Attention

The opinions expressed by columnists are their own and do not represent our advertisers

Sunday, July 12, 2015

SBYNews Exclusive: How the MSM and Government are deceiving us about data breaches

How the recent OPM Data Breach really hurts America, including people who have never applied for security clearances…

            In June 2015 the United States Federal Government discovered that the Office of Personnel Management’s background investigation database(s) had been compromised and that approximately 21.5 Million current, former and prospective (both those who were/are still being considered as well as rejected applicants) employees and contractors “sensitive” information was obtained by a still unknown entity. Since then I have scrutinized the media coverage of the incident as well as our government’s response (or lack thereof) and find myself to be in a state of disbelief regarding the way this breach is being downplayed by officials and our national news media.

What is OPM?

            OPM functions as the top level Human Resources Department for the Federal Government. One of the divisions within OPM, FIS (Federal Investigative Service), conducts background investigations on individuals in consideration for security clearances for more than 100 different agencies. Over 90% of all government background investigations are conducted by OPM-FIS and total more than 2 million investigations per year. Once all of the investigative inquiries have been completed the results are published in a coherent report and sent to an adjudicator who will determine, based on the full report, whether the individual meets the requirements to hold the level of clearance requested. Additionally, OPM-FIS is responsible for training the employees of subordinate agencies on their systems and processes. To give you an idea about the relative workload of the FIS division by itself, their FY 2013 expenses exceeded $1 Billion and FY 2014 was approximately $998 Million respectively.     

What are SF-85/SF-85P/SF-86 forms?

            OPM’s SF-85/SF-85P/SF-86 are applications that must be completed in conjunction with an agency request for an individual’s security clearance. Each form corresponds to a different type of clearance and have varying lengths. SF-85 is used for “Non-Sensitive Positions” which includes pertains to any information that is NOT classified but is also not considered public information and at 8 pages is the shortest of the 3 different forms. SF-85P is used for “Public Trust Positions” which typically applies to people in elected positions including their employees that do not require access to any classified information and is 11 pages long.

            The SF-86 is a behemoth all it’s own at 127 pages and is used for several different investigation types depending on the clearance level requested by the individual’s agency. This is the form that a government employee would be required to complete to initiate an investigation for access to classified information including SECRET, TOP SECRET and TOP SECRET/SENSITIVE COMPARTMENTED INFORMATION.

The investigative process and final report…

            While the investigative process is relatively similar for all three different forms, this section will focus on the most exhaustive of the them being the SF-86. To complete an SF-86 an applicant has to accurately provide the following historical information (which has been referred to by the government and MSM repeatedly in VERY general terms to describe the compromised information) for the past 10 year OR from their 18th birthday, whichever is shorter:

·      ALL Residential Addresses
·      ALL Employers Addresses, Phone Numbers, Reasons for leaving (to include whatever work the applicant is doing that requires a security clearance)
·      ALL Education Addresses and Phone Numbers
·      ALL information for family members/friends residing abroad, having dual or foreign citizenship or associated with foreign groups/governments
·      ALL organizational affiliations
·      ALL Mental Health history to include provider information and full HIPAA release forms for any Mental Health records
·      Must proactively declare ANY history of criminal activity, drug/alcohol use, foreign travel, credit issues
·      AND must submit their fingerprints

In addition to providing all of the information provided above the applicant being investigated must also provide 2 references and their contact information for every single residence, employer and education facility in the SF-86. These references should not be repeated once used and should not be related to the applicant. In addition, the applicant is required to provide 3 references who know the applicant well and should have known the applicant for at least 7 years who reside in the United States (Unless there are no suitable people fitting the residency requirement). Once all this information is compiled and submitted the investigative process is initiated and investigator(s) are assigned geographically, to conduct interviews with the people listed as your references.

The investigators attempt to confirm any information the applicant included on their SF-86, anything that may have been omitted and general character assessments. The investigator will also annotate any information that identifies the reference personally as well, this can include residence or employment information, where the investigators conduct the interview, general observations, schedule and phone number. Investigators are also trained that applicants will omit information that may be considered derogatory or exculpatory for obtaining a clearance, so at the end of a reference interview the investigator will ask if they know anyone else that the applicant is friends with AND what their contact information is. This is done in order to interview/potentially locate information/people intentionally omitted from the application and is standard procedure.

Once all of the information is confirmed or obtained each investigator involved writes a report regarding ALL of their findings, ALL known information about each person interviewed and their interpretation of the findings. This is compiled into a final report and sent for adjudication at the central OPM offices. The adjudication process involves the report being analyzed in it’s entirety and then the information is related to guidelines for approving or denying the clearance for the applicant. The adjudicator can also request additional information from more sources based on information included in the final report which is then referred back to the investigator(s).

Depending on the applicant’s need-to-know the applicant MAY also be subjected to one of three types of polygraph examinations, the results of which will be appended to the final report for adjudication. The polygraph examinations are either “Counterintelligence”, “Lifestyle” or “Full Scope” and each pertains to different information with varying degrees of intrusiveness.

Incident Reports and Periodic Reinvestigations

            Once a clearance request has been positively adjudicated the clearance holder is subjected to a set of standards required to maintain their clearance level. The agency that the clearance holder is employed by is required to submit anything that could be considered “derogatory” or not in the interest of National Security/the person’s position to OPM using what’s called an Incident Report. This can include any and everything the employing agency becomes aware of during the person’s employment or even after the person has moved on from the agency. Typically, incident reports are done for criminal charges, new substance abuse, new or developed mental health issues, administrative actions or financial hardships. OPM reviews all incident reports and internally determines whether they need to investigate the allegations further, however whether they do further investigation or not, the person’s clearance is immediately in jeopardy of suspension or even revocation and the incident report is placed permanently (even if the information is false) into their file. 

            Additionally, depending on the type of clearance held, the clearance holder is required to submit additional SF-86s periodically for a reinvestigation. Reinvestigations are typically completed in a much faster manner but are compared with previous editions to ensure accuracy throughout the time the individual holds their security clearance, with the same requirements and standards as the initial SF-86.

The current data breach deception

            The Federal Government and MSM have both listed the “type” of information that was compromised in very general terms without fully explaining how intrusive the type of information truly is. OPM has stated that they will be “Full service identity restoration support and victim recovery assistance; Identity theft insurance; Identity monitoring for minor children; continuous credit monitoring; and Fraud monitoring services beyond credit files” to anyone affected in the background investigation incident for 3 years. They go on to state they will provide those individuals with “detailed information you can provide to other individuals you may have listed on your form. This information will explain the types of data that may have been included on the form, best practices they can exercise to protect themselves, and the resources publicly available to address questions or concerns.”

            The resources that OPM will be providing clearance holders with are a knee jerk reaction and will be as effective at protecting clearance holders who’s investigative reports have been compromised as a security blanket would be at protecting you from a bullet. The truth is that now that the VERY specific and intrusive information is unsecured somewhere in the world our ENTIRE Intelligence Community has been compromised and National Security is in the worst position it ever could be.

For example, if a foreign government needs to subdue a U.S. Intelligence Analyst that is unearthing all their secrets then all that foreign government has to do is read the OPM information they have and create some trouble for the analyst. Fake bank accounts, fake debt, anything that would be considered derogatory really. They could even go a step further if immediate results were needed because they have that analyst’s home address, their friend’s contact information, their family’s addresses, basically everything anyone could ever know about that analyst.

OPM describes the information that was compromised in these reports on the references as “In many cases, the information about these people [references] is the same as what is generally available in public forums such as online directories or social media”. Yet they describe the reference’s compromised data as “name, address, date of birth, or other similar information”. I don’t know about everyone else in the country but I don’t know anyone who hasn’t already made their birthdate on social media private. I don’t know anyone who publishes their address publicly on social media. I don’t know anyone who hasn’t made their friends list private so that their circle isn’t known to people they don’t know. Based on those 3 things, I shudder to think about what may be included in “other similar information”, but would include any information the investigator had such as cell phone number, work address, work or school schedule, etc.

To make that even worse, OPM isn’t notifying the references themselves and leaves that to the clearance holder… That would be GREAT and EFFECTIVE if they didn’t interview people the applicant DIDN’T list on their SF-86; OPM regulations prohibit the clearance holder from being able to EVER access the final report that would contain the information for the people the investigators dug up… The number they have said was affected being 21.5 million only includes the applicants, not their references, so that number could easily be 5 or even 10 times higher. There are only a couple of ways to render the information taken useless to foreign entities:

·      We could place EVERYONE with a security clearance into the Federal Witness Protection Program
-OR-
·      We could fire EVERYONE who has a security clearance and start over with people who never have

Any less drastic measures than those two would allow the stolen information to be relevant for 10 years or more and we can ill afford for our Intelligence Community to be sidelined for a day in our current world climate…

Signed,
-A very worried former Intelligence Officer

*** Editor’s Note: The 21.5 Million people affected includes ANY Special Forces and Covert Operatives who were awarded a security clearance (Security Clearances are typically required for such positions, but there could be exceptions I am unaware of) ***

References NOT directly cited:

https://www.opm.gov/cybersecurity/ - OPM Informational page regarding the breaches, the information, people affected and government response







15 comments:

Anonymous said...

Not that this is directly connected to the post,but one should research the #s and severity of the thwarted terrorist attack attempts on US soil on and around July the 4th.Government involvement prevented massive destruction and loss of life.

Anonymous said...

How they are going after Donald Trump speaks volumes how bias they all are.

JoeAlbero said...

I can only hope enough people take the time to read this article. It is vital to our future as a country. I've been preaching for the past 5 years, our government will raise prices until we're broke, (most everyone). Then they'll get you to borrow until you can no longer pay that back. Then they'll take your homes and finally, now your credit and personal history. The Main Stream Media is covering this up across the board. THINK of the millions of lives that are now in jeopardy! Earlier this week we published a story about how more Americans are more worried about their credit/medical/personal history than they are about having their naked picture exposed on the Internet. This breach is massive and could bring millions more to their knees and once again, dependent on their government. Finally, IF these people can breach secured government information, do you really think your information is safe elsewhere???

Anonymous said...

Aaand to run this vitally important agency, our POSOTUS appointed someone that had no experience in Information Technology, Information Technology Security, or Cybersecurity (yes, there are differences!).

A political appointee that had no qualifications to run an organization of that size and importance!

How's that affirmative action working for you - Mr. Affirmative Action president?!

Anonymous said...

It is not the hackers obtaining the data, its who is collecting it that I worry about.

Anonymous said...

Well said Joe!! Living in this country is a total illusion of freedom that we bought since the time of the colonies. I am a person who has fallen victim to the "LEAK" and I can assure you that this information was never private. I can also assure you that if you are on the radar of a group that thinks you pose any threat to their power structure, well, lets just say... they will have no problem taking you down if they want you. Just keep printing the articles Joe....some people , I for one, want to read them. ASK QUESTIONS PEOPLE!! The news articles of today are just put there to keep you from using your powers of reason. Start looking deeper and asking yourself deeper questions. Elliott

Anonymous said...

they just don't want us to worry our pretty little heads.......

Anonymous said...

In a nutshell hidden dangers of the rainbow.. utube it watch, learn, be aware

Anonymous said...

OK....if this information is so sacred you would think that lower level officials would be powerless to do anything because they don't have the ability to access it. If you have been paying attention, you know that is simply not true. How do they get this information? Who determines who gets the information? How is the information given out (under what circumstances)? What information is floating around out there that has been or will be used against you?

Anonymous said...

I'm so glad you continue to remind people of this administrations intent to defame and ruin this country.
I just hope that the younger people understand the danger .
We need to teach the generations behind us , just hope we are not too late.
I realize we have already lost control of all branches of government , it will be an uphill struggle without a proper judiciary system.
I hate to keep saying this , but , I do believe that a civil uprising or war is about to take place. Adolf Obama is the responsible party.

Anonymous said...

We need a military to turn against this communist government Obama has created .

- The very same very worried former Intelligence Officer said...

10:38 - While I will say that your characterization that the "information was never private." is absolutely incorrect. I will state that you are absolutely correct regarding the "power structure" comment as it pertains to individual organizations. I used the power structure scenario in the article because that has been a widely portrayed scenario by Hollywood and I figured it would be the easiest scenario, for that reason, for a person with no national security or military experience to relate to.

However, if the information that has been compromised were to make it to the DarkNet just like the SONY data did that certainly puts the Intelligence Community in a much more precarious position than is even illustrated in the article. The internet is awash with disgruntled youth in today's age (which I can admit even though I am under 30 years old) who enjoy causing havoc/mayhem wherever they can, who have no national pride at all, who are largely unemployed with tons of free time... So causing trouble for some government "suits" they don't have to personify would be right up their alley...

Anonymous said...

Joe,I thank you for posting these articles in hoping people realize what our government is doing or not doing to protect us.It is time for a routing of political parties.

Anonymous said...


Waiting for Jake to disavow any policies, procedures, tactics, plans put forth by Obama, O'Malley, Pollitt, Ireton, Mikulski, Cardin, Sanders, Clintons, Biden....but not holding my breath in the interim.

Birds of a feather; only the scope of their franchise varies.

Anonymous said...

I disagree..but then I am just one person. Elliott