China-linked hackers get data on CIA, NSA personnel with security-clearance: report

0
157

China-linked hackers appear to have gained access to sensitive background information submitted by US intelligence and military personnel for security clearances that could potentially expose them to blackmail, the Associated Press reported on Friday.

In a report citing several US officials, the news agency said that data on nearly all of the millions of US security-clearance holders, including the Central Intelligence Agency (CIA), National Security Agency (NSA) and military special operations personnel, were potentially exposed in the attack on the Office of Personnel Management (OPM).

It said more than 2.9 million people had been investigated for a security clearance as of October 2014.

The OPM did not immediately respond to requests for comment, but a senior US official confirmed that US investigators had discovered a separate attack on the OPM that targeted sensitive information about government employees similar to a hacking incident revealed last week.

The official, who spoke on condition of anonymity, could not confirm that the information obtained was from US intelligence and military personnel but did say it was “a different set of OPM systems and data” to that of the hack disclosed last week and did involve background data and security clearances.

A source familiar with the investigation said US investigators suspected a similar Chinese link to the other hacking incident.

Earlier on Friday, the White House said it could not confirm another AP report that as many as 14 million current and former US government employees had their personal information exposed to hackers in the other OPM breach.

The government said last week that the records of up to 4 million people had been compromised, making it one of the biggest known attacks on US federal networks. White House spokesperson Josh Earnest said the investigation was continuing into this breach.Sensitive data:

The AP report said a form authorities believed to have been accessed in the breach involving the intelligence and military personnel, Standard Form 86, required applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies.

The form required the listing of contacts and relatives, potentially exposing any foreign relatives of US intelligence employees to coercion, the report said. The form also required the applicant’s Social Security number and that of their cohabitant.

Later on Friday, without referring to the AP report, the Obama administration said it had ordered federal agencies to take extra steps to protect US government computer systems.

“Recent events underscore the need to accelerate the Administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure,” the White House said in a statement outlining its security measures.

Friday’s reports came as President Barack Obama’s top national security adviser, Susan Rice, met with a top Chinese military officer, General Fan Changlong, at the White House and stressed the need for the United States and China to narrow disagreements, including on cyber security.

China, which is also at odds with the United States over Beijing’s increasingly assertive pursuit of territorial claims in the South China Sea, has rejected as irresponsible any allegations that it was behind the hacking.

The cyber attacks and tensions over the South China Sea threaten to overshadow broader annual US-China talks covering economic and strategic ties between the world’s two biggest economies from June 22-24.

US government officials and cyber analysts say Chinese hackers are using high-tech tactics to build massive databases that could be used for traditional espionage, such as recruiting spies, or gaining access to secure data on other networks.

The OPM incident disclosed last week gave the hackers access to a trove of personal information, including birth dates, Social Security numbers, previous addresses and security clearances.

One official said the stolen information would enable an intelligence service to chart out relationships among US government employees and build pictures of individuals and their families, potentially enabling them to figure out ways to target or blackmail people for espionage purposes.