Washington’s intelligence community had a bad week. Deep Panda, a hacker collective supposedly backed by Beijing, breached the security of the US Office of Personnel Management and made off with the personal records of 4 million government employees.
A few days later, Washington revealed it had discovered a second hack that was far worse. Deep Panda had nabbed the personnel records of 14 million federal workers, including a detailed form filled out by all military, civilian and intelligence employees.
Analysts fear China will use the information to expose American spies or blackmail government employees. The Sunday Times reinforced those fears when it reported Moscow and Beijing had cracked encrypted files in the possession of former National Security Agency contractor Edward Snowden.
That doesn’t mean we shouldn’t be very afraid, however. Deep Panda’s breach of the government employee files has frightening implications.It seemed that negligent security practices and tenacious hackers had exposed the West and all its spies. But Tom Harper, the reporter who wrote the Sunday Times piece, said on CNN that he was repeating what Downing Street had told him and had done no independent reporting to substantiate the claim. It looks like fears in the West of exposed spies were overwrought.
Americans now fear blackmail or the loss of field agents when they should be alarmed about a coming deluge of undetectable spies and sleeper agents. Because Beijing has the blueprints to create a perfect mole.
When any federal employee applies for a security clearance, the first stop is the Office of Personnel Management. The stolen records go back 35 years and include Standard Form 86. This is a 127-page questionnaire that asks applicants to reveal every dirty little secret about their lives.
The same hackers breached several health insurance companies last summer and made off with the medical records of 11 million people, including members of Blue Cross/Blue Shield’s District of Columbia affiliate CareFirst.
Media pundits spent all week talking about how Deep Panda could compile all this information to craft a potential blackmail database on US operatives for its patron, presumably China. But that’s ridiculous. Beijing is smarter than that.
Espionage is a long game, not a race, and countries are patient. Blackmail is a quick, brutal method of acquiring information in the short term.
It typically begins when foreign agents play on a target’s existing weakness — a penchant for gambling, for example, or deviant sexual behavior — enticing the target to indulge in it and then threatening exposure.
That’s a lot of work for a short-term gain. Blackmail targets are almost always found out, or turn on their blackmailers or end their lives. No, a better use for that database is as a reference to create the background for the perfect mole.
A Beijing spymaster could load up Deep Panda’s database and search for previous successful applicants who speak Chinese and have family on the mainland. Having relatives in China doesn’t necessarily exclude applicants, even those who work for Beijing.Let’s say Beijing wants an agent who is an attractive candidate for the State Department. It needs people with strong foreign-language skills and cultural ties to China. But it wants to make sure those people — or their family members — aren’t too closely connected to the Chinese Communist Party.
That kind of connection might lend legitimacy to the cover Beijing wants to craft for an agent.
It may even help because Washington often seeks out dissidents in foreign countries to consult with its intelligence agencies. A mole with a clever story about, for example, arguing over politics with a brother back home is the kind of cover that makes a faux-dissident believable.
But some family ties are too close for comfort. It is highly unlikely that Washington would ever give clearance to the child of a powerful general or party official, for example, no matter how that daughter or son appears to loathe their father.
Before last week, China didn’t know where the line was. Thanks to Deep Panda’s database, however, Beijing now probably knows how close it can place an operative to the Communist Party before Washington denies them a security clearance.
Security clearances also involve lengthy interviews. Deep Panda vacuumed up not just Form 86, but all supporting documentation. Which means its database will include virtually every question Washington asks potential employees.
An agent prepared by Deep Panda’s database would be like a college student taking a final — after they’ve seen all the answers.
Security clearances also involve polygraph tests. The lie detectors are supposed to help root out potential foreign agents. But the machines are notoriously finicky, and a person administers the test and interprets its results. An experienced agent can manipulate the tester. It’s happened before.
In the 1960s, Karl Koecher made a name for himself in Czechoslovakia with a satirical radio show that lambasted the Soviet Union and the Communist Party. He and his wife fled the country and immigrated to the United States in 1965. He earned a doctorate from Columbia University, became an U.S. citizen in 1971 and started working for the CIA in 1973.
Koecher gained a high-level security clearance and began translating and analyzing sensitive information for the agency. He worked off and on for the CIA over the next 10 years.
He was sending reports back home to the Soviet Union the entire time.
Soviet intelligence officers had carefully constructed Koecher’s entire life — from his days as a dissident radio personality to his desire to flee communism — in order to convince Washington it could trust him.
Koecher actually failed his polygraph test in 1973. But he was able to talk his way out of that failure. He offered the person administering the test a litany of excuses. The agency bought his bundle of lies and Koecher passed CIA secrets back to the Soviets for roughly a decade.
If a Kremlin agent can talk his way through a failed polygraph test during the Cold War, a Chinese agent with sophisticated training and stolen information could do the same today.
It may seem ridiculous to invest years of a person’s life into penetrating the state secrets of a foreign power. But the information sleeper agents and moles provide is often critical. So it’s not a question of if we will see a Chinese version of Koecher — but when.