China and Russia use data breaches to unmask U.S. spies, officials say

U.S. data breaches are helping foreign spies identify who's who.


Dell Cameron


Published Aug 31, 2015   Updated May 28, 2021, 1:43 am CDT

Foreign spy agencies are allegedly aggregating the leaked databases from major hacks to create a comprehensive list of U.S. intelligence operatives, according to U.S. officials.

Counterintelligence officials say their counterparts in foreign countries, especially in China and Russia, are using sophisticated software to comb through massive data leaks for the purpose of identifying U.S. intelligence agents, the Los Angeles Times reports.

In June, hackers breached the Office of Personnel Management (OPM), compromising the personal information of tens of millions of federal workers. The information reportedly includes the Social Security numbers, as well as names, addresses, and dates of birth.

In addition, the leaked OPM data is believed to include security-clearance and background information, which may help foreign governments identify U.S. intelligence personnel.

William Evanina, the U.S. national counterintelligence executive, told the Times that the analysis of such data can reveal “who is an intelligence officer, who travels where, when, who’s got financial difficulties, who’s got medical issues, [to] put together a common picture.”

U.S. officials have declined to point the finger publicly, but speaking anonymously with the press, top intelligence officials have repeatedly blamed China for the OPM attack. 

Chinese officials, meanwhile, deny any involvement; an embassy spokesman told the Times on Friday that his government “firmly opposes and combats all forms of cyberattacks in accordance with the law.”

Government employees compromised in recent data breaches have been increasingly targeted with phishing emails containing malicious software.

Following the OPM attack, for instance, the U.S. Computer Emergency Readiness Team (US-CERT) warned that emails to federal employee, which appeared to be from OPM itself, were actually from malicious actors attempting to acquire additional sensitive information.

In June, the email system used by the Joint Chiefs and their staff was taken down for nearly two weeks due to an alleged Russian phishing campaign.

H/T Los Angeles Times | Illustration by Max Fleishman | Remix by Jason Reed

Share this article
*First Published: Aug 31, 2015, 1:12 pm CDT