Abstract
In 2015, the Office of Personnel Management (OPM), the chief human resources agency for the federal government, announced a breach that exposed the SF-86 security clearance background checks of over 21.5 million US government employees, the fingerprint data of 5.6 million individuals, and personnel files of 4.2 million current and former government employees. The stolen SF-86 forms included information on millions of government employees, including SSNs; the names and addresses of family members, neighbors, and friends; extensive personal financial information; psychological evaluations; and the usernames and passwords of background investigation applicants. As described by former FBI Director James Comey and former CIA Director Michael Hayden, the stolen data was a “treasure trove” of data so sensitive that it could be used for espionage and would harm intelligence and counterintelligence efforts for at least a generation to come. The haunting effects of this blow to national security will never be known in full to the United States.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The OPM Data Breach: How the Government Jeopardized Our National Security for More Than a Generation, September 2016, https://republicans-oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/
- 2.
- 3.
An Authorization to Operate, or ATO, is granted to a federal agency after the agency is audited for compliance with federal standards. In the case of OPM, this standard would be the FISMA (the Federal Information Security Management Act).
- 4.
Machine or host that could be infected: e.g., laptop, desktop server.
- 5.
For a wired network using fiber optics, a fiber tap records everything transferred on the wires.
- 6.
A VPN, or virtual private network, anonymized a user’s IP address and location, as well as encrypting a user’s Internet traffic. A VPN makes browsing the Web more private and secure.
- 7.
RDP, or remote desktop protocol, is a popular protocol that allows users to access their Windows’ machines remotely.
- 8.
Source: Page 85 of the House Majority Staff Report: https://republicans-oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/
- 9.
A jump server acts as a “choke point” between less critical and more critical systems. A user that wants access to the more critical system must authenticate at the jump server. The jump server is a single point of entry that all access to the more critical system must go through and can be monitored for potentially unauthorized access attempts.
- 10.
An SSL, or secure socket layer, certificate is used to help create a secure connection between a browser and a website.
- 11.
A spoofed domain is a malicious domain set up to look like a legitimate website in hopes of tricking a user into interacting with the spoofed domain that looks legitimate.
- 12.
In a signature-based approach to detecting malware, a scanner looks for sequences of bytes that are known to appear in malware files. However, it can be relatively easy for malware authors to change the bytes in their files so that they don’t match any known sequences. However, an approach that uses artificial intelligence may be able to detect malware even though there may not be any previously known sequences of bytes that appear in malware files.
- 13.
Source: Page 101 of the House Majority Staff Report: https://republicans-oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/
- 14.
Source: Page 103 of the House Majority Staff Report: https://republicans-oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2021 Neil Daswani and Moudy Elbayadi
About this chapter
Cite this chapter
Daswani, N., Elbayadi, M. (2021). The OPM Breaches of 2014 and 2015. In: Big Breaches. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-6655-7_6
Download citation
DOI: https://doi.org/10.1007/978-1-4842-6655-7_6
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-6654-0
Online ISBN: 978-1-4842-6655-7
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)