HOUSE_OVERSIGHT_019705.jpg

The NSA’‘s Back Door | 217 through the back door of outside contractors were not fully vetted. (On August 20, 2015, USIS agreed to forfeit $30 million in fees to settle the lawsuit.) USIS was also open to sophisticated hacking attacks by outsid- ers. In August 2014, the Department of Homeland Security’s coun- terintelligence unit discovered such a massive and persistent breach in USIS that it shut down its entire exchange of data with it. The intrusion into USIS records in this case was attributed to hackers in China most likely linked to the Chinese intelligence service. Such massive intrusions dated back to 2011. USIS’s lack of security in its website left a gaping hole through which outside parties, including Chinese and Russian hackers, could learn both the identity and the background information of specialists applying for jobs at the NSA. These private companies also did not sufficiently protect the per- sonal data of their independent contractors working at the NSA. The hackers’ group Anonymous took credit for the successful 2011 attack on the Booz Allen Hamilton servers. It also cracked the algo- rithms used to protect employees. It next injected so-called Trojan ) horse viruses and other malicious codes into Booz Allen servers © that allowed it future entry. If amateur hackers such as Anonymous could break into the computers of the NSA’s largest contractor, so could adversaries’ state espionage services with far more advanced hacking tools. From these sites, China or Russia could obtain all the job applications and personal résumés submitted to contractors such as Booz Allen. It could then compile a list of the best candidates to do its bidding. These deficiencies in the private sector were compounded by the failure of security in the government’s own Office of Person- nel Management. It used a computer system called e-QIP in which intelligence employees, including outside contractors, updated their computerized records to maintain or upgrade their security clear- ances. For example, Snowden updated his clearance in 2011. To do so, these employees constantly updated their financial and personal information. As it turned out, there was a major hole in the e-QIP system. It has repeatedly been hacked by unknown parties since 2010. In 2015, the U.S. government told Congress that China was most likely responsible, but Russia and other nations with sophis- | | Epst_9780451494566_2p_all_r.indd 217 ® 9/3016 8:13AM | | HOUSE_OVERSIGHT_019705