Hackers stole 5.6 million US fingerprints – more than estimated

Daily News Article — Posted on September 29, 2015

NOTE: The U.S. Office of Personnel Management (OPM) is an independent agency of the United States government that manages the civil service of the federal government.

(by Jose Pagliery, CNN) — On Wednesday, the U.S. Office of Personnel Management (OPM) said hackers stole 5.6 million fingerprints it had on file. That’s significantly higher than the agency’s original estimate of 1.1 million fingerprints.

This is extremely sensitive information that poses an immediate danger to American spies and undercover law enforcement agents.

As an OPM spokesman told CNNMoney in July: “It’s across federal agencies. It’s everybody.”

Hackers now have a gigantic database of American government employee fingerprints which can be used to positively identify the true identities of those employees.

Anyone with these records could check to see if a diplomat at a U.S. embassy is secretly an employee of an American intelligence agency. That person could then be targeted for arrest or assassination.

That’s particularly alarming, given that U.S. Intelligence Director James Clapper says China is the number one suspect behind the hack.

China and the United States are major trade partners and — for the most part — allies. But the world’s two superpowers are also butting heads.

America is solidifying its influence in southeastern Asia, even as China — on the rise both politically and economically — is expanding its influence in Africa, South America and the Pacific.

In a statement Wednesday, the personnel agency said experts from the Department of Homeland Security, FBI, spy agencies and the U.S. military are meeting to figure out “potential ways adversaries could misuse fingerprint data now and in the future.”

One former CIA officer told CNNMoney he worries that details of his secret past is now in the hands of the Chinese government.

To a lesser extent, there’s also a concern that 5.6 million people can no longer rely on their fingerprints as a security mechanism. This is a problem, given that smartphones and buildings are increasingly using biometric scanners to grant access.

OPM said that “the ability to misuse fingerprint data is limited. However, this probability could change over time as technology evolves.”

Hackers stole federal personnel data on 21.5 million people, including federal employees, contractors, and in some cases their friends and family (because of background checks). That includes Social Security numbers.

But cybersecurity experts say the fingerprints could be one of the worst aspects of the theft. If the hack was indeed committed by foreign government spies, this information isn’t likely to end up on the black market for identity thieves.

Its purpose is to better spy on America — by blackmailing individuals or outing their true identities.

Reprinted here for educational purposes only. May not be reproduced on other websites without permission from CNN Money. For the original article, visit the CNN Money website.

Questions

1. The first paragraph of a news article should answer the questions who, what, where and when. List the who, what, where and when of this news item. (NOTE: The remainder of a news article provides details on the why and/or how.)

2. Why is this theft so concerning? (What danger does it pose to the affected employees?) Be specific.

3. Who is behind the cyber theft?

4. How is the government responding to this massive cyber crime, according to OPM?

5. a) Why are former intelligence ops concerned?
b) What problem does the theft pose for all whose fingerprints were stolen?

6. a) What reassurance has OPM given to those whose fingerprints were stolen?
b) Why might this not be so reassuring?

7. Chinese President Xi made a state visit to Washington last week including a state dinner with President Obama at the White House:

On Friday, President Obama announced that he and Chinese President Xi Jinping had reached a “common understanding” on steps to curb cyber spying and agreed that neither government would conduct economic espionage in cyberspace.
“I raised, once again, our rising concerns about growing cyber threats to American companies and American citizens. I indicated that it has to stop,” Obama told reporters at a joint news conference, with Xi standing at his side. “Today I can announce that our two countries reached a common undersanding on the way forward.”
The White House said the two leaders agreed to create a senior expert group to further discuss cyber issues, and a high-level group to talk about how to fight cyber crime that will meet by the end of 2015 and twice a year after that.

Read “A ‘State Visit’ for China’s President Sends All the Wrong Signals”
a) What do you think of this suggestion? Explain your answer.
b) Are you reassured by President Obama's agreement with President Xi? Explain your answer.

8. Watch the news report under “Resources” below. What now? What approach do you think the U.S. should take with China?

OPTIONAL - Questions for discussion:
a) If you can’t trust the government to keep your data secure (especially if you are an intelligence agent) who should you trust?
b) If your relative worked as an undercover intelligence agent, would you want him/her to stay in the job?
c) How reassured would you be if your fingerprint data, in addition to information about your health, financial history and families had been stolen by the Chinese government (or by some other nefarious hackers)?

Background

OPM said hackers were able to steal the fingerprints of 5.6 million people, up from the 1.1 million estimate it offered more than a month ago. More than 20 million people lost their records as part of the breach, and OPM’s new estimate means that roughly one-quarter of all those affected lost fingerprint data, in addition to information about their health, financial history and families.
The fingerprint records were collected as part of background checks conducted since at least 2000 for some of the most sensitive government posts, including law enforcement, military, foreign service and judicial positions.
Security analysts have said the loss of fingerprint records could be a nightmare for some U.S. officials, particularly intelligence and military officers who are used to operating covertly and try to avoid leaving any trace of their actions.
The cyberattack at OPM was one of the largest government breaches in U.S. history.
The U.S. government has offered limited identity-theft protection to the more than 21.5 million people whose records were stolen as part of the OPM breach.
The theft and the government’s uneven response sparked criticism from Republicans and Democrats that more should have been done to protect the records. The outcry became so severe - particularly as word spread that the breach was much worse than expected - that OPM’s director, Katherine Archuleta, resigned in July.
The agency is now led by acting director Beth Cobert. (from a Sept. 23 WSJ report)