How would you combine stolen personal data, social engineering and open source intelligence to create terrorist targeting packages? The possible consequences of the OPM hack are the subject of the latest Jack Ryan novel.
What was the OPM hack? A few years ago, hackers penetrated the U.S. Office of Personal Management. They stole data about millions of government employees and contractors. The hack affected everyone who had applied for security clearance in the United States. OPM processes two million security applications every year. The electronic Questionnaire for Security Processing (eQIP) provides searchable archives. Thieves stole these.
The amount of information provided in the SF-86127 page questionnaire is significant. The hack laid bare twenty million people with sensitive government positions.
The latest Jack Ryan novel is True Faith and Allegiance. Author Mark Greaney builds on the OPM hack to show how terrorists could combine eQIP data with open source intelligence. Literary license aside, the main takeaway is that if you start with good profile of an individual, it is relatively simple to add more detail using open source intelligence. Significantly, much of that detail would be near real time.
OPM Hack Consequences – Open Source Intelligence
Open Source Intelligence, or OSINT, is intelligence you can collect from publicly available sources. First of all, the most obvious OSINT sources are media, web and social networking. In addition, the less obvious are geospatial tagging, academic literature, and in particular, government data. In fact, open government is making tons of new OSINT available in its effort to be transparent. Identity intelligence (I2) is a related discipline.
Cloud computing and IoT will take open source and identity intelligence to the next level if systems have weak security, privacy and identity protection. And even with protection in place, the walls can be cracked with social engineering. A social engineer is someone who uses deception, persuasion, and influence to get information that would otherwise be unavailable.
In conclusion, Mark Greaney was a good choice to continue the Jack Ryan Universe. He brings his procedural thrillers to life in a frightening realistic way. But as you read this book, remember that the strategies and tactics used have another name: consumer marketing. Consumers are targeted in the same way, albeit with less dire consequences. There is not much difference between creating terrorist versus consumer “targeting packages”.