Friday, 19 June 2015

Chinese Espionage: Was the OPM “Hack” Not a Hack, but Treason?

Written by 

Despite its importance, there’s a story that’s not getting out to the public — at least not as quickly as data that should be secret is getting out to the Chinese. Many of you have heard about the supposed “hack” of the Office of Personnel Management (OPM), in which the Chinese were able to obtain personal information on millions of U.S. government employees. But PJ Media’s Richard Fernandez points out that the term “hack” should be used advisedly. He then quotes technology site Ars Technica:

Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked — likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network.

As Fernandez explains, “social engineering” is Internet technology lingo and a euphemism for “Someone gave them the password.” And that means that “hack” here could be a euphemism for something else: Treason.

It also seems as if it probably wasn’t too hard for the Chinese to obtain the information. As Ars Technica also explains:

Some of the contractors that have helped OPM with managing internal data have had security issues of their own — including potentially giving foreign governments direct access to data long before the recent reported breaches. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project "was in Argentina and his co-worker was physically located in the [People's Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is 'so what's new?'"

In other words, foreign theft of our government data may no longer be the exception, but the rule. Yet with the incompetence reflected in this story, it’s hard to know if a given data breach is the result of bona fide treason or a prevailing Keystone Kops mentality. Were the Chinese given the user credentials, or did they somehow steal them from an individual not qualified to safeguard the information? In the least, at issue here is something akin to criminal negligence.

And critics say it starts at the top. Katherine Archuleta, the director of OPM, says that the breach was “discovered” only when her office implemented a plan to update OPM security — almost a year and a half after she assumed her position. In other words, it appears they stumbled upon it.

But did Archuleta stumble into her job? Fernandez points out that she’s an affirmative-action appointee, with her Opm.gov biography stating she’s part of an “inclusive workforce that reflects the diversity of America.” And what does she know about computer networks or security? Apparently nothing. As her biography informs:

Director Archuleta began her career in public service as a teacher in the Denver public school system. She left teaching to work as an aide to Denver Mayor Federico Peña. When Mayor Peña became Secretary of Transportation during the Clinton Administration, Archuleta continued her public service as his Chief of Staff. Later, Peña was appointed to head the Department of Energy and Archuleta served as a Senior Policy Advisor in the Office of the Secretary.

After the Clinton Administration, she went back to local government and became a Senior Policy Advisor to Denver Mayor John Hickenlooper.

Archuleta spent the first two years of the Obama Administration serving as the Chief of Staff at the Department of Labor to Secretary Hilda Solis.

As the Director of OPM, Archuleta is committed to building an innovative and inclusive workforce that reflects the diversity of America. As a long-time public servant, she is a champion of Federal employees.

So Archuleta may be qualified to secure “diversity,” and this may include the diversity of foreign spies in American networks. And while an OPM data breach doesn’t sound as sexy as James Bond combating Goldfinger, it’s a serious matter. As Congressman Mark Meadows (R-N.C.) explained, reported the Federal Times:

Meadows said the repercussions of the hacks will last for years, if not decades, and hurt American intelligence and military efforts.

"Consider the likelihood that intelligence and military officials will be blackmailed, bribed, and intimidated with the incredibly personal information they have entrusted to the U.S. government. Individuals with Top Secret (TS/SCI) security clearances are required to provide information on arrest records, lawsuits, drug or alcohol problems, divorces, bankruptcies and more — much of which may have been compromise[d]," Meadows said.

Moreover, it should be noted that OPM is an agency that handles personnel records for all the other government agencies.

And the criticism is coming from both sides of the aisle. Congressman Stephen Lynch (D-Mass.) said at a June 16 House Oversight and Government Reform Committee hearing, “‘I think I’m going to know less coming out of this hearing than I did when I walked in because of the obfuscation and the dancing around…. I wish that you were as strenuous and hard working at keeping information out of the hands of hackers as you are at keeping information out of the hands of Congress and federal employees,’ he told Archuleta,” reports the Washington Post. And Representative Ted Lieu (D-Calif.) stated at the hearing that because more competent OPM personnel were required and a signal needed to be sent, he was "looking here today for a few good people to step forward, accept responsibility and resign for the good of the nation." Lieu said there was a “culture problem” at the OPM.

Yet this just reflects the wider culture problem in our civilization, say critics. As Fernandez summed up:

OPM is right though. Encryption wouldn’t have helped. The problem was somewhere else. Modern Western society has its own definition of “social engineering”. It apparently means putting people in charge of things not because they know anything about it, but because they possess the highest symbolic value. Race, gender, inclination or identification — especially political identification — are so much more important these days then [sic] being able to tell a difference between a hashed key and corned beef hash.

Tragically, this just reflects Marxist regimes, under which the qualified would be replaced by incompetents with the “correct ideology.”

And what of Barack Obama, the man who appointed Archuleta? He stands behind her, saying that she “is the right person for the job.” And when the job is meeting a quota, this is certainly true.

Please review our Comment Policy before posting a comment

Affiliates and Friends

Social Media