This month, the federal government disclosed that the Office of Personnel Management (OPM) had been infiltrated by hackers who have been inside their systems for over a year. The hackers got access to the records of millions of federal employees. According to media reports, intelligence officials think the Chinese are responsible and that they are building “a vast database of federal workers.”
Art Bowker is one of those millions of employees. He’s a federal employee in Ohio who has written two books, the most recent one dealing with “Investigating Internet Crimes.” This is what he’s worried about. As told to Kashmir Hill.
I heard about the hack last week, and I thought, “That’s not good.”
They sent me an email two days ago telling me that my data appears to be compromised and that I’ll be enrolled in a program for credit monitoring that covers me up to a million dollars. I called the contractor from OPM that was listed in the email, a 1-800 number, and wanted to know how big the breach was. Did they just get names? They couldn’t tell me. It’s like someone broke into my house and they won’t tell me what they took.
They didn’t tell me exactly what information was exposed, but this is the agency that does background checks and security clearances. They’re the agency that asks people who know you, “What do you know about this person that could be used to blackmail them?”
If [the hackers] also got people’s security clearances, they will have a boatload of information.
They don’t just have everything they need to steal my identity — my Social Security number, date of birth, and everywhere I’ve lived— but all of that information for my wife, and my children, and even my grandchildren. If people were married multiple times, former spouses are in there. When I said, “What about my family?” Their response was, “Are they federal employees?” I said no, and they said “The credit monitoring is only for federal employees.” My identity is covered but my wife’s isn’t. If something happens to her credit, it’s going to affect my credit.
I’ve worked for the government for 26 years. I went through a security clearance when I was first hired. Then after 9/11, they started doing investigations every five years. My last one was in 2011. They’re typical for people who are part of federal law enforcement. FBI agents used to do them, but at some point it switched over to OPM. They have information on my life and everyone in it for the last 26 years. Now some criminal organization or foreign government has it. It is like an Orwell nightmare.
Have you ever seen the form they make you fill out to get a security clearance? It asks you for so much information. It’s over 100 pages long. When they do the investigation, they ask who’s your landlord, who’s your neighbor. It’s all your addresses for five years and people who knew you at those addresses. And then they interview the people who knew you there.
You can request the results of your investigation under FOIA and they’ll tell you what people told you. I did that a couple of years ago. There was a lot of personal information. When I requested a copy of it, it disclosed what a supervisor who I didn’t get along with said about me. She said I had a drinking problem, but it wasn’t substantiated at all. They asked how she knew and she said, “Someone told me that.” There was no other evidence. But that’s in my background investigation and I can’t get it removed. I can protest it but not get it removed. That kind of nonsense is in there. If you have a neighbor who didn’t like you, they can put something in there that’s not true and it remains.
Imagine if you could go out and ask a person’s neighbors about him and put it in a report and file it away. Does he party? Does he drink? Is there anything that could subject him to blackmail? You could get a lot of dirt on someone that’s not substantiated.
They got a lot of information. The federal government employs tons of people. A lot of my co-workers are getting notices. There is no database that would have this much information.
I’m concerned about the criminal aspect, about the possibility of identity theft. But I’m also worried they are going to identify agents in law enforcement. There’s a high potential that they are going after agents. It’s like saying, “I want all the background information on every officer in the city.” Why would you need that unless it’s an attack-type scenario? Unless you’re going to target those people for havoc?
OPM needs to tell us what exactly was accessed. Did they target a specific group of employees? Did they go after people with security clearances? I want to know what was accessed and what you are going to do about the secondary victims.
I’m not crazy about my government having this information, but I definitely don’t want the Chinese government to have it.