July 11, 2015

OPM Hack — The Real Damage

Filed under: Probable Cause — Tags: , , — Bill @ 7:46 am

MSS-ChinaBy now readers probably know that Katherine Archuleta, director of the U.S. Office of Personnel Management (OPM), resigned Friday.   Her politically-expedient “resignation” was inevitable after the compromise of sensitive information in the personnel files of at least 21.5 million present and former federal employees, files OPM is responsible for securely maintaining and storing.  The feds suspect that the Ministry of State Security of the People’s Republic of China, the Guojia Anquan Bu or Guoanbu, is behind the data breach.

Ho-hum.  We’ve heard this all before — same song, different orchestra.  This time, the amount of data swiped was huge, but so what?  Should you or I really care if the Guoanbu filched a ton of Social Security numbers from OPM?  No.  And yes.

No, because it’s doubtful the Chicoms intend to raid Social Security’s funds (Besides, Congress beat them to it years ago.)

Yes, because if the hack was committed by the Guoanbu or any other competent foreign intelligence agency, the files they got were very sensitive investigative files on applicants for US government security clearances and special accesses.  Investigative files — information uncovered during the course of an applicant’s background investigation — not just Social Security numbers.   Those files would include credible derogatory information that might reflect on the applicant’s suitability to have access to sensitive classified and special access information affecting the national security.  In most instances some of those investigative files are off-limits to even the applicant.  That’s precisely the information a foreign intelligence service would love to get its hands on when its case officers are spotting prospective Americans who might be persuaded or induced to betray the United States.

As this article from explained:

The records that were compromised in the breach announced Thursday include detailed, sensitive background information, such as employment history, relatives, addresses, and past drug abuse or emotional disorders. OPM said 1.1 million of the compromised files included fingerprints.

Some of the files in the compromised database also include “residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details,” OPM said.

Also included in the database is information from background investigations, as well as usernames and passwords that applicants used to fill out investigation forms. And although separate systems that store health, financial, and payroll information do not appear to have been compromised, the agency says some mental health and financial information is included in the security clearance files that were affected by the hack.

This information in the hands of skilled intelligence analysts and case officers allows them to exploit with greater certainty the strengths and weaknesses of those whom the intelligence service might seek to recruit as a human intelligence source or agent of influence or support person.

OpenCdA is neither surprised or disappointed that Katherine Archuleta was fired by the President.  She was an incompetent, unqualified political hack who was selected for that position as a reward for her political service and loyalty to the President rather than for her administrative skills.

However, Katherine Archuleta was not responsible for creating the conditions that made it easier for hostile intelligence services to identify potential spies among us.  No, that honor can more properly be bestowed on the present and many previous presidents and blatherskite members of congress who campaign with a mouthful of national security promises but deliver a handful of political payoffs that limits agency heads’ abilities to protect the nation from exactly the kinds of penetrations that have seemingly become commonplace.

Presidents and members of Congress publicly harrumph with outrage when breaches such as those at OPM occur or when private contractors such as Ed Snowden are given placement and access to national security information that ultimately ends up in the hands of the nation’s enemies.  Yet when it comes time to authorize and fund the measures that could effectively plug the holes, the harrumphers seem more inclined to reject remedies sought by the hole-pluggers than fulfill their campaign promises to protect the national security.  It’s more politically expedient to write national security damage assessments and fire agency heads than it is to adopt and defend measures which effectively protect the national security.



  1. Very interesting, Bill. One of our sons was probably part of those whose info was taken, but I never thought about it in the expanded terms you’ve laid out here. I thought having basic personal info compromised was bad, but now I see the larger national security vulnerabilities to which we are exposed because of inadequate information security. Thanks.

    Comment by mary — July 11, 2015 @ 2:34 pm

  2. Mary,

    If your son’s information was compromised, he should receive a letter notifying him of that and of the no-cost remedies the OPM will be making available (e.g., free credit monitoring for a year, etc.).

    Comment by Bill — July 11, 2015 @ 2:48 pm

  3. Yes, he did Bill.

    Comment by mary — July 13, 2015 @ 8:40 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress
Copyright © 2019 by OpenCDA LLC, All Rights Reserved