Hacking as Offensive Counterintelligence

Posted: June 8, 2015 in Tech

Hacker-Isloate

Washington, DC, is reeling from revelations that the Office of Personnel Management, the Federal government’s HR hub, has been extensively hacked. OPM is an obscure but important agency since it holds the personnel records of Federal workers, past and present, and even more, it conducts background investigations for security clearance holders across many Federal agencies.

Whoever now holds OPM’s records possesses something like the Holy Grail from a CI perspective.  They can target Americans in their database for recruitment or influence. After all, they know their vices, every last one — the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side (perhaps with someone of a different gender than your normal partner) — since all that is recorded in security clearance paperwork (to get an idea of how detailed this gets, you can see the form, called an SF86, here).

Perhaps the most damaging aspect of this is not merely that four million people are vulnerable to compromise, through no fault of their own, but that the other side now so dominates the information battlespace that it can halt actions against them. If they get word that a American counterintelligence officer, in some agency, is on the trail of one of their agents, they can pull out the stops and create mayhem for him or her: run up debts falsely (they have all the relevant data), perhaps plant dirty money in bank accounts (they have all the financials too), and thereby cause any curious officials to lose their security clearances. Since that is what would happen.

If this sounds like a nightmare scenario for Washington, DC, that’s because it is. Decades of neglect have gotten us here and it will take decades to get us out of it. The first step is admitting the extent of the problem. Getting serious about security and counterintelligence, finally, is the closely related second step. Back in the 1990’s, CI professionals warned the U.S. government about the hazards of putting everything online (we also pointed this out about internal databases that were supposed to be “secure”). Any cautions or caveats were dismissed as “old think,” out of hand. We were right about this, just as we were right about insider threats like Snowden. The past is the past, it’s time to move forward and do better without delay. The SpyWar is heating up and there’s no time to waste.

Full Story @ [20committee]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s