Russia & China Use Hacked Databases to Find US Spies

id-2958070-cyberespionage_3-100601454-orig.jpg

Foreign spy agencies, including those from Russia and China, are cross checking hacked databases to identify U.S. intelligence operatives, according to a news report.

One secret network of US engineers and scientists, providing technical assistance to the country's overseas undercover agencies, has been compromised according to a story in the Los Angeles Times.

Foreign intelligence agencies are cross-referencing several compromised databases, whose information includes security clearance applications and airline records, to identify US intelligence agents, the report said.
The US Office of Personnel Management announced a breach of its security clearance database in June. That breach compromised information on the government’s Standard Form 86, a 127-page questionnaire that asks about an applicant’s past military experience, criminal background, computer hacking activities, financial problems and links to terrorism groups.

US lawmakers have worried that the OPM breach would endanger intelligence agents and open up applicants to blackmail.
With the OPM breach and other recent compromises, "our biggest fear has been that these data breaches were not isolated incidents, but part of a larger campaign with the intent to expose intelligence agents and others with security clearances around the world," Ken Westin, security analyst for cybersecurity Tripwire, said by email.
There is growing evidence that exposing intelligence agents was the motivation behind several breaches, he added.
The report raises several concerns for government agencies and private businesses, Westin said. "Our risk and threat models don't take into account the exponential damage that can come when datasets from multiple breaches are correlated," he said. "Big data isn't just used in business, but also cybercrime and espionage, and this is more apparent now than ever."

A "massive amount of data" that people willingly share helps make this type of espionage possible, said Tim Erlin, director of IT security and risk strategy at Tripwire. "The actual government records provide a key set of data, but when correlated with other information, enemy nation-states can assemble a dangerously complete picture," he said.
Computreworld:http://http://bit.ly/1J9PTLM

 

« Should the US Use Hidden Data to Warn Industry of Attacks?
Five Months After the OPM Attack. »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

Watch this webinar to discover how a WAF goes beyond a standard firewall and helps you meet security industry compliance.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Bob's Business

Bob's Business

Bob's Business adopts a fresh approach to information security awareness and compliance training, delivering key information through the use of short animated movies.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets is a global series of summits focusing on cyber security for critical infrastructure.

Cybernance

Cybernance

Cybernance provide an enterprise-wide, web-based software solution for managing and mitigating cyber risk based on key compliance frameworks.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

CSIRT-NQN

CSIRT-NQN

CSIRT-NQN is the Computer Incident Response Team for the Argentine province of Neuquen.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

HSB

HSB

HSB offers insurance for equipment breakdown, cyber risk, data breach, identity recovery & employment practices liability.

TM One

TM One

TM One is the enterprise and public sector business solutions arm of Telekom Malaysia Berhad (TM) Group.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

eCloudvalley Digital Technology

eCloudvalley Digital Technology

eCloudvalley Digital Technology is a born-in-the-cloud partner focused entirely on AWS services across APAC region.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.