OPM Data Breach News Just Keeps Getting Worse

By Wayne Rash  |  Posted 2015-06-15 Print this article Print
OPM Breach Details

By establishing an earlier intrusion date, one piece of the exfiltration puzzle appears to have been cleared up. As I mentioned in an earlier column, one of the mysteries of the OPM breach is how the Bad Guys managed to move such a vast quantity of data out of the agency in the relatively short time of a month or two. Surely, the question was asked, wouldn't someone have noticed all of that data moving out?

But if the breach was going on for more than a year, then the volume of data extracted at any one time would likely be much less. Divide that up among several infected computers and it becomes much more likely that such a data theft could have gone unnoticed. Even so, that's a lot of data, so it still seems likely that not everything on every record was taken.

The likelihood that not everything was taken is cold comfort for the many federal employees, current and former, whose trust in OPM and their government computer security was violated. They may still find that they have to spend the rest of their lives looking over their shoulders.

But it's potentially worse for the employees of a couple of intelligence agencies. While the Central Intelligence Agency, the State Department, the Defense Department and others do not depend on OPM for security clearances, background checks or personnel records, there's still a risk.

The intelligence services for each of these organizations will frequently provide cover for their deployed personnel by claiming that they actually work for a civilian agency, such as the Commerce Department or the Agriculture Department.

Now, it will be relatively easy for the Chinese, the Ukrainians or whomever was responsible for this breach to check to see if someone who is presenting themselves as an agriculture attaché actually works for the Department of Agriculture.

I realize this is the first time that the Ukrainians have been mentioned. Initial reports about the breach placed the blame on Chinese hackers, who seem to get blamed for many U.S. corporate or government data breaches.

However, one extremely reliable source tells me that the people who carried out the OPM breach communicated among themselves in Ukrainian. The question is, does that really mean anything? Nobody knows for sure, but that's pretty much the whole story when it comes to the OPM breach. Perhaps we'll find out soon.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel