likely a large number of people.