Following the revelation that private personnel data (including Social Security numbers) for 4 million federal employees was siphoned from government databases by hackers, the Director of the Federal Office of Personnel Management, Katherine Archuleta actually issued this statement:
Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM. We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.
So it is “of the highest priority,” and a responsibility taken “very seriously,” to do exactly what they utterly failed to do, and they are “constantly identifying opportunities” to do more of the same.
It’s like shutting the barn door after the horses are gone and then putting up a sign insisting that the horses are still inside and that every effort will be made as always to keep them there.
Our Federal Government at work. (Well, at least they’re not in charge of our health care.)
These stories of mega-hacks have become so common that there is now a rhythmic and mind-numbing nature to them, such that the implications seem to just blow right past. But let’s assume that as alleged it was hackers working for the Chinese regime that obtained all of this data on American federal employees. What would be their purpose? It is also alleged that Chinese hackers stole private data on millions of people from two large U.S. medical insurance firms last year. The New York Times says that the Chinese “seem to be amassing huge databases of personal information about Americans,” and yet there is “no clear motive for the hackers.”
Well, let me see: if you view another nation as an adversary or at least a potential adversary (and there are currently military-to-military incidents taking place regularly in the South China Sea) then what could possibly be the use of possessing a vast database of private information on the citizens of the country?
The term “cyber warfare” is tossed around a lot, but thanks to this wonderful wired world it is not necessary to turn off power stations or open dams in order to wield influence. Imagine a database filled with all the terabytes of private data on Americans that can possibly be hacked, from employee data to the likes of “Adult Friend Finder” and beyond to things we’ll never know have been hacked, all cross referenced so any one person in particular can be called up to the screen. Imagine the value of this to the leaders of a foreign power who want to find pressure points. Along with many millions of weak and insignificant people, there are many who are in positions of importance (and/or will be in the future). Think of all the possibilities to influence, extort or blackmail particular individuals at the right time. Or to see who would be most vulnerable to the combination of a threat and a bribe.
It makes the old fashioned cloak and dagger stuff, the sleeper spies and such, seem like the days of the horse and cart. But that horse has definitely left the barn.
If, however, you prefer the more dramatic kind of cyber warfare, with things blowing up and people dying, consider the report late last year (which passed with little notice) that U.S. Department of Homeland Security sources have acknowledged the presence of Russian “trojan horse” malware in computers controlling critical power facilities and infrastructure in the United States. They know it’s there, since 2011, but it just hasn’t been used yet: a loaded gun laying on the table.
Perhaps, as with nuclear warfare, a “mutually assured destruction” calculus is involved. Perhaps the U.S. has similar capabilities with regard to adversarial foreign governments. But in order for such a M.A.D. scenario to work, it must be highly explicit and public. It certainly isn’t in this case.
And as for the building of vast databases with the private information of virtually an entire nation’s populace, such a weapon can be used in a relatively subtle and piecemeal fashion, never to trigger any M.A.D. response, but achieving the desired ends all the same.
It’s a brave new world. Maybe if we saw all that was coming we wouldn’t be quite so brave.
All of these things also bring us much closer to the day when we will be told that Social Security numbers and the like are just too insecure a means of identifying ourselves, and it will instead be demanded that we submit to a universal biometric system of some kind, retina, DNA, or otherwise. Why not trust the government, after all?