Summary: On the second anniversary of the OPM hack let’s compare the terrifying predictions with the results seen so far. Perhaps from this we will learn skepticism, and avoid national pants-wetting in response to the next clickbait terror barrage. A confident America might deter our foes more than the weak hysterics we’ve display today in response to threats.
“Anxiety is spreading among defense officials and the military community that the recent theft of federal government data linked to China may affect hundreds of thousands of service members. …’They had access on everyone who has applied for a security clearance: families, residences and job assignments, bank records,’ Socotra {pseudonym of alleged retired senior intelligence official} said. “If that’s not an absolute calamity, I don’t know what is.'” {From Military Times, 18 June 2015.}
Since 9/11 the US public has been bombarded with stories designed to make us fearful and obedient, and acceleration in the manufacture of scary stories by the government since WWII.
- The revelations of Private Chelsea Manning in April – November 2010 were certain to cause countless deaths of American soldiers (example), so we were told. Didn’t happen, despite the government’s efforts to prove damages.
- Edward Snowden‘s revelations in June 2013 were certain to have horrific effects on US security. Again, no reports of serious effects despite the government’s attempts to find them (unfortunately, that “nothing big” includes reforms of the NSA).
- Starting in March 2014 the databases of the US Office of Personnel Management and some of its contractors were hacked, allegedly by China (accurate attribution of such attacks ranges from difficult to impossible). Details here. Visible results so far: zero, despite provision of free credit monitoring tools and other security services to millions of federal employees (to detect attacks).
On this second anniversary of the OPM hack let’s remember the stories, and also recall that the OPM hack is only one class of clickbait fear barrages, in addition to others such as the news about ISIS’ secret base in Mexico and the Ebola pandemic sweeping America).
Here’s a typical prediction of doom, from John Robb at Global Guerrillas on 24 June 2015. This warning was rebroadcast at Naked Capitalism.
I believe this infobomb has done catastrophic damage to US security. How? Big data + bots (made smarter via AI) will be able to turn this data into a decisive instrument of warfare. For example: want that guy on the button to stand down? Call him up with a threat to his family. Threaten to release information on him. Etc. Worse, through automation this can be done on a scale and with a speed far, far greater than what old school spooks are capable of.
Mark my words: This infobomb is a catastrophe. A catastrophe we won’t understand the consequences of until the US loses the next big conflict.
The reality is that this information is of two types. The basic data is the same as that stolen in hundreds of hacks from banks and retailers. Despite the hype the aggregate effects of these have been small. The second kind of data stolen was confidential information from Federal employees’ files. Some of this people do not want made public — it is, however, already known to the government (their employer), limiting its use for blackmail.
All of this information declines in value over time. Personal secrets come out. People change jobs, addresses, and bank accounts.
As for “Call him up with a threat to his family” — that’s a vulnerability of everybody in key positions. Most such people are easily identified by agents of a nation-state, so the OPM hack did not release anything not already obtainable. For obvious reasons such attacks, however, are seen more often in fiction than fact.
Conclusions
My prediction: several years from now Americans will have forgotten the hysteria about the OPM hack, having learned nothing. Just as we’ve learned little from the 15 years warnings about jihadist terrorists in America, the Ebola non-pandemic in America, and the scores of other fear barrages on us. There will be no consequences — not even loss of credibility — for those making bold but inaccurate predictions.
Our amnesia, inability to remember embarrassing incidents from our past, brings us solace, but keeps us stupid and easy to manipulate.
Other posts about the OPM hack
- About the theft of the Federal government’s personnel records: sorting fact from fiction.
- Seeing behind the headlines about China’s attack, stealing the governments’ jewels.
- Fight the hysteria about the hack of OPM’s files. It’s probably not a big threat.
For More Information
If you liked this post, like us on Facebook and follow us on Twitter. See all posts about cybersecurity and cyberwar, about our many fears, and especially these about bouts of hysteria in America…
- The news as a series of hysteric fits by America. Why? How can we get a grip on ourselves?
- Threats come & go, leaving us in perpetual fear & forgetful of the past.
To learn more about this vital subject, here are some useful sources…
- Marcus Ranum’s presentation “Cyberwar is Bullsh**“.
- Kevin Mitnick’s Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker,
- Brian Krebs’ Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door.
As you say, mostly FUD propagated to keep us in our place and desperate for government ‘security’ or for the media to generate click bait.
I worked on a number of systems designed to be secure. One of the features that was popular was ‘keep talking’, where failed attempts to login from the same location were, eventually, granted access (regardless of uname, pwd) to a special area with databases and files sufficiently ‘interesting’ to keep them online and uploading while the alarm bells rang elsewhere and they could be traced and monitored.
There’s probably a tactical intelligence advantage to making people believe your stuff can be hacked. You get to find out who’s doing what and how also where they are etc. then just keep watching them and soaking up lists of their contacts, waiting for the right day.
No reason to believe it’s any different now, and that most of the ‘leaks’ though hacking externally achieve very little and all of the serious damage is likely to come from insider action as it always has done.
Steve,
“most of the ‘leaks’ though hacking externally achieve very little and all of the serious damage is likely to come from insider action as it always has done.”
That’s an important point — one often made by actual security experts. However, it spoils the story and so is usually ignored by journalists.