Chinese hackers have in recent months penetrated an untold number of FBI agents’ personnel files, Newsweek has learned, in a breach with potentially dangerous national security implications.
The FBI, along with the Department of Homeland Security, is not only responsible for investigating the massive breach of federal Office of Personnel Management (OPM) computers by suspected Chinese cyberthieves, which was reported earlier this month, but is principally responsible for detecting domestic terrorist plots and foreign spies.
The extent of the FBI penetration, reported here for the first time, is unknown. An FBI spokesman referred an inquiry to OPM, which has said 4 million federal employee files were breached.
James Trainor, acting assistant director for the FBI's cyber division, said at a fiery congressional hearing Wednesday that the number may be more than four times that.
An FBI source told Newsweek he was notified by OPM in May that his personnel file had been penetrated by hackers in the same Chinese intrusion.
“This is the second notification that I've been breached,” the veteran agent said on the condition of anonymity. “They got me through Anthem Blue Cross, now they have me through OPM. I think of the 17 million they have on file, they're only notifying 4 million. But I was notified last month.”
Anthem Blue Cross, which insures millions of government employees, announced last February that it had been hit by a sophisticated cyberattack that may have affected 8.8 million to 18.8 million people who were members of other Blue Cross Blue Shield plans.
Asked whether the entire FBI workforce of over 36,000 agents and support personnel had been compromised, the agent responded: “I don’t think so…. but it's pretty ugly. I guess [OPM staff] outsourced some of their software to a Chinese company. Unfortunately I don't think anyone's going to be fired like they should be.”
Any penetration of the FBI could have “mind-boggling” effects, he said, “because there are counterintelligence implications, national security implications.”
Steve Ragan, senior writer for the tech security site CSO, complained that such reports were inflammatory.
"Just because a single FBI agent got a letter from the OPM warning them about the breach, doesn't mean the FBI as a whole was hacked.… ” Ragan wrote. He and other critics also point out that the Obama administration has not officially blamed China for the OPM hack.
"In reality, no one knows who hit the OPM,” Ragan wrote. "For all we know, it was someone in Iceland using a really, really slow 3G connection. Then again, maybe it was Russia—pretending to be China. Perhaps it was an army of squirrels.”
Security problems also dogged the training of new FBI agents in recent months. Two classes were canceled in September due to congressional budget cuts that reduced the number of personnel dedicated to conducting background investigations of trainees for security clearances. They are “all on track now,” an FBI spokesman said.
Nor is this the first time the FBI has been hacked. A Balkan-based hacker connected to the group Anonymous claimed in February 2014 that he had penetrated FBI files.
“Black-Shadow of the Slovenian branch of Anonymous said he has posted the FBI domain email addresses and passwords for 68 agents.… ” website Techeye reported. “His post also includes a short profile on FBI director James Comey, including sensitive information such as his date of birth, his wife’s name, the date they got married, his educational history and even the geographical coordinates of his residence.”