4 July 2015

THE 9 SCARIEST THINGS THAT CHINA COULD DO WITH THE OPM SECURITY CLEARANCE DATA

July 2, 2015

The theft of the SF-86 security clearance records of millions of current, former, and prospective U.S. government employees and contractors from the Office of Personnel Management (OPM) probably has the Chinese government doing a happy dance. This data breach may affect up to 6 percent of the entire U.S. population. What use can the data be to China? Here are nine things that can now be done on an industrial scale.

1. Identify undercover officers. It is unclear if Chinese intelligence could have gained access to information about intelligence agency personnel through OPM. It may not matter much. Some particularly security-conscious agencies do no not process their clearances through OPM, but with a complete list of people whom the OPM has investigated, it is child’s play to identify people who work for those particularly interesting agencies. If the Chinese Ministry of State Security wants to know whether Jane Doe is a CIA officer, it can check whether she shows up in the OPM data. If not, she probably is. This is precisely why the State Department stopped publishing its Biographic Register of Foreign Service Officers in 1974.

2. Neutralize U.S. government officials. If China finds itself vexed by a particularly effective or vocal anti-Chinese policy official, or a particularly aggressive intelligence officer, it could “neutralize” that person by framing him or her for some form of malfeasance that would cost a security clearance or a Senate confirmation. Things like this really happen. Remember when somebody framed Senator Robert Menendez for sexual improprieties? It almost got him arrested by the FBI. A deception operation always works best if it plays to something that the target already suspects. Hence, China could use the SF-86 data to find the weakest point of a clearance holder — be it money, psychological issues, sex or something else — the one that U.S. security officials would already be most worried about, and then structure their framing around that weakness.

3. Threaten overseas family members. China could use the SF-86s to identify any relatives of cleared Americans who live abroad. They could then threaten those relatives with harm unless the American cooperates. Alternately, China could share selected SF-86 data with other countries so that those countries could harass clearance holders who work there.

4. Harass clearance holders or their families in the United States. Are you a Chinese-American clearance holder in the United States? Chinese intelligence can make your life miserable right here in America. Operations like this are old hat for the Chinese government. For years, it has intimidated Chinese citizens, in both the United States and Australia, whom it identified as members of Falun Gong, as Tibetan activists, or simply as too pro-democracy in their inclinations.

5. Wire you for sound. Now that China knows where you live, its operatives can bug your house just like the KGB did to the chief of the CIA’s Afghan Group in season 3 of The Americans. Think that’s implausible? Russia managed to bug a conference room inside the secured State Department sixteen years ago. China should be able to do the same thing to your relatively unsecured home.

6. Figure out exactly what it takes to get a security clearance. China could do a statistical study of the SF-86s to find out what peccadilloes, degree of foreign contacts, or extent of debt applicants can have and still get clearances. This would be useful information to Chinese intelligence in its efforts to penetrate the U.S. government by recruiting young people likeAmerican student Glenn Shriver even before they have clearances.

7. Publish the data. If China wanted to go this route, it would probably do it through a cutout. The Chinese government could do this either as one big data dump or by publishing a selected list of people they sought to discredit by naming them as CIA or other undercover officers even if they were not actually such. This has happened in the past. In the late 1960s the East German Stasi sponsored the publication of a book called Who’s Who in the CIA. Most of the 3000 people named in the book did not work for the agency, though some did, such as Richard Welch, who was murdered in Athens several years later.

8. Guess passwords. Did your password incorporate your birthdate? The name of your home town? Your wife’s middle name? Congratulations, the Chinese intelligence service now knows those things thanks to the OPM hack. A simple algorithm can generate a password dictionary with decent odds of getting into your system.

9. Spear phish. China now has lots of data to make spear phishing possible. Why wouldn’t you click on the link apparently sent by your mother Edna Jones about the 4th of July parade in downtown Dubuque, where you grew up? If you do, however, you could lose control of your computer. That could be disastrous. Maybe you wrote some notes on your computer for your big briefing at work tomorrow. Or you mentioned your upcoming deployment in an email. Or maybe the Chinese retrieved copies of your love notes to your mistress. Now they have potential blackmail material. Or maybe they scarfed up the password to your online banking account. Now they can steal your money and swoop in to recruit you in your time of financial crisis. Or, if they get you on your unclassified work computer, you’ve got even bigger problems. Ask Sony how they feel about spear phishing.

Author’s Note: The Le Nouvel Observateur article cited repeatedly below can befound here in the original French. It has not yet been translated into English.

France’s DGSE spy agency also ‘listens to the world’ – report

France’s DGSE spy agency has been intercepting telephone communications across the world via a network of secret cables linking Europe with the rest of the world, an investigation by French daily Le Nouvel Observateur has revealed.

“The NSA isn’t there alone,” the newspaper noted following an investigation that lasted several weeks. “France is also listening to the world,” it added.

According to the newspaper, in early 2008, Nicolas Sarkozy authorized the DGSE to snoop on international communications transmitted via cables linking Europe with the rest of the world. According to the top secret plan, 700 million euros were earmarked each year from 2008 to 2013 to install interception stations where the cables end in France (particularly in Marseille, Penmarch and Saint-Valéry-en-Caux). According to L’Obs, the plan was later approved by Francois Hollande. At least five major cables routed to the US, India, Southeast Asia and West Africa were tapped during this period with the help of Orange operator and the Alcatel-Lucent group, the newspaper wrote. It also claims that, in November 2010, Nicolas Sarkozy and David Cameron signed a secret accord on cooperation between the DGSE and the UK’s GCHQ.

According to a new WikiLeaks report released earlier this week, Washington has been conducting a policy of economic espionage against France for over a decade, intercepting correspondences of the Finance Minister and French ambassador to the US, just to name a few, as well as snagging all corporate contracts valued at over $200 million. The revelations come in line with WikiLeaks’ ongoing publication of top secret documents from US surveillance operations against France, dubbed by the whistleblowing site as “Espionnage Élysée.”

According to WikiLeaks’ latest report, the “NSA has been tasked with obtaining intelligence on all aspects of the French economy, from government policy, diplomacy, banking and participation in international bodies to infrastructural development, business practices and trade activities.”

The documents allegedly show that the United States started spying on the French economic sector back in 2002. WikiLeaks said that some documents had been authorized to be shared with NSA’s Anglophone partners (the so-called “Five Eyes” group involving Canada, New Zealand, Australia and the UK.) According to the report, the UK has also benefited from the NSA’s economic espionage activities against Paris.

“The United States not only uses the results of this spying itself, but swaps these intercepts with the United Kingdom. Do French citizens deserve to know that their country is being taken to the cleaners by the spies of supposedly allied countries? Mais oui!” WikiLeaks founder, Julian Assange, said in a statement on Monday.

The documents reveal that the US has been monitoring the conversations and communications of the French Finance Minister, a French Senator, officials within the Treasury and Economic Policy Directorate, the French ambassador to the US, and officials with “direct responsibility for EU trade policy.”

“The US has been conducting economic espionage against France for more than a decade. Not only has it spied on the French Finance Minister, it has ordered the interception of every French company contract or negotiation valued at more than $200 million,” Assange stated.

Despite WikiLeaks’ tapping allegations, Barack Obama told Francois Hollande that Washington has not been spying on top French officials. Hollande nonetheless released a statement noting that the spying is “unacceptable” and “France will not tolerate it.”

No comments: