Tuesday, June 16, 2015

Motive and Opportunity

The data breach that laid bear deep personal information about the federal workforce is a serious matter. Such data can kill.

We're still reacting to this knowledge:

Chinese hackers are blamed for a hack of the Office Of Personnel Management two weeks ago that put personal information for 4 million federal workers at risk. Administration officials said last week that hackers may have stolen applications for security clearances, in a second hack.

Blackmail, bribery, harassment, and just the data for even more breaches are bad enough.

But who is mentioned in this data--even those not federal employees--could matter even more, depending on where they live.

Let's recall the time in June 1950 when the North Koreans captured personnel records from us as the North Koreans swept into Seoul:

The ghastly mistake made during the early hours of 27 June [1950] was that the personnel records of more than five thousand Korean employees of the [American] embassy were left in their files. ...

Those files would fall into the hands of the [North Korean army], and none of the employees who remained at their homes in Seoul would survive the Communist occupation.

From This Kind of War.

Not that I'm saying there will be a liquidation campaign as the result of this data theft.

I'm just saying that this data is important and the harm that can be inflicted with this will depend on the level of opportunity to do harm and the degree of hostility that those who possess the information have toward us.


What if a team of Chinese agents had broken into the Pentagon or — less box office but just as bad — the U.S. Office of Personnel Management and carted out classified documents?.

The next day, the newspapers and morning TV shows would show pictures of the broken locks and rummaged filing cabinets. And if we caught the Chinese spies in the act, perp-walking them for the world to see? Boy howdy.

My hunch is that the airwaves would be full of people talking about how "this was an act of war." And I have no doubt that if the situation were reversed and we had sent our team to Beijing, the Chinese would definitely see it as an act of war.

Why yes. It is no less an attack on us by coming via the Internet than if Chinese troops carted off the physical files. But if it doesn't count, we should respond in kind.

Of course, given the nature of this sort of thing, I guess I can't know that we aren't. But the way this administration reveals information to make them look better, I think they would have revealed this by now.

UPDATE: If you like your highly classified personal data, you can keep your highly classified personal data:

Anxiety is spreading among defense officials and the military community that the recent theft of federal government data linked to China may affect hundreds of thousands of service members. ...

Some military officials believe the recent hack targeting the civilian-run OPM seized information from tens of thousands of Standard Form 86s, which are required for all service members and civilians seeking a security clearance. That includes service members of all ranks, officers and enlisted, in a wide range of job specialties and assignments.

Wonderful. One wonders what information our foes have stolen on our personal health information.

UPDATE: Really, this is really bad even if the theft was via the Internet and not a physical theft of documents. While President Obama can't be blamed completely for this, he is the president right now and doesn't seem to have any sense of urgency over this theft:

Yet note this: When the exchanges crashed on their maiden flight, the government managed to build a crudely functioning website in, basically, a month, a task they'd been systematically failing at for the previous three years. What was the difference? Urgency. When Obama understood that his presidency was on the line, he made sure it got done.

The serial IT disasters we have seen over the past seven years do not need a blue-ribbon commission or a really stern memo to fix them. If we want these holes fixed before they become catastrophic, we need leaders with a scorched-earth determination to have adequate IT. The only way that determination happens is if these failures become an existential threat to the careers of the politicians in charge.

Drama? No Obama. That's the signature attitude of this presidency to any foreign threat. If only the Chinese fell under the jurisdiction of the IRS. Then, we'd get action no matter how illegal.

UPDATE: China had access to those files for about a year:

The recently disclosed breach of the Office of Personnel Management’s security-clearance computer system took place a year ago, giving Chinese government intruders access to sensitive data for a year, according to new information.

The considerable lag time between breach and discovery means that the adversary had more time to pull off a cyber-heist of consequence, said Stewart Baker, a former National Security Agency general counsel.

Pardon me for letting my paranoia show, but with access for so long, is the only problem how much data China took from us?

What about data China could have put in our system? Could they have smoothed out data for any agents in place or even created new files for new people?

Could China have planted data on our loyal people that could lead to suspicions being cast upon them to cover one of their own agents as they steal information--or just to mess with our people?