For the rest of their lives, 22 million Americans will have to think twice about strangers who try to befriend them at coffee shops, at workplace conferences, or while on vacation.
Could a new friend simply be a spy agency trying to make inroads for later exploitation?
It’s one of the long-lasting results of the data breach at the Office of Personnel Management, which revealed last year that hackers had stolen a vast trove of records on current and former U.S. government employees and their family members. U.S. officials believe that Chinese government hackers are behind the breach. The Chinese government has denied that charge.
Bill Evanina, the nation’s top counterintelligence official, is leading a new campaign to warn government employees and contractors, even those who don’t deal with classified information, that partly as a result of the OPM hack they are all potential human targets by intelligence agents.
“You have an enduring threat from a counterintelligence perspective,” Evanina, the National Counterintelligence Executive and director of National Counterintelligence and Security Center, told CNN in a telephone interview. “The threat is now, and it is enduring. If they decide to compromise me, they may do it now, they may do it in three years.”
Evanina calls the OPM breach a “watershed moment.”
The documents stolen included so-called SF-86 forms, the U.S. government applications for security clearances that require prospective employees to reveal intimate personal information as part of background investigations.
It’s the type of information that Evanina and other officials believe likely will set the stage for foreign intelligence agents to target current and former U.S. government workers and contractors.
Evanina’s agency has prepared a series of videos to help train workers about how to secure their personal information, including their interactions on social media, and how to not fall victim to hackers or foreign spies.
One video being released this week focuses specifically on the threat of human targeting by foreign intelligence agents, particularly in the wake of the OPM hack.
The video depicts a low-level government analyst attending a conference and who coincidentally is befriended by a man who purports to be a fellow alumnus of the college the analyst attended. Later, the analyst’s new friend — an apparent foreign intelligence agent — clumsily tries to get him to share work information.
Evanina says he hopes to create awareness that foreign spies could use private information from the OPM hack to try to make a personal connection.
The information could be used to send friend requests on social media, or to launch spear phishing emails targeting government workers.
U.S. spy agencies use some of the same methods to try to target human sources in other countries. That’s how Evanina knows what other countries might be trying to do to U.S. government workers and contractors.
Even after workers retire, foreign spy agencies may still find victims of the OPM breach to be attractive targets. And if the foreign spy agencies are any good at their work, it will be hard to tell when they’re exploiting the data from the OPM hack.
“Will we see it manifested? Probably not,” Evanina said. “If a foreign intelligence service is targeting you, we’re not going to know and see it until it’s probably too late.”
The campaign makes clear that the U.S. concern isn’t just about the closely held classified secrets.
“You don’t have to work for the CIA or have access to the most prized information for you to be a target,” said Evanina, who is an FBI agent. “Often times they go for more people with access to information that is more germane to” specific needs a foreign power is seeking.
The Justice Department has brought cases involving alleged economic espionage aimed at stealing technology and proprietary information that aren’t considered top national security secrets.
In 2010, a deadly fire at a high-rise renovation project in Shanghai prompted Chinese municipalities to tighten requirements for fire-proof insulation in construction projects.
Two years later, the FBI arrested two Chinese nationals who tried to obtain the formula for Corning Corp’s cellular-glass insulation by bribing a company employee. The Corning insulation product was a badly-needed solution to problems facing Chinese developers. Rather than buy the Corning product or develop their own alternative, the Chinese decided to steal the technology, U.S. officials contend.
Chinese officials have long denied involvement in cyber or economic espionage. In recent months, Chinese officials have claimed to have arrested hackers tied to the OPM hack.
U.S. officials dismiss the claim, and say the government hackers behind the breach are likely still at work on new hacks.