China suspected culprit
A CYBERHACK that may have compromised the data of up four million current and former federal employees may have also affected private citizens, sources said.
Officials reported the incident on Thursday, June 4 and suspect the breach was committed by hackers based in China. Hackers broke into into computer networks of the Office of Personnel Management (OPM) – the human resources department for the federal government, which conducts background checks for security clearances – and the Interior Department.
The hack is now under investigation by the FBI.
Compromised data dates back 30 years ago, may include private individuals
Federal investigators are trying to determine if the information of individuals who never worked for the government has been compromised, ABC News reported.
Concern revolves around SF-86 forms, which are filled out by government employees seeking security clearances and used for background investigations. The SF-86’s provide information not only about the employees, but also family, friends and possibly college roommates: applicants are required to provide, among other information, the full names, email addresses and telephone numbers of “three people who know you well.”
These forms were exposed after hackers infiltrated OPM’s information systems in December, sources told ABC News.
“If the SF-86’s associated with this hack were, in their entirety, part of the stolen information, then that would mean the potential release of a staggering amount of information, affecting an exponential amount of people,” one US official told the news agency.
On Friday, June 5, officials reported that information involved in the breach dates back 30 years ago.
“This is deep. The data goes back to 1985,” a US official said, according to Reuters. “This means that [hackers] potentially have information about retirees, and they could know what they did after leaving government.”
Attack detected in April, OPM informing potential victims
Investigators noticed signs of the attack in April – four months after the the intrusion took place – during an update of security on government computers, senior administration officials said, and the breach appeared to have occurred before tougher security controls were implemented this spring, officials added. The Department of Homeland Security said it concluded in early May that data from the OPM had been compromised.
The personnel office has already begun informing individuals that some of their personal information – including social security numbers and performance evaluations – may have been stolen.
“We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted,” OPM Director Katherine Archuleta said in a statement.
The agency said it is offering credit monitoring and identity theft services to potentially affected individuals.
A US House of Representatives memo seen by Reuters indicates that OPM knows what kind of data was exposed to the hackers, but is unaware of what was stolen. Job assignments and performance ratings were among information to which intruders gained access, The Washington Post reported. The amount of data that was actually compromised remains unclear, according to ABC News.
Espionage by China?
One official who declined to be identified told Associated Press that the breach could potentially affect every federal agency.
“This is an attack against the nation,” said Ken Ammon, chief strategy officer of Sceedium, who told Associated Press the attack mirrored the pattern of those executed by nation states for espionage purposes.
Rich Barger, chief intelligence officer of ThreatConnect, a cybersecurity firm in Northern Virginia, expressed a similar suspicion.
“[Hackers are] definitely going after quite a bit of personnel information,” Barger told the Post. “We suspect they’re using it to understand more about who to target, whether electronically or via human recruitment [for espionage].”
Experts say the purpose of the attack is to establish a database of federal employees so as to be able to conduct “insider” attacks in the future. The stolen information could be used to blackmail or impersonate federal employees who have access to sensitive data, Ammon said.
“This is an intelligence operation designed to help the Chinese government,” a China cyber and intelligence expert, who requested anonymity due to the ongoing investigation, told the Post. “This is government espionage. This is not commercial espionage. It’s a new phase in an evolution of what they’re doing. It certainly requires greater sophistication on their part in terms of being able to take out this much data.”
Law enforcement officials also said Friday that the attack appears to have been conducted by the same Chinese hackers who obtained the information of tens of millions of Anthem Insurance customers in an incident earlier this year, CNN reported.
An editorial published by the Chinese state-run news agency on Friday, June 5, said the accusations toward Chinese hackers are “baseless” and said the situation was “obviously another case of Washington’s habitual slander against Beijing on cyber security.”
China, on Friday, also dismissed the allegations as “irresponsible and unscientific.”
At a regular news briefing, Chinese Foreign Ministry spokesman Hong Lei said Beijing wishes to cooperate with other nations to establish a peaceful and secure cyberspace.
“We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation,” he said.
“Substantial improvement” needed in US cyber databases
The hack was the largest breach of federal employee data in recent years. Last year, Russia hacked emails from the White House and State Department and another break in compromised data of US Postal Service personnel.
“This latest intrusion … is among the most shocking because Americans may expect that federal computer networks are maintained with state-of-the-art defenses,” said Rep. Adam Schiff (D-Calif.), the ranking Democrat on the House Intelligence Committee, who noted the series of data breaches that have affected millions of Americans in the past few months. “The cyberthreat from hackers, criminals, terrorists and state actors is one of the greatest challenges we face on a daily basis, and it’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue.”
Senate Intelligence Committee Chairman Richard Burr (R-N.C.) said the government needs to overhaul its cybersecurity defenses.
“Our response to these attacks can no longer simply be notifying people after their personal information has been stolen,” he said. “We must start to prevent these breaches in the first place.” (With reports from ABC News, Associated Press, CNN, Los Angeles Times, Reuters, The Wall Street Journal and The Washington Post)
(LA Midweek June 10 – 12, 2015 Sec. A pg.5)
