back to article China trawls top-secret US personnel lists – report

An attack suspected to have originated in China breached security at the US Office of Personnel Management, according to The New York Times. The paper's report suggests the attackers attempted to access personnel records describing government workers who have applied for high-level security clearances. Those records, the …

  1. Suntan

    No attack necessary

    No attack needed here in UK, just trawl the relevant LinkedIn group :)

    1. FrankAlphaXII

      Re: No attack necessary

      Same with the US really.

      Instead of trying to bust open a system they'll probably never get into, they could have just trawled facebook and linkedin looking for people with 35 series MOS if they're Army and the IS or CTI/CTR/CTT rating in the Navy as well as the Air Force and Marine Corps equivalents. They all at least possess a secret clearance. Hell, even a regular line Infantryman holds a Secret clearance now (which is ridiculous, but Army stupid is Army stupid).

      I have a feeling they were trying to find civilian employees or possibly contractors with Chinese names that they could try to influence (which is how they usually go about getting scientists at the National Labs to sell information to them), with a TS though. If they're looking for contractors with clearances, hitting OPM is kind of stupid. DSS does the clearance process for them, while OPM is only for Government employees, including Military Personnel.

      1. Wzrd1

        Re: No attack necessary

        OPM is for government employees, military and contractors.

  2. Destroy All Monsters Silver badge

    The attackers were apparently repelled, but only after their activities penetrated some defences.

    I suppose they were repelled by the CVs. Neocon, room-temperature IQ, neocon, already bought, israel firster, room-temperature IQ, team USA member, ...

    "That's enough Hu, just log off."

    1. big_D Silver badge

      Na, Jeff Aiken was called in. :-P

      Spooky that I'm just reading about Chinese infiltration of western networks in Mark Russinovich's Trojan Horse...

  3. Anonymous Coward
    Anonymous Coward

    Anything legal in that business

    It's Spy vs Spy.

  4. DavCrav Silver badge

    No outrage?

    When China spies, it's fine. When the West spies, it's awful. Just saying.

  5. Otto is a bear.

    Overseas contacts in a personnel file?

    Not very likely, that a personnel office would actually even have that information. Even if they did, it wouldn't be for intelligence contacts, social and commercial maybe.

  6. JaitcH

    Congratulations to the Chinese for ...

    demonstrating just how useless the organization led by Clapper and Alexander is.

    After spending trillions of dollars, including money wasted on Alexanders 'Starship' command centre, they have achieved luttle by way of protecting the US secrets.

    So much for being a 'leader' of technology. Huess the Chinese hold that honour now.

    1. FrankAlphaXII

      Re: Congratulations to the Chinese for ...

      NSA/CSS has been strongly focused on exploitation as opposed to Information Assurance and security for about 10 years now, if you've paid any attention to Snowden's leaks you should be well aware of this.

      Hell, I remember when the shift happened, when they started telling their IA customers (like myself and the rest of the Army) to use Microsoft's security configuration templates and guides as opposed to their own on Windows systems, and stopped releasing baseline config files for RHEL. They didn't just stop doing it publicly. And the Information Assurance course that I have to take bi-annually hasn't been updated in forever.

      Simply put, US-CERT needs to be moved out of DHS and take that function across the entire Government. There is no reason on earth that an Intelligence agency should be responsible for wider Information Security at all.

      1. Wzrd1

        Re: Congratulations to the Chinese for ...

        You're not much of an IA type.

        The baseline configurations were DISA issued, via the gold disk. They most certainly were not NSA issued.

        The NSA likely had input, but so did NIST and JTF-GNO.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020