Hacked data stolen during this year’s OPM, Anthem and United Airlines breaches are being analyzed by foreign governments gunning to identify American spies and undercover operatives, U.S. officials said.
Two officials speaking on condition of anonymity told the Los Angeles Times that intelligence services in China and Russia are each combing through databases compromised during some of the higher-profile hacks to occur recently, and at least one group of engineers and scientists who assist American spies has already been outed as a result.
Neither Beijing nor Moscow have been officially blamed by Washington for the hacks suffered by the Office of Personnel Management, Anthem Inc. or United. Nevertheless, sensitive data pilfered during the attacks has ended up in the hands of Chinese and Russian agents who are furiously cross-indexing the information, the paper reported.
Security clearance records pertaining to more than 21.5 million government employees and contractors were compromised in the OPM breach earlier this year. Social Security numbers, birthdates and other personally identifiable information for millions of Anthem’s health care customers were pilfered by hackers in a separate attack, and United said its networks suffered an intrusion at around the same time as the OPM hack.
The L.A. Times said U.S. officials have seen evidence confirming China’s Ministry of State Security has aggregated data from those three hacks. Additionally, a review of malware used in the Anthem breach suggests Beijing might even be responsible, the officials said.
The sources claim that the Kremlin has indexed the data, too, and that hackers linked to its Federal Security Service, or FSB, are believed to have been behind attacks waged last year against the State Department and several U.S. banks.
A spokesman for the Chinese embassy told the paper that his government “firmly opposes and combats all forms of cyberattacks in accordance with the law.”
The Russian Embassy did not answer multiple requests for comment, but an aide to President Vladimir Putin said previously with respect to the State Department hack that “blaming everything on Russia” had become “some sort of sport,” the paper reported.
Mike Oppenheim, the manager of threat intelligence at cybersecurity firm FireEye, told The New York Times previously that he believed hacks orchestrated by Beijing were being used “to build a database of Americans, with a likely focus on diplomats, intelligence operatives and those with business in China.”
Indeed, both sources who spoke to the L.A. Times this week said an undisclosed number of contractors who provide technical assistance to undercover operatives has already been compromised as a result of that sort of the data analysis.
According to a separate report this week released by Wisconsin’s Hold Security, Russian speaking hackers have breached 97 websites, mostly dating-related, during July and August and have stolen credentials pertaining to potentially hundreds of thousands of users.
On the heels of the recent Ashley Madison hack, Bill Ho, the CEO of security firm Biscom, told The Washington Times last week that information stolen from one site may become invaluable once it’s combined with other hacked data.
“Simply getting a person’s name, address and phone number wouldn’t be that devastating, but when that information is also tied to credit card numbers, bank information and other confidential data, then the possibility that it can be used for abuse rises substantially,” Mr. Ho said.
“It’s likely that cybercriminals are also pulling from multiple hackers, buying data breach data on the black market or other sources and potentially building up a more detailed dossier of their targets. As more data is breached, these profiles are more complete and thieves can more easily use this information against their victims,” he said.