Today’s installment of the ongoing “Cyber Pearl Harbor” saga is pretty hair-raising, as Newsweek reveals Chinese hackers got into the FBI’s computer systems, as well as the Office of Personnel Management, compromising “an untold number of FBI agents’ personnel files” with “potentially dangerous national security implications.”
One of those implications is that the FBI is responsible for investigating all the other data breaches, and protecting America against terrorism and espionage. As always, the breach was hushed up, and its full extent is still either unknown or being kept from the public, including potential primary and secondary identity theft victims. (When personnel files are raided, the friends and family of the targets have reason to be nervous that they might be the next targets.)
In this case, some degree of secrecy might have been defensible given the extreme sensitivity of FBI operations, but it’s weird that we’re suddenly hearing about it now, as a staggered release of bad news while public attention is elsewhere, thanks to a “veteran agent” speaking anonymously to Newsweek.
Said agent is having a very bad year, because he said he was also a victim of the Anthem Blue Cross hack in February. In May, he received a letter from the Office of Personnel Management that China’s data pirates had gotten into his personnel file.
When Newsweek asked this agent if he thought the entire 36,000-strong FBI workforce had been compromised, his answer was not encouraging, and it lent support to the contention that Chinese cyber-spies were essentially handed user names and passwords by the Administration: “I don’t think so…. but it’s pretty ugly. I guess [OPM staff] outsourced some of their software to a Chinese company. Unfortunately I don’t think anyone’s going to be fired like they should be.”
The agent concluded by warning that a large-scale penetration of the FBI could have “mind-boggling” implications for counter-intelligence and national security.
In the interests of fairness, Newsweek quotes a cyber security writer who thinks the damage to the FBI might be exaggerated by reading too much into the testimony of a single agent, which is a fair point.
Actually, the writer in question, Steve Ragan of CSO Online, went further and suggested Newsweek was essentially sensationalizing an existing story by reporting the news as an additional data breach or previously unsuspected extension of the OPM breach, because the FBI agent who spoke to Newsweek, and anyone else at the Bureau who might have been raided, were really just part of the ever-growing number of victims from the original hack – 4 million, 12 million, 18 million, you have to watch the congressional hearings on C-SPAN every day to keep track of what it’s up to. In other words, it’s not so much that “the FBI got hacked” as that “the entire U.S. government got hacked.”
That’s not exactly a comforting thought. Ragan goes way overboard in trying to under-sensationalize the story, putting an astonishing degree of faith in the idea that Chinese hackers can’t be responsible because the Obama Administration hasn’t formally accused China of perpetrating the assault: “For all we know, it was someone in Iceland using a really, really slow 3G connection. Then again, maybe it was Russia – pretending to be China. Perhaps it was an army of squirrels.”
But the situation is messy enough that some precision about which systems have been compromised, to the extent possible given how little reliable information we’ve been given by this secretive, inept, spin-obsessed Administration. “FBI employees were compromised by the OPM breach” is a very different story than “Chinese hackers broke into the FBI’s computer system, too,” but at the end of the day, if a large number of FBI personnel files were stolen, we’re still looking at a very big problem.
Is it plausible that the agent who spoke to Newsweek is the only FBI employee whose files were compromised? That seems like even more of a stretch than extrapolating from his account that everyone who works for the agency was hit. All 36,000 of them being affected is far more plausible than just one individual, especially as the scope of the breach keeps growing, and OPM testimony makes it clear just how completely the Administration was outmaneuvered by this army of squirrels, for a very long span of time.