The "high-level snooping" foreign spy agencies have been carrying out on US computer networks isn't simply a matter of trolling for state secrets. It's also a way to expose US spies—as well as contractors who provide tech support—who can then be blackmailed and even recruited, the Los Angeles Times reports. And US officials say those countries, especially China and Russia, have a sophisticated system to "aggressively" cross-index and aggregate hacked data, using everything from airline and medical records to social media accounts. The foreign agencies search for weaknesses (e.g., relationship, money, and health problems) that could make a US intelligence agent vulnerable to exploitation. This multi-layered scrutiny can indicate "who is an intelligence officer, who travels where, when, who's got financial difficulties, who's got medical issues, [to] put together a common picture," the head US counterintelligence official tells the Times.
This is a major reason why the Pentagon is poring over the Ashley Madison hack. "A foreign spy agency now has the ability to cross-check who has a security clearance, via the OPM breach, with who was cheating on their wife, via the Ashley Madison breach, and thus identify someone to target for blackmail," a cybersecurity expert says. Making it difficult to pin the hacks and data analysis on foreign states: Chinese and Russian officials recruit criminal hackers to steal the data, then farm out data analysis to private software companies to keep their own hands clean. For now, the National Counterintelligence and Security Center has a tip for vulnerable government workers: Use "extra precaution" if people "approach you in a friendly manner and seem to have a lot in common with you." (The rest of us have cause for concern, too: 95% of Android smartphones are vulnerable.)