More details have emerged about the theft by Chinese hackers of millions of records from the Office of Personnel Management. A team from the New York Times says that “undetected for nearly a year, the Chinese intruders executed a sophisticated attack that gave them ‘administrator privileges’ into the computer networks at the Office of Personnel Management, mimicking the credentials of people who run the agency’s systems.”
The administration is still trying to determine how many of the SF-86 national security forms — which include information that could be useful for anyone seeking to identify or recruit an American intelligence agent, nuclear weapons engineer or vulnerable diplomat — had been stolen.
Perhaps most disturbing of all, the administration says it isn’t quite sure how it happened.
In congressional testimony and in interviews, officials investigating the breach at the personnel office have struggled to explain why the defenses were so poor for so long. Last week, the office’s director, Katherine Archuleta, stumbled through a two-hour congressional hearing. She was unable to say why the agency did not follow through on inspector general reports, dating back to 2010, that found severe security lapses and recommended shutting down systems with security clearance data.
When she failed to explain why much of the information in the system was not encrypted — something that is standard today on iPhones, for example — Representative Stephen F. Lynch, a Massachusetts Democrat who usually supports Mr. Obama’s initiatives, snapped at her. “I wish that you were as strenuous and hardworking at keeping information out of the hands of hackers,” he said, “as you are keeping information out of the hands of Congress and federal employees.”
Her performance in classified briefings also frustrated several lawmakers. “I don’t get the sense at all they understand the problem,” said Representative Jim Langevin, a Rhode Island Democrat, who called for Ms. Archuleta’s resignation. “They seem like deer in the headlights.”
Something walked through their defenses. The NYT noted that “the government has spent ‘at least $65 billion’ since 2006 on protective measures”. But though the shields should have been up, nobody actually turned them on even when multiple warnings were sounded. The Washington Post reports that a whiff of negligence is in the air and lawyers are encouraging federal employees to sue the US government for allowing the exposure of their personal details, which might allow, among other things, Chinese spies to buy things on their credit cards or impersonate them online.
As current and former federal workers try to figure out if their personal information was exposed in a recently disclosed breach at the Office of Personnel Management, experts say that there are protections built into the law that could enable the employees to take the government to court.
The agency is currently notifying those affected by the breach, which may have exposed the Social Security numbers, dates of birth and addresses of workers along with information about their careers in public service. The government is offering those caught up in the incident 18 months of credit monitoring and identity theft protections, but experts have warned that victims of data breaches may face an increased risk of fraud due to compromised information that persists after those services expire. And they may have other legal options. …
Rotenberg said consumers could argue that OPM was so negligent in protecting workers’ data that its actions amounted to willful disclosure of that information. “The agency was on notice that it had a security problem and failed to rectify it,” he said, referencing years of OPM Inspector General reports that highlighted problems with the agency’s digital defenses.
There’s a kind of perverted logic to the suit, undergirded by the idea that damage, no matter who causes it, should always be paid for by the American taxpayer. It’s the way Washington and perhaps the world, works.
The Obama administration is clearly thinking about which way to jump. On the one hand CBS News says it is unofficially confident China stole the data. “The Obama administration is increasingly confident that China’s government, not criminal hackers, was responsible for the extraordinary theft of personal information about as many as 14 million current and former federal employees and others, The Associated Press has learned. One sign: None of the data has been credibly offered for sale on underground markets popular among professional identity thieves.”
On the other hand president Obama remains reluctant to blame Katherine Archuleta, who after all he appointed as the “first Latina” to head the office. The Hill says “President Obama is standing by Office of Personnel Management (OPM) Director Katherine Archuleta despite a series of massive data breaches that have shaken the federal government, the White House said Wednesday. ‘The president does have confidence that she is the right person for the job,’ spokesman Josh Earnest told reporters.”
Archuleta and Seymour have been under fire since it was revealed that suspected Chinese hackers had made off with troves of federal workers’ data.
Initially, they said the breach had affected 4.2 million current and former executive branch employees. But the scope and scale is expected to rise dramatically after officials last week acknowledged a second breach had been discovered that exposed military and intelligence security clearance information.
It’s now believed every federal employee, government contractors, and even friends and family members named in government personnel files were also compromised, putting up to 14 million people’s data at risk.
Archuleta and Seymour took a three-hour beating from lawmakers on Tuesday during a House Oversight Committee hearing.
The reluctance of the administration to criticize Archuleta probably reflects a desire to minimize the attack’s seriousness. “The massive digital theft of millions of federal workers’ data is mounting pressure on President Obama to take a tougher stand against state-sponsored cyberattacks. Since the infiltration of the Office of Personnel Management by suspected Chinese hackers, lawmakers, experts and 2016 hopefuls have pushed for a range of responses, from economic sanctions to currency restrictions to aggressively hacking back at Beijing officials,” wrote the Hill.
Firing Archuleta and officially blaming Beijing for the attack would be an admission of the gravity of the damage and politically commit the president to a course of retaliation he appears loathe to take.
Robert Knake, a Senior Fellow for Cyber Policy at the Council on Foreign Relations has another explanation for the president’s reluctance to act. “There are two likely explanations for why the White House has not pinned the incident on China. The first possibility is that the evidence is not there yet. Given time, attribution may get to the point at which a public accusation would be warranted. A more intriguing option is that the administration hasn’t called China out because, under emerging norms for espionage in cyberspace, information on Federal employees is considered a legitimate target.” Under the “emerging norms” it was normal for China to steal from America.
They were also doing exactly what we should expect them to do, and what we should be prepared to counter. As General Michael Hayden, former director of both the NSA and the CIA in the Bush Administration put it, “This isn’t shame on China. This is shame on us.”
The trouble with that argument — which if enunciated in 1941 would hold that it wasn’t Japan’s fault for bombing Pearl Harbor but rather Roosevelt’s failure to defend the fleet that was at issue — is it presupposes an ongoing intelligence war with China and Russia as a justification for not retaliating. Thieving is business as usual.
Ok. But Knake’s next reportage of the administration’s convoluted thought process suggests yet another reversal. Obama can’t retaliate because that would spark a diplomatic war. If there’s a war on already then retaliation would be business as usual.
Director of National Intelligence James Clapper has stated in clear terms that the United States intelligence community does not engage in this kind of spying. To do so would undermine the global marketplace by providing an unfair advantage to state-owned enterprises (of which the United States has none).
Getting China to stop this activity is at the top of our diplomatic agenda. Stopping foreign intelligence services from spying is not. If the Obama Administration had taken the advice of former Ambassador to the United Nations John Bolton, and kicked the Chinese Ambassador out of the country in response to the OPM attack, we would be setting a standard to which we would not wish to be held.
Perhaps “business as usual” is China attacks and president Obama chalks it up to experience. On balance it seems like the president is reluctant to strike back at China and is looking at any pretext, however implausible, to justify “moving on”. Or as Knake puts it, “for now, the judgment of the national security community is that relative gains in intelligence are greater than relative losses. Simply put, we are better off in a world in which we can engage in this kind of spying, accepting that other countries will as well.”
To buy this argument one basically has to trust that the president sees the Big Picture more clearly than the public. Perhaps American intelligence poisoned the Chinese take-away; or it may be that America’s exploits against China dwarf the OPM attack. In which case the president is acting wisely by ostensibly refusing to act.
If you implicitly believed in the president you might take a step into the void knowing that his steady hand will guide you across the gap to the unseen next step. It’s a little bit like the scene in Indiana Jones and the Last Crusade where Indy must take a Leap of Faith across a yawning chasm.
It worked for Indy. Whether it will work for us is the real issue underlying the response to the OPM hack. To borrow the argument of Michael Hayden, it’s all to be expected. But what should we expect? It isn’t that people don’t trust China to attack, it’s just that one might not trust president Obama to defend.
Recently purchased by readers:
Brideshead Revisited (A CSA Word Classic) Audio CD, Abridged, Audiobook, CD by Evelyn Waugh
Moment of Battle, The Twenty Clashes That Changed the World Hardcover – Deckle Edge, May 21, 2013 by Jim Lacey
The Sword in the Stone (The Complete Classics) Audio CD, Audiobook, Unabridged by T. H. White
EA Short History of Prussia (Illustrated), Kindle Edition by John Abbott
Data Analytics Made Accessible, Kindle Edition by Anil Maheshwari
The Man Who Mistook His Wife For A Hat, And Other Clinical Tales Kindle Edition by Oliver Sacks (Author)
The Tell-Tale Brain, A Neuroscientist’s Quest for What Makes Us Human [Kindle Edition] V. S. Ramachandran
Possibly worth buying:
Farberware Classic Stainless Steel Yosemite 8-Cup Coffee Percolator
Shadows on the Koyukuk, An Alaskan Native’s Life Along the River
A Great Leap Forward?: Making Sense of China’s Cooling Credit Boom, Technological Transformation, High Stakes Rebalancing, Geopolitical Rise, & Reserve Currency Dream, Kindle Edition by John Mauldin
Eton Grundig Satellit 750 Ultimate AM/FM Stereo also Receives Shortwave, Longwave and Aircraft Bands – Black (NGSAT750B)
Did you know that you can purchase some of these books and pamphlets by Richard Fernandez and share them with you friends? They will receive a link in their email and it will automatically give them access to a Kindle reader on their smartphone, computer or even as a web-readable document.
The War of the Words for $3.99, Understanding the crisis of the early 21st century in terms of information corruption in the financial, security and political spheres
Rebranding Christianity for $3.99, or why the truth shall make you free
The Three Conjectures at Amazon Kindle for $1.99, reflections on terrorism and the nuclear age
Storming the Castle at Amazon Kindle for $3.99, why government should get small
No Way In at Amazon Kindle $8.95, print $9.99. Fiction. A flight into peril, flashbacks to underground action.
Storm Over the South China Sea $0.99, how China is restarting history in the Pacific
Tip Jar or Subscribe or Unsubscribe to the Belmont Club