A few days ago I reported on the theft of some outdated employee information from the Department of Homeland Security and the Federal Bureau of Investigation.
The data, which included names, titles, email addresses and office phone numbers of employees, was of limited use to someone attempting identity theft. However, the less known fact is that it could actually be a windfall for a foreign intelligence agency.
That's because when combined with other data from a broad variety of sources it can be used to paint an accurate picture of individual government employees in extreme detail.
It works like this: A hacker commits a breach into a government site and either posts the list of names for free, as was the case with the DHS and FBI data, or attempts to sell it, which is what happens with more valuable data such as health care records and credit card accounts.
An astute intelligence agency acquires the data, regardless of the source, and hangs on to it. As new breaches happen, the agency gathers potentially related data that is included in what has effectively become a vast data warehouse of government employees.
This compilation of personal information is bad enough, but when the bad guys perform data analysis, the risk to national security skyrockets. This is why "national security has to begin with cyber," said Dipto Chakravarty, senior vice president of engineering for security at CA Technologies. Chakravarty said that cyber-security is the hardest challenge for national security.
"I think what happens is that stealing data is easy," Chakravarty said. He pointed that information on how to find the various successors to the now closed Silk Road underground market is readily available on the dark web.
Once data, such as the employee lists stolen from the Department of Justice, is combined with other readily available information, the data can tell some important stories. He said that with big data analysis tools, it's easy to find a person's patterns and habits, where they routinely travel, how they spend their money and any activities they're involved in that could make them subject to exploitation.
Here's an example of how this all might happen. A foreign intelligence service perhaps has a list of employees for a critical government agency, such as the National Security Agency, which could have happened, since the health insurance plan used by that agency was breached two years ago.
The foreign intelligence analysts compare that list against credit card activity available because of a different, unrelated breach. That credit card data reveals a series of hotel stays and restaurant charges in an overseas location that the staffers being examined don't normally visit.
When a few other employees of the same agency are examined, they also exhibit related activities in the same location, perhaps charges at nearby hotels or dinners at the same restaurant.