The identities of a group of American technical experts who have provided assistance to covert operations by the US government overseas have been compromised as the result of cross-referencing of data from the Office of Personnel Management (OPM) and other recent data breaches, according a Los Angeles Times report. The Times' Brian Bennet and W. J. Hennigan cited allegations from two US officials speaking under the condition of anonymity that Chinese and Russian intelligence agencies have worked with both private software companies and criminal hacking rings to obtain and analyze data.

William Evanina, the Office of the Director of National Intelligence's National Counterintelligence Executive, confirmed in an interview with the LA Times that data from breaches had "absolutely" been used to unmask US covert agents. Performing data analytics on breach data could tell foreign intelligence agencies "who is an intelligence officer, who travels where, when, who's got financial difficulties, who's got medical issues" and help create a "common picture" of US intelligence operations, he said.

According to the report, the OPM hack and other major data breaches were being merged and analyzed by China in an effort to both ferret out US covert operations—to provide background information for targeted cyber-attacks—and to provide intelligence on individuals who could be targeted for blackmail. And Russia's Federal Security Service (FSB) is also using recent data breaches and ties to cybercriminals to target US government employees for cyber-attacks, the unnamed officials claimed.

The OPM data breach may have played a role in the recent attack on the e-mail system of the Joint Chiefs of Staff. According to the LA Times report, e-mails to JCS staffers purporting to be from USAA, a bank and insurance company serving current and former military members, carried links to a Web-based malware implant. Russian hackers mounted a similar attack on the State Department's e-mail system last year.

The Department of Defense is reportedly reviewing data from the Ashley Madison breach to determine if any service members' data was included—data that would make them vulnerable to blackmail, as infidelity and adultery are cause for revocation of security clearances and a violation of military law.

By collaborating with private companies and outside hackers rather than using internal government capabilities to gather data, the Chinese and Russian intelligence communities are able to avoid direct attribution of the attacks to them, officials told the Times. That makes it difficult for the US to target them with a response—and it may be why US officials have not directly, publicly implicated the Chinese government in the OPM hack.