Russia & China Use Hacked Databases to Find US Spies

Uploaded on 2015-09-16 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE--USA, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

id-2958070-cyberespionage_3-100601454-orig.jpg

Foreign spy agencies, including those from Russia and China, are cross checking hacked databases to identify U.S. intelligence operatives, according to a news report.

One secret network of US engineers and scientists, providing technical assistance to the country's overseas undercover agencies, has been compromised according to a story in the Los Angeles Times.

Foreign intelligence agencies are cross-referencing several compromised databases, whose information includes security clearance applications and airline records, to identify US intelligence agents, the report said.
The US Office of Personnel Management announced a breach of its security clearance database in June. That breach compromised information on the government’s Standard Form 86, a 127-page questionnaire that asks about an applicant’s past military experience, criminal background, computer hacking activities, financial problems and links to terrorism groups.

US lawmakers have worried that the OPM breach would endanger intelligence agents and open up applicants to blackmail.
With the OPM breach and other recent compromises, "our biggest fear has been that these data breaches were not isolated incidents, but part of a larger campaign with the intent to expose intelligence agents and others with security clearances around the world," Ken Westin, security analyst for cybersecurity Tripwire, said by email.
There is growing evidence that exposing intelligence agents was the motivation behind several breaches, he added.
The report raises several concerns for government agencies and private businesses, Westin said. "Our risk and threat models don't take into account the exponential damage that can come when datasets from multiple breaches are correlated," he said. "Big data isn't just used in business, but also cybercrime and espionage, and this is more apparent now than ever."

A "massive amount of data" that people willingly share helps make this type of espionage possible, said Tim Erlin, director of IT security and risk strategy at Tripwire. "The actual government records provide a key set of data, but when correlated with other information, enemy nation-states can assemble a dangerously complete picture," he said.
Computreworld:http://http://bit.ly/1J9PTLM

 

« Should the US Use Hidden Data to Warn Industry of Attacks?
Five Months After the OPM Attack. »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Secure Forum

Cyber Secure Forum

The Cyber Secure Forum is a premier cybersecurity event dedicated to bringing together experts, and professionals to explore the latest trends, share knowledge, and discuss strategies.

Uniscon

Uniscon

Uniscon is a leading provider of cloud security solutions in Europe.

Basis Technology

Basis Technology

Basis Technology provides software solutions for text analytics, information retrieval, digital forensics, and identity resolution.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

Statice

Statice

Statice develops state-of-the-art data privacy technology that helps companies double-down on data-driven innovation while safeguarding the privacy of individuals.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

Wiz

Wiz

Wiz - the first cloud visibility solution for enterprise security: A 360° view of security risks across clouds, containers and workloads.

Encova Insurance

Encova Insurance

Encova’s cyber liability coverage protects you and your customers in case of a security breach in your company's data.

MailChannels

MailChannels

MailChannels protects companies against malicious email threats. Used by 750+ hosting providers around the world.

Information Security Officers Group (ISOG)

Information Security Officers Group (ISOG)

ISOG's mission is to strengthen information security through awareness and education programs, promoting community and fellowship among information security leaders.

Privasee

Privasee

Make GDPR compliance simple with Privasee. Our software makes it easy to protect your data and ensure you’re compliant with the new regulations.

Crygma

Crygma

CRYGMA Quantum-Resistant Cryptographic Machines, the new standard in data encryption.

Redefine

Redefine

Redefine are Crypto-Native, Cyber Experts, and Blockchain Believers. We are here to make Web3 anti-fragile, safe and accessible to all.

Fescaro

Fescaro

FESCARO is a trusted cybersecurity partner for global automakers and their partners, helping them transition to software-defined vehicles (SDVs) with tailored automotive software solutions.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

M6iT Consulting

M6iT Consulting

M6iT Consulting is an industry-leading solution partner managing the IT requirements for a full range of companies.