In
perhaps one of the most prolific hacks in American history, anywhere from 4 to
18 million current and former federal employees had their personal information stolen
a few weeks ago. The data was being
stored in a vast database run by the Office of Personnel Management (OPM). Based on early identification of the
methodology used to obtain the data, law enforcement officials attribute the
intrusion to the same Chinese hackers that attacked Anthem Insurance earlier
this year. According to U.S. officials, “the
breach, which was revealed Thursday and affected current and former federal
workers from nearly every government agency, could be the biggest ever of the government's
computer networks” (Liptak, Schleifer, & Sciutto, 2015). Cybersecurity professionals believe the goal
behind the attack was to build a database of federal employees with the intent
of fostering future “insider” attacks.
Within the OPM database was security clearance information including
which federal employees claimed family and friends living in China. Experts theorize that this information could
eventually be used to blackmail U.S. citizens with high-level security
clearances to leverage classified information.
Weeks later, it appears the federal government is no closer to
discovering how the massive breach occurred or at least has not been entirely
forthcoming about the details. “The
cybersecurity experts added that some government agencies have not been
following the government's own best practices for cybersecurity, such as
updating operating systems with latest protections” (Liptak, Schleifer, &
Sciutto, 2015).
And
while the Chinese government neither confirms nor denies its involvement in the
breach (surprise), this incident falls squarely into everything the cyber
community knows about China’s modus operandi.
In 2014 the computer security firm Mandiant released a ground breaking
report detailing a lengthy and sophisticated hacking campaign by a unit within
China’s Peoples Liberation Army. The report
entitled APT1 (Advanced Persistent Threat 1) detailed three years of
observation into a Chinese military unit’s cyber activities based in mainland
China. Mandiant’s findings were alarming
in the complexity and persistence of the Chinese government’s development of their
offense cyber capabilities.
In
the end, the OPM hack although extraordinarily massive in its scope is just
another example in China’s pattern of using offensive hacking to further their
long-term geopolitical agenda.
References
Liptak,
K., Schleifer, T., & Sciutto, J. (2015). China might be building vast
database of federal worker info, expert says. CNN. Retrieved from http://www.cnn.com/2015/06/04/politics/federal-agency-hacked-personnel-management/
Mandiant.
(2014). 2014 Threat Report. Retrieved from
https://dl.mandiant.com/EE/library/WP_M-Trends2014_140409.pdf
