In what Rep Mike Rogers called "the mother of all spear-phishing attacks," AP reports a second cyberattack linked to China appears to have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, according to several U.S. officials. Coming on the same day as the US Senate failed to pass a cyber-security shield bill and China's urhging US to reduce military activities in The South China Sea, 'anonymous' official sources noted this second cyberbreach of federal records could dramatically compound the potential damage.
China urges U.S. not to take a position on South China Sea issue, reduce military activities in the area to keep peace and stability, Fan Changlong, vice chairman of China’s Central Military Commission, told U.S. Defense Secretary Ashton Carter during a meeting in U.S., according to a statement on the defense ministry says.
The two countries should focus more on major intl and regional issues: Fan
China urges U.S. to stick to “One China” principle and not to send wrong signals to Taiwan pro-independence groups
And then, the Senate failed to pass a cybersecurity bill...
- *U.S. SENATE FAILS TO ADVANCE CYBERSECURITY AMENDMENT
And now, as AP reports, hackers linked to China appear to have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, several U.S. officials said Friday, describing a second cyberbreach of federal records that could dramatically compound the potential damage.
The forms authorities believed to have been accessed, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant's Social Security number and that of his or her cohabitant is required.
The officials spoke on condition of anonymity because the security clearance material is classified.
The security-clearance records provide "a very complete overview of a person," said Evan Lesser, managing director of ClearanceJobs.com, a website that matches security-clearance holders to available slots. "You don't need these records to blackmail or exploit someone, but it would sure make the job easier."
The Office of Personnel Management, which was the target of the hack, has not officially notified military or intelligence personnel whose security clearance data was breached, but news of the second hack was starting to circulate in both the Pentagon and the CIA.
The officials said they believe the hack into the security clearance database was separate from the breach of federal personnel data announced last week — a breach that is itself appearing far worse than first believed. It could not be learned whether the security database breach happened when an OPM contractor was hacked in 2013, an attack that was discovered last year. Members of Congress received classified briefings about that breach in September, but there was no mention of security clearance information being exposed.
The OPM had no immediate comment Friday.
* * *
The question now is twofold: a) is this war? and b) how does US respond?
Please, please, please - Give Us Back Our NSA - make us safe!!