Hacking as Offensive Counter Intelligence
The OPM intrusion has grave implications for the personally identifiable information of the four million present and former employees whose data was compromised. As this post on Hacking as Offensive Counter Intelligence makes clear, however, the even graver damage to national security likely stems from the now-disclosed fact that among the data compromised was security background information on those holding security clearances in the US government. Here's a sample:
Published by The Lawfare Institute
in Cooperation With
The OPM intrusion has grave implications for the personally identifiable information of the four million present and former employees whose data was compromised. As this post on Hacking as Offensive Counter Intelligence makes clear, however, the even graver damage to national security likely stems from the now-disclosed fact that among the data compromised was security background information on those holding security clearances in the US government. Here's a sample:
Whoever now holds OPM’s records possesses something like the Holy Grail from a CI perspective. They can target Americans in their database for recruitment or influence. After all, they know their vices, every last one — the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side (perhaps with someone of a different gender than your normal partner) — since all that is recorded in security clearance paperwork (to get an idea of how detailed this gets, you can see the form, called an SF86, here).
Do you have friends in foreign countries, perhaps lovers past and present? They know all about them. That embarrassing dispute with your neighbor over hedges that nearly got you arrested? They know about that too. Your college drug habit? Yes, that too. Even what your friends and neighbors said about you to investigators, highly personal and revealing stuff, that’s in the other side’s possession now.
Perhaps the most damaging aspect of this is not merely that four million people are vulnerable to compromise, through no fault of their own, but that the other side now so dominates the information battlespace that it can halt actions against them. If they get word that a American counterintelligence officer, in some agency, is on the trail of one of their agents, they can pull out the stops and create mayhem for him or her: run up debts falsely (they have all the relevant data), perhaps plant dirty money in bank accounts (they have all the financials too), and thereby cause any curious officials to lose their security clearances. Since that is what would happen.