OPM Hack Far Deeper Than Publicly Acknowledged, Went Undetected For More Than A Year

OPM Hack Far Deeper Than Publicly Acknowledged, Went Undetected For More Than A Year, Sources Say

Jun 11, 2015, 4:59 PM ET
By MIKE LEVINE

The massive hack into federal systems announced last week was far deeper and potentially more problematic than publicly acknowledged, with hackers believed to be from China moving through government databases undetected for more than a year, sources briefed on the matter told ABC News.

"If [only] they knew the full extent of it," one U.S. official said about those affected by the intrusion into the Office of Personnel Management's information systems.

It all started with an initial intrusion into OPM's systems more than a year ago, and after gaining that initial access the hackers were able to work their way through four different "segments" of OPM's systems, according to sources.

Much of that data has been stored on OPM systems housed by the Department of the Interior in a Denver-area data center, sources said. And one of the four "segments" compromised held forms filled out by federal employees seeking security clearances.

As ABC News previously reported, the 127-page forms — known as SF-86's and used for background investigations — ask applicants for personal information not only about themselves but also relatives, friends, and potentially even college roommates.

OPM insists the information compromised by the intrusion into its systems does "not [include] the names of family members."

"Family members of employees were not affected by this breach," OPM says on its website.

However, U.S. officials speaking on the condition of anonymity say unequivocally such information was put at serious risk by the OPM hack. Of utmost concern are U.S. employees stationed overseas, including in countries such as China, whose government would covet personal information on relatives and contacts of American officials living in the communist country, according to officials.

"If the SF-86's associated with this hack were, in their entirety, part of the stolen information, then that would mean the potential release of a staggering amount of information, affecting an exponential amount of people," one U.S. official told ABC News on Sunday.

Acting as the government's human resources division, OPM conducts about 90 percent of background investigations for the federal government. Information from SF-86 forms dating back three decades could have been exposed in the cyber-attack, which the U.S. government strongly suspects was carried out by hackers in China, sources said.

Applicants seeking U.S. security clearances are required to provide the full names, dates of birth, places of birth and social security numbers of spouses or partners. Relatives' full names, dates of birth, current addresses and in some cases employment information are also required. And applicants are asked to the full names, dates of birth and addresses of "foreign contacts" — defined as a foreign national, including relatives, "with whom you, or your spouse, or cohabitant are bound by affection, influence, common interests, and/or obligation."

It's still unclear exactly what was compromised by the OPM hack, particularly because OPM officials and other authorities still don't have a good handle on how much information was actually stored by OPM in the first place, one U.S. official said. Nearly 50 government agencies send data to OPM for storage in some form, according to the official.

The intrusion was only noticed after OPM began to upgrade its equipment and systems. As soon as anomalies within the systems were noticed, the Department of Homeland Security and FBI were notified.

Over the next two weeks, OPM will be sending notifications to an estimated 4 million current and former government employees whose "Personally Identifiable Information" may have been compromised by the hack.

Those notifications "will state exactly what information may have been compromised," OPM says on its website.

And "since the investigation is ongoing, additional PII exposures may come to light," an OPM official acknowledged Sunday. "In that case, OPM will conduct additional notifications as necessary."

In a statement last week, an FBI spokesman said, "We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace."

An OPM spokesman did not immediately return a call seeking comment.

http://abcnews.go.com/ABCNews/opm-hack-deeper-publicly-acknowledged-undetected-year-sources/story?id=31689059


Comments

Post a Comment

Popular posts from this blog

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke...
Read more

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that th...
Read more

New ATM's: withdraw money with veins in your finger

New cash machines: withdraw money with veins in your finger Cash machine technology that reads the pattern of finger veins is already available in Japan and Poland   By Telegraph Reporters 6:59PM BST 15 May 2014 Cash machines could soon be installed with devices that identify customers by reading the veins in their fingers. The technology is already being rolled out in Poland, where 1,730 cash machines will this year be installed with readers, negating the need for a debit card and Pin. Developed by Hitachi, the Japanese electronics firm, the machines read the patterns of the veins just below the surface of the skin on your finger using infra-red sensors. The light is partially absorbed by haemoglobin in the veins to capture a unique finger vein pattern profile, which is matched to a profile. The technology is used by Japanese banks and also in Turkey, offering “groundbreaking levels of accuracy and speed of authentication”, Hitachi said, which in t...
Read more