Massive US Government Hack Could Be Used To Recruit Spies

Hackers got access to personal information for at least 21.5 million people, and that data might be used to extort the victims

Jul 10, 2015 at 6:35 PM ET

Even though the hackers in the massive U.S. government breach grabbed more than enough information to steal people’s identities, the biggest risk isn’t financial, according to some cyber security experts. It’s that all that personal information could be used to extort the victims and convert them into spies, the experts say.

The hack, which targeted the government’s Office of Personnel Management, probably affects every person given a government background check for the last 15 years, or at least 21.5 million Americans. While many recent hacks involved credit-card or e-mail information, this one includes Social Security numbers and fingerprints.

“This is much more serious than the Target hack (in which data for about 40 million credit and debit cards was stolen),” says Eva Velasquez, president and CEO of Identity Theft Resource Center, a nonprofit security assistance organization. “Credit cards are accounts you can easily change. It’s not the same when it’s the parts of your identity that can be used. If you think of your identity as a puzzle, the more pieces you have, the more damage you can do. There were some significant puzzle pieces in this breach.”

But those who are affected probably don’t have to worry about financial loss. Most experts believe the hacker is in China or tied to the Chinese government, and a government hack would mean that the information could be used for political or military gain.

“If we accept the narrative that this is a state-sponsored attack from the Chinese government, and most clues point towards that, then these hackers are generally interested in information that has a strategic use, not a monetary use,” says security journalist Brian Krebs. “If they wanted to recruit spies, I can think of no better cache of information to go after. You have all the information about what they do, where they do it.”

The data could even be used to extort the victims of the hack. “You may have information about that person’s weakness. In background checks, they interview your friends, your family, your enemies,” Krebs says. “It could be an extortion stream. So if you’re working for the government and you have access to sensitive information, you’re probably more of a target.”

Read More

Female Hacktivist Fighting ISIS: “We Won’t Stop” (Vocativ)
Hackers Dismiss Obama’s Cyber Security Order (Vocativ)