One of the top news stories last week was an announcement by the U.S. Office of Personnel Management (OPM) that its computer systems had been hacked by China. In case you missed it, the revelation contained some sobering news for security clearance holders: you were most likely the intended targets.
The fact that foreign governments routinely attempt to hack into U.S. government computer systems is old news. Cyber espionage has been around almost since the dawn of the internet. What is new, however, is the increasingly aggressive nature with which foreign intelligence services are targeting the personal information of security clearance holders. They’re now after not just classified information but also the people who have access to it.
How PII is used for espionage
Interestingly, U.S. intelligence experts have also recently pointed the finger at China for massive (and successful) hacking attacks on U.S. companies, like healthcare provider Anthem. In the Anthem case (which occurred just a few months ago), the medical records of nearly 80 million people were stolen. The breath-taking nature of the data compromise aside, one has to ask why a government like China would care about U.S. citizens’ medical records? Some analysts believe that the information’s real value is in helping China build a database of U.S. citizens – specifically, security clearance holders – to determine who may have exploitable weaknesses for espionage purposes. The process hypothetically works something like this:
STEP ONE:
Obtain list of U.S. security clearance holders and military personnel.
STEP TWO:
Cross-reference those individuals with medical records and other records (e.g. banking records) obtained by hacking.
STEP THREE:
Determine who has vulnerabilities that might make them betray their country. A prized find might be someone who, for example, is living beyond their means or who has a medical condition that is draining their life’s savings.
On a related note, both I and Clearancejobs.com editor Lindy Kyzer have previously warned about the risks “people search” and other social engineering websites pose to security clearance holders. The outrageously invasive information available on these websites could allow a foreign intelligence agency to take their targeting even one step further – a process known as “social engineering.” It isn’t a difficult logic leap.
Your personal information = a valuable commodity
The lesson in all of this is that your personal information is a valuable commodity. Be cautious of what you post online. Be an informed consumer when it comes to the data privacy practices of companies with whom you do business. And remember: a little paranoia is a healthy thing.
This article is intended as general information only and should not be construed as legal advice. Consult an attorney regarding your specific situation.