Were they looking for embarrassing medical information to gain leverage on military personnel?
St. Louis, Missouri (PRWEB) October 07, 2011
Jarrett Kolthoff, CEO of Cyber Counterespionage firm SpearTip, was interviewed by CBS-affiliate KMOV about the recent theft of two-decades-worth of medical data on nearly five million military personnel. Part of the interview was broadcast. An expansion of that interview is included here.
The custodian of the records, Science Applications International Corporation (SAIC), reported the data breach had occurred two weeks earlier, when numerous back-up tapes were assertively stolen in a break-in of an employee’s car, while the tapes were in transit across town.
SAIC downplayed the breach, saying no financial information was involved, although SAIC acknowledged the tapes contained sensitive medical information. SAIC discounted harm from the loss of this information, saying: “The risk of harm to patients is judged to be low despite the data elements involved, since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure.” Kolthoff said this statement is not an assurance that data was encrypted. The news report indicated that only “some” of the tapes were encrypted.
Kolthoff believes the risk is not limited to financial transactions, as SAIC indicated, but arises from leverage the thieves may have attempted to gain from the sensitive personal information. “If the theft was orchestrated by a rival foreign government – the Iranians, Chinese, or the re-emergent Russian adversary, for example – you have to ask: were they looking for embarrassing medical information to gain leverage on military personnel to obtain military secrets or other intelligence?” These concerns were mirrored by FBI Director Robert Mueller when he informed the House intelligence committee that cyber espionage originating from China, Russian, and Iran was "one of the most significant and complex threats facing the nation."
As for SAIC’s confidence in the difficulty of accessing the data, Kolthoff pointed out that “knowledge of and access to specific hardware and software and knowledge of the system and data structure,” is well within the capabilities of sophisticated data thieves sponsored by nation states or foreign organized crime enterprises. Kolthoff also noted the unusual circumstances of the theft, pointing out "the lack of physical control of this sensitive data." He questioned why appropriate security procedures were not followed.
Kolthoff suggests that anyone who is concerned about possible blackmail with information from the tapes consider using a trustworthy, independent third party as a confidential initial mediator with the government, in order to protect against blackmail while preserving employment and personal privacy.
SpearTip is a "tip of the spear" advisory firm offering counterespionage capabilities built on un-conflicted advice to corporate counsels and chief executives. Our team focuses on cyber investigations and counterintelligence activity that assists our clients to identify, assess, neutralize, and exploit the espionage threats leveled against their corporations.
# # #