Tuesday 28 July 2015

U.S. Fears Data Stolen by Chinese Hacker Could Identify Spies

American officials are concerned that the Chinese government could use the stolen records of millions of federal workers and contractors to piece together the identities of intelligence officers secretly posted in China over the years.

2 comments:

Guanyu said...

U.S. Fears Data Stolen by Chinese Hacker Could Identify Spies

Mark Mazzetti and David E. Sanger
25 July 2015

American officials are concerned that the Chinese government could use the stolen records of millions of federal workers and contractors to piece together the identities of intelligence officers secretly posted in China over the years.

The potential exposure of the intelligence officers could prevent a large cadre of American spies from ever being posted abroad again, current and former intelligence officials said. It would be a significant setback for intelligence agencies already concerned that a recent data breach at the Office of Personnel Management is a major windfall for Chinese espionage efforts.

In the days after the breach of records of millions of federal workers and contractors became public last month, some officials in the Obama administration said that the theft was not as damaging as it might have been because the Chinese hackers did not gain access to the identities of American undercover spies.

The records of the C.I.A. and some other intelligence agencies, they said, were never part of the personnel office’s databases, and were protected during the breach. Officials said intelligence agencies were taking steps to try to mitigate the damage, but it is unclear what they are specifically doing.

But intelligence and congressional officials now say there is great concern that the hackers — who government officials are now reluctant to say publicly were working for the Chinese government — could still use the vast trove of information to identify American spies by a process of elimination. By combining the stolen data with information they have gathered over time, they said, the hackers can use “big data analytics” to draw conclusions about the identities of operatives.

“The information that was exfiltrated was valuable in its own right,” said Representative Adam B. Schiff of California, the top Democrat on the House Intelligence Committee. “It’s even more compromising when it is used in combination with other information they may hold. It may take years before we’re aware of the full extent of the damage.”

The C.I.A. and other agencies with undercover officers would be cautious about immediately withdrawing spies from China because that would raise suspicions among Chinese counterintelligence operatives. A C.I.A. spokesman declined to comment.

The C.I.A. and other agencies typically post their spies in American embassies, where the officers pose as diplomats working on political affairs, agricultural policy or other issues. The American Embassy in Beijing has long housed one of the largest C.I.A. stations in the world, with intelligence officers gathering information on China’s political maneuvering, economic development and military modernization.

Several current and former officials said that even if the identities of the agency officers were not in the personnel office’s database, Chinese intelligence operatives could run searches through the database on everyone granted visas to work at American diplomatic outposts in China. If any of the names are not found in the stolen files, those individuals could be suspected as spies by a process of elimination.

The director of the National Security Agency, Adm. Michael S. Rogers, alluded to that problem Thursday night during an interview at the Aspen Security Forum in Colorado.

“From an intelligence perspective, it gives you great insight potentially used for counterintelligence purposes,” Admiral Rogers said. “If I’m interested in trying to identify U.S. persons who may be in my country — and I am trying to figure out why they are there: Are they just tourists? Are they there for some other alternative purpose? — there are interesting insights from the data you take from O.P.M.”

Guanyu said...

Admiral Rogers suggested another possible motive of the hackers: The data could be used for developing sophisticated “spear phishing” attacks on government officials. In those attacks, victims click on what seem to be innocent emails from known sources, allowing viruses into their computer networks.

Admiral Rogers said it was “not perhaps unrelated that in the past nine months I am watching huge spear phishing campaigns targeted at the United States,” though he would not name the countries that are the sources of the attacks.

Officials said it was not yet clear how Chinese officials were using — or might use — the stolen files, which include personal information gathered during background checks of government workers, many who now hold Top Secret clearances.

“As a practical matter, you have to assume that all of the information has been exposed and can be exploited,” said Mr. Schiff, who added that it was prudent to plan for “worst-case scenarios.”

Some former officials said they were not overly alarmed that the data breach could do long-term damage to American intelligence collection, saying it was uncertain how many hard conclusions about American spies the Chinese could draw from the millions of personnel files — a mountain of data that could become overwhelming.

“The Chinese have created their own big data problem,” said Rob Knake, a former director of cybersecurity policy issues at the National Security Council and now a senior fellow at the Council on Foreign Relations.

Mr. Knake said the C.I.A. and other intelligence agencies would be able to adapt in the event that secrets were exposed. Still, he said, the breach had the potential for “a whole bunch of C.I.A. case officers spending the rest of their careers riding desks.”

Sophisticated computers equipped to analyze millions and even billions of files allow intelligence operatives to make use of information that was once of uncertain value.

Joel Brenner, the former head of counterintelligence for the director of national intelligence, said the Chinese could search the database with the names of suspected spies they had gathered over the years. “You run 200 of those people through, and you have a pretty good idea of what they are and are not keeping in the system,” he said.

In the United States government there is little debate that China was the source of the attack on the Office of Personnel Management, which unfolded over at least 18 months. Last month the director of national intelligence, James R. Clapper Jr., said, “You’ve got to salute the Chinese for what they did,” before retreating to say China was the “leading suspect” in the case.

One former senior C.I.A. officer and one congressional official, both speaking on the condition of anonymity because they have received classified briefings about the data breach, said the hackers also managed to get personal information of retired C.I.A. officers that was in the databases.

Current and former American officials said that the hacking of the security clearance information will be a problem for years. The highly personal and potentially embarrassing information in the background questionnaires includes details about finances, drug and alcohol use, contacts with foreigners and mental health issues.

Mr. Clapper said Friday in Aspen that O.P.M.’s contractors had fallen so far behind in conducting security clearances — partly because of the hacking — that the intelligence agency’s periodic review of employees was far behind. But he was philosophical about the breach.

“If we had the opportunity to do the same thing,” he said, “we’d probably do it.”