The already-terrible tale of the “Pearl Harbor” hacker attack launched against U.S. federal government systems just got worse. The Chinese invaders pulled off a second massive security breach that may have given them access to “sensitive background information submitted by intelligence and military personnel for security clearances,” according to the Associated Press.
What the AP has reported actually sounds like an extension of something we began hearing about Thursday: the compromise of a database containing Standard Form 86, which contains a great deal of “deeply personal information” about the applicants for security clearances. As described by the AP, these forms discuss “mental illnesses, drug and alcohol use, past arrests and bankruptcies,” as well as important personal data, such as Social Security Numbers.
This would make for excellent blackmail material, as well as providing the hackers with secondary targets for electronic mischief. The stolen information included job and pay histories, which could turn the hackers on to plenty of additional targets. Rep. Mike Rogers, former chair of the House Intelligence Committee, is quoted as saying he thinks the stolen information could be used to set up “the mother of all spear-phishing attacks.”
The AP reports the affected personnel have not been officially notified yet. There could be as many as fourteen million people at risk, going all the way back to the 1980s.
The new twist is that officials now seem to believe the assault on those security clearance forms was a separate operation from the attack on the Office of Personnel Management, “a breach that is itself appearing far worse than first believed,” as the AP puts it.