A private industry IT security firm tells Fox News that personal data stolen over the span of several high-profile U.S. cyber breaches is being indexed by China’s intelligence service into a massive Facebook-like network.
According to CrowdStrike founder Dmitri Alperovitch, Chinese hackers are using information gained from the breaches of the U.S. Office of Personnel Management, as well as intrusions into the Anthem and CareFirst BlueCross BlueShield health insurance networks, to build a complete profile of federal employees in what the company calls a “Facebook of Everything.”
“That can now be used to embarrass you publicly and force you to work for the Chinese government,” Alperovitch told Fox News. “It’s, in effect, a private version of Facebook with much more detail about your life than even Facebook has that the Chinese now have access to.” Current and former intelligence officials echoed the assessment.
As Fox News has reported, the most sensitive information stolen in the OPM breach was lifted from what is known as the Standard Form 86, or SF-86. The 127-page security clearance application is essentially a road map to your life. It contains highly detailed information on everything from where an applicant lived and worked, to personal references, family members, friends and associates, as well as drug history and intimate health information.
What’s startling is the fact that virtually all government employees and contractors who hold the top echelon of U.S. security clearances were impacted by the OPM breach, even the Director of the FBI. James Comey joked at an intelligence and national security summit last week that had his SF-86 been stored in a strongly encrypted database “maybe someone wouldn’t be reading it today.”
According to a law enforcement source close to the OPM investigation, the scope of the data stolen in the breach makes this a “generational problem.” Fox News is told that the big worry among those in the Intelligence Community is the possibility that applicants’ associates, friends and family will be impacted. Of particular concern, according to this source, is the likelihood that information on applicants’ children could be leveraged against them down the road.
Specifically, cybersecurity experts warn that this stolen information may be used for blackmailing and targeting of applicants’ children.
“To try to get them to reveal some information about their parent’s work and use that, eventually, for espionage activities,” Alperovitch explained to Fox News. “Information that has been collected about them may be used decades later.”
There is much concern among victims over the government’s response to the cyberattack, which left sensitive information on some 21.5 million individuals compromised. An intelligence source close to the OPM investigation tells Fox News that this is not an issue that can be fixed with merely a few years of credit monitoring – referring to the government’s current program that offers victims and their dependents credit and identity theft monitoring services free of charge.
While refusing to delve too far into specifics, Pentagon press secretary Peter Cook on Tuesday acknowledged the severity of the lingering vulnerabilities associated with the breach and offered assurances that the government is working vigorously to mend the damage.
“This is going to be a wide-ranging effort on the part of the federal government to try and address this,” Cook told reporters at a press briefing.