SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
30 Jun 2015

Hackers stole secrets of US government workers’ sex lives

It was already being described as the worst hack of the U.S. government in history. And it just got much worse. A senior U.S. official has confirmed that foreign hackers compromised the intimate personal details of an untold number of government workers.

Likely included in the hackers’ haul: information about workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity.

Those details, which are now presumed to be in the hands of Chinese spies, are found in the so-called “adjudication information” that U.S. investigators compile on government employees and contractors who are applying for security clearances. The exposure suggests that the massive computer breach at the Office of Personnel Management is more significant and potentially damaging to national security than officials have previously said.

Three former U.S. intelligence officials told that the adjudication information would effectively provide dossiers on current and former government employees, as well as contractors. It gives foreign intelligence agencies a roadmap for finding people with access to the government’s most highly classified secrets.

Obama administration officials had previously acknowledged the breach of information that applicants voluntarily disclose on a routine questionnaire, called Standard Form 86, but the theft of the more detailed and wide-ranging adjudication information appears to have gone overlooked.

“Whoever compromised the adjudication information is going to have clear knowledge, beyond what’s in the SF86, about who the best targets for espionage are in the United States,” Michael Adams, a computer security expert who served more than two decades in the U.S. Special Operations Command, told. “This is the most successful cyber attack in the history of the United States,” owing to the amount and quality of the information that was stolen, Adams said.

U.S. intelligence officers spend years trying to recruit foreign spies to gather the kinds of details and insights that are contained in adjudication information, one former senior U.S. official said. This official, who requested anonymity, added that adjudication information would give foreign intelligence services “enormous leverage” over U.S. personnel whom they might forcibly interrogate for information or try to recruit.

Adjudication information would include the results of polygraph examinations, both former U.S. officials said. The exam can be extraordinarily intimate, bordering on humiliating. One former official said a polygrapher once asked if he’d ever practiced bestiality. Another said questions are designed to root out potential leakers, noting that he was asked about what contacts he’d had with journalists, including in a social setting.

The OPM’s chief information officer, Donna Seymour, acknowledged when she testified at a House hearing on June 16 that “clearance adjudication information” had been compromised. But the remark went virtually unnoticed, as lawmakers mostly focused their attention on the agency’s embattled director and the OPM’s weak computer security.The adjudication process had a broad scope, taking into account the SF86 questionnaire, reports from background investigations, interviews with the applicant's family members and associates, his or her employment history, and for people seeking high-level clearances, the results of polygraph investigations.

Seymour said such records “span an employee’s career” and could stretch back as far as 30 years. Officials have said that as many as 18 million people may have been affected by the breach. Asked specifically what information the hackers had obtained, Seymour told lawmakers that she preferred to answer later in a “classified session.” Seymour didn’t specify how many people’s information was stolen. But the OPM oversees background investigations, which comprise a key part of the adjudication process, for more than 90 percent of security clearance applicants, according to the Congressional Research Service. An OPM spokesman didn’t respond to a request for comment in time for publication.

A former senior U.S. intelligence official, who asked to remain anonymous, said the OPM breach would cause more damage to national security operations and personnel than the leaks by Edward Snowden about classified surveillance by the National Security Agency. “This is worse than Snowden, because at least programs that were running before the leaks could be replaced or rebuilt,” the former official said. “But OPM, that’s the gift that keeps on giving. You can’t rebuild people.”

Adjudicators are in a powerful position because in deciding whether to recommend granting a security clearance, they have access to the entire scope of an applicant’s file and are told to make a subjective analysis. “The adjudication process is the careful weighing of a number of variables known as the whole-person concept,” according to official guidelines. “Available, reliable information about the person, past and present, favorable and unfavorable, should be considered in reaching a determination.”

By design, adjudication is an invasive process, meant to unearth risk factors including drug and alcohol abuse, extramarital affairs, a history of violence, and other events that speak to a person’s “trustworthiness” and their susceptibility to blackmail or being recruited to spy for a foreign government.

For instance, “compulsive gambling is a concern, as it may lead to financial crimes including espionage,” the guidelines say. Adjudicators are told to note “a pattern of compulsive, self-destructive, or high risk sexual behavior,” “relapse after diagnosis of alcohol abuse,” and “emotionally unstable, irresponsible, dysfunctional, violent, paranoid, or bizarre behavior,” among other warning signs in 13 categories.

Some of the embarrassing personal details found in some adjudications have been made public. That’s what happens after an applicant who was denied a security clearance launched an appeal. But those public reports are anonymous. The names are held back—but are contained in the OPM’s adjudication records. Those were compromised in the hack. In other words, it would be simple for spies to take these once-anonymous reports and attach a name to them.

How invasive are these exams? One applicant admitted to shooting his 19-year-old son in the leg during a physical altercation, sparked by an argument over whether his son’s girlfriend could live with him in the applicant’s grandmother’s house. Another applicant who’d held a clearance for 25 years while serving in the military had an affair with his former college roommate’s wife “on and off for more than twenty years,” his adjudicator noted. The applicant told the wife about the affair in 2014, and they’re “working through their problems.”

A third applicant was reprimanded by his supervisor for accessing pornography on his work computer. He had “not told his wife about these issues because he feels embarrassed by his conduct,” his file notes. Debts and drug and alcohol abuse are frequently considered in the adjudication process. One applicant was found to owe nearly $1.8 million from, among other things, four mortgages on three condominiums. He was denied a clearance. But another applicant’s clearance was granted on the condition that he stop drinking, after going through four alcohol addition treatment programs and relapsing every time.

Armed with such intimate details of a person’s worst moments, foreign spies would have unprecedented advantage against their U.S. adversaries. And the news is especially bad for people who hold the highest levels of clearance, which require more rigorous background checks, noted Adams, the computer security expert. “The higher up you go in your sensitivity levels, the more data that’s in your adjudication file,” he said.

Tags:
surveillance USA hackers information leaks
Source:
The Daily Beast
2740
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015