OPM data offered for sale on the Dark Web

Government records stolen in the recent data breach at the US OPM (Office of Personnel Management) are surfacing from the Dark Web.

While security experts speculate on the possible responsible for the recent data breach at US the Office of Personnel Management (OPM) the alleged data appeared in the dark web. I have personally found it on a popular black market available for sale. The OPM DB sample is offered by a user that use the pseudonymous of PING.

According to a number of colleagues that noticed the same OPM DB dump for sale, the information is being traded actively.

We are speaking of more than 4.1 million federal government employee records dating back to the 1980s.

“The recent OPM breach was identified, noted and the credentials and identities have been discovered online and are being traded actively,” said Chris Roberts, founder and CTO at OneWorldLabs (OWL).

Robert is the same expert that was criticized a few weeks ago to have worried IT community about the presence of security vulnerabilities exploitable in commercial airlines. The FBI accused Roberts of hacking a commercial airplane.

“When these accounts are posted on the darker side of the net, they are usually ‘live’ and are part of a larger breach,” Roberts explained to FoxNews. “They are typically parsed out and sold and distributed to interested parties, something OWL tracks.”

Criminal organizations and intelligence agencies could find many other sensitive data available for sale in the Deep Web, Roberts added that his team has uncovered another 9,500 government log-in credentials that were stolen this week from a number government offices across the US.

Roberts reported to the FBI his discovery, but the presence of the data in the black market is a bad news because it means that the sensitive information are rapidly circulating from hands to hands.

We cannot ignore that this information stolen in the OPM data breach could be used for further attacks by a plethora of threat actors in the wild, as I have highlighted many times they could be used for spear phishing attacks against other Government Agencies.

“Whoever now holds OPM’s records, possesses something like the Holy Grail from a [counterintelligence] perspective,” Schindler said. “They can target Americans in their database for recruitment or influence. After all, they know their voices, every last one — the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side perhaps with someone of a different gender than your normal partner — since all that is recorded in security clearance paperwork.” said the former Counterintelligence Officer John Schindler.

“Perhaps the most damaging aspect of this is not merely that four million people are vulnerable to compromise, through no fault of their own, but that the other side now so dominates the information battlespace that it can halt actions against them,” Schindler said. “If they get word that an American counterintelligence officer, in some agency, is on the trail of one of their agents, they can pull out the stops and create mayhem for him or her: run up debts falsely – they have all the relevant data, perhaps plant dirty money in bank accounts -they have all the financials too, and thereby cause any curious officials to lose their security clearances. Since that is what would happen.”

The data disclosed as a sample of the member of the Hell Dark Market place appears as legitimate, if the news is confirmed I think that we have reviewed the initial hyphotesys made on Chinese state-sponsored hackers.

I’m starting to have some doubts, why Chinese hackers hack into OPM system and then offer for sale the data on the black markets?

Is it possible that the attack is organized by a criminal gang?

Pierluigi Paganini

(Security Affairs – Deep Web , OPM DB Dump)