Russia & China Use Hacked Databases to Find US Spies

Uploaded on 2015-09-16 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE--USA, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

id-2958070-cyberespionage_3-100601454-orig.jpg

Foreign spy agencies, including those from Russia and China, are cross checking hacked databases to identify U.S. intelligence operatives, according to a news report.

One secret network of US engineers and scientists, providing technical assistance to the country's overseas undercover agencies, has been compromised according to a story in the Los Angeles Times.

Foreign intelligence agencies are cross-referencing several compromised databases, whose information includes security clearance applications and airline records, to identify US intelligence agents, the report said.
The US Office of Personnel Management announced a breach of its security clearance database in June. That breach compromised information on the government’s Standard Form 86, a 127-page questionnaire that asks about an applicant’s past military experience, criminal background, computer hacking activities, financial problems and links to terrorism groups.

US lawmakers have worried that the OPM breach would endanger intelligence agents and open up applicants to blackmail.
With the OPM breach and other recent compromises, "our biggest fear has been that these data breaches were not isolated incidents, but part of a larger campaign with the intent to expose intelligence agents and others with security clearances around the world," Ken Westin, security analyst for cybersecurity Tripwire, said by email.
There is growing evidence that exposing intelligence agents was the motivation behind several breaches, he added.
The report raises several concerns for government agencies and private businesses, Westin said. "Our risk and threat models don't take into account the exponential damage that can come when datasets from multiple breaches are correlated," he said. "Big data isn't just used in business, but also cybercrime and espionage, and this is more apparent now than ever."

A "massive amount of data" that people willingly share helps make this type of espionage possible, said Tim Erlin, director of IT security and risk strategy at Tripwire. "The actual government records provide a key set of data, but when correlated with other information, enemy nation-states can assemble a dangerously complete picture," he said.
Computreworld:http://http://bit.ly/1J9PTLM

 

« Should the US Use Hidden Data to Warn Industry of Attacks?
Five Months After the OPM Attack. »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

Navarino

Navarino

Navarino is the maritime industry’s most advanced communications and connectivity company. We develop advanced technologies and innovative IT solutions including cyber security.

Axcient

Axcient

Axcient offers MSPs the most secure backup and disaster recovery technology stack with a proven Business Availability suite.

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI) is an independent, global think-tank. We bring together the world’s top global researchers to undertake ground-breaking research on blockchain technology.

Option3

Option3

Option3 (formerly Option3Ventures - O3V) primarily seek control investments in the growing cybersecurity mid-market, seeking to build champions with the scale to bring cutting-edge products to market.

Hunter Strategy

Hunter Strategy

Hunter Strategy focuses on delivering solutions that are concise, scalable, and target our customer’s complex technical challenges.

The Citadel Department of Defense Cyber Institute (CDCI)

The Citadel Department of Defense Cyber Institute (CDCI)

CDCI is established to address the critical national security needed for a skilled cybersecurity workforce.

SecureLayer7

SecureLayer7

SecureLayer7 is an international provider of integrated business information security solutions with an innovative approach to IT security.

Valimail

Valimail

Valimail delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Hushmesh

Hushmesh

Hushmesh is a start-up aimed at securing the world’s digital infrastructure by developing develop the Mesh, a global information space with automated security built in.

FutureRange

FutureRange

Specialising in IT Managed Services, Cybersecurity and Digital Transformation, FutureRange experts provide professional IT services for clients throughout Ireland and beyond.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

Walacor

Walacor

Walacor’s secure data platform represents the next generation of secure data and blockchain storage with a trust-first approach that revolutionizes enterprise data, and database management systems.

Whiteswan Identity Security

Whiteswan Identity Security

At Whiteswan, we are committed to protecting the digital landscapes of modern enterprises with adaptive, identity-first security solutions that ensure trust, compliance, and resilience.