In a recent article by the LATimes it references foreign countries creating large databases of American military and government workers for use to blackmail, recruit and craft dedicated spear phishing campaigns towards U.S officers and officials.
This is a concern, because with every hack (Anthem, OPM and even Ashley Madison) nation state attackers are able to garner and piece together the growing puzzle that is the American government user base. These are also only the hacks we now about and I’m sure there’s a ton that have gone without notice, so with every new hack nation states are dropping down another piece of the puzzle. Many times they don’t even have to perform the hack, they just need to take the data from others that have posted their work on the dark webs (E.G Ashley Madison database on the dark web with .mil or .gov email addresses) as a gift towards their big data initiatives. With each new breach we’re giving away personal information that these nation states are using as evil marketers to learn more about their targets, which in this case is our government. This is interesting, because the government can attempt to perform as much security awareness on their employees, invest millions of dollars on technical security infrastructure all to be shot to hell by private sector hacks giving away information about government workers. This is by far the weakest link and the attackers have noticed it. There’s blood in the water and the sharks are circling.
The other problems with these attacks is that they doesn’t exclude others from being caught in their net and the intended targets, along with innocent user bystanders, are caught in the crossfire. With the Anthem breach (where the data hasn’t been seen for sale on the black market, so it’s most likely being used by a nation state) EVERY users data was scoped up for the entire company, whereas the intended targets were supposedly only government officials/officers. This is putting American citizens privacy in the middle of an international data war. We’re all becoming collateral damage, or throw away data, that’s most likely sold or reused later if needed, but still not the intended targets of the breach. It’s as if the American public was hit by a drive-by shooting and is just another victim of pointless violence. We’re all sufferers of nation state attacks, not just the intended targets.
"Clowns to left of me, jokers to the right, Here I am, stuck in the middle with you" ~ Stealers Wheel