A database containing the classified personnel records of US spies may have been merged with the database of the Office of Personnel Management (OPM) before it was hacked, Shane Harris of the Daily Beast reports.
When administration officials asked intelligence agencies in 2010 to merge their records with OPM’s, thereby creating a unified security clearance system, intelligence officials initially refused to comply.
They refused out of concern that combining Scattered Castles — the name of the US spy agency database — with OPM’s database of federal employees could give hackers access to the identities of covert operatives if the mega-database ever suffered a breach.
By 2014, however, OPM security clearance files were being uploaded into Scattered Castles’ database, beginning a process of linking the databases.
“If there are connections between the two — as that recent government report suggests there are — it could be exploited by hackers, giving them a pathway from OPM into the most highly classified personnel records in the entire government,” Harris reports.
US officials contacted by the Daily Beast denied that Scattered Castles was affected by the OPM hack, but never said explicitly that the two databases themselves were not linked.
“I have high confidence that the agencies do not have a clear understanding of the architecture of their systems and how they’re interconnected,” Michael Adams, who served more than two decades in the U.S. Special Operations Command, told The Daily Beast.
Adams noted that because administration officials lack this understanding, they cannot say with certainty that the intelligence community’s records were unaffected by the hack.
“I further believe that the U.S. government either doesn’t understand or is obfuscating the national-security implications of this cyberattack. These people either need serious help or need to come clean now.”
If they were linked, then hackers who infiltrated OPM’s database, stealing the sensitive security clearance and background information of more than 18 million federal employees, were likely able to steal the same information from the nation’s spies.
Joel Brenner, who from 2006 to 2009 served as the Intelligence Community’s top counterintelligence official, described the hack to AP as “crown jewels material, a goldmine” for China, adding: “This is not the end of American human intelligence, but it’s a significant blow.”
“There’s bad, there’s worse — and there’s this,” he said, referring to the breach. “CIA officers are not supposed to be anywhere in OPM files, but I’m glad I’m not posted overseas right now, hoping that’s true.”
Hackers who infiltrated OPM had access to the agency’s security clearance computer system for over a year, giving them ample time to steal as much information as possible from OPM’s database of military and intelligence officials — and ample time to uncover a pathway to Scattered Castles, if such a pathway existed.
Business Insider Emails & Alerts
Site highlights each day to your inbox.