Foreign spy services, especially in China and Russia, are aggressively aggregating and cross-indexing hacked U.S. computer databases — including security clearance applications, airline records and medical insurance forms — to identify U.S. intelligence officers and agents, U.S. officials said.
At least one clandestine network of American engineers and scientists who provide technical assistance to U.S. undercover operatives and agents overseas has been compromised as a result, according to two U.S. officials….
Counterintelligence officials say their adversaries combine those immense data files and then employ sophisticated software to try to isolate disparate clues that can be used to identify and track — or worse, blackmail and recruit — U.S. intelligence operatives
.Digital analysis can reveal “who is an intelligence officer, who travels where, when, who’s got financial difficulties, who’s got medical issues, [to] put together a common picture,” William Evanina, the top counterintelligence official for the U.S. intelligence community, said in an interview.
Asked whether adversaries had used this information against U.S. operatives, Evanina said, “Absolutely….”
U.S. intelligence officials have seen evidence that China’s Ministry of State Security has combined medical data snatched in January from health insurance giant Anthem, passenger records stripped from United Airlines servers in May and the OPM security clearance files.
The Anthem breach, which involved personal data on 80 million current and former customers and employees, used malicious software that U.S. officials say is linked to the Chinese government. The information has not appeared for sale on black market websites, indicating that a foreign government controls it.
U.S. officials have not publicly blamed Beijing for the theft of the OPM and the Anthem files, but privately say both hacks were traced to the Chinese government….
According to U.S. officials, Russian hackers linked to the Kremlin infiltrated the State Department’s unclassified email system for several months last fall. Russian hackers also stole gigabytes of customer data from several U.S. banks and financial companies, including JPMorgan Chase & Co., last year….
In late July, for example, an unclassified email system used by the Joint Chiefs and their staff — 4,000 people in all — was taken down for 12 days after they received sophisticated “spear-phishing” emails that U.S. officials suspect was a Russian hack.
The emails appeared to be from USAA, a bank that serves military members, and each sought to persuade the recipient to click a link that would implant spyware into the system.Defense Secretary Ashton Carter said the hack shows the military needs to boost its cyberdefenses.
“We’re not doing as well as we need to do in job one in cyber, which is defending our own networks,” Carter said Wednesday. “Our military is dependent upon and empowered by networks for its effective operations…. We have to be better at network defense than we are now.”