China sus­pected in breach of 4 mil. US per­son­nel data

The China Post - - FRONT PAGE - BY KEN DI­LA­NIAN AND RI­CARDO ALONSO-ZAL­DIVAR

China-based hack­ers are sus­pected of break­ing into the com­puter net­works of the U.S. gov­ern­ment per­son­nel of­fice and steal­ing iden­ti­fy­ing in­for­ma­tion of at least 4 mil­lion fed­eral work­ers, Amer­i­can of­fi­cials said.

The U.S. Depart­ment of Home­land Se­cu­rity said Thurs­day in a state­ment that data from the Of­fice of Per­son­nel Man­age­ment and the U.S. In­te­rior Depart­ment had been com­pro­mised.

“The FBI is con­duct­ing an in­ves­ti­ga­tion to iden­tify how and why this oc­curred,” the state­ment said.

The hack­ers were be­lieved to be based in China, said Sen. Su­san Collins.

Collins, a mem­ber of the U.S. Se­nate’s in­tel­li­gence com­mit­tee, said the breach was “yet an­other in­di­ca­tion of a for­eign power prob­ing suc­cess­fully and fo­cus­ing on what ap­pears to be data that would iden­tify peo­ple with se­cu­rity clear­ances.”

A spokesman for the Chi­nese Em­bassy in Wash­ing­ton called such ac­cu­sa­tions “not re­spon­si­ble and coun­ter­pro­duc­tive.”

“Cy­ber­at­tacks con­ducted across coun­tries are hard to track and there­fore the source of at­tacks is dif­fi­cult to iden­tify,” spokesman Zhu Hai­quan said Thurs­day night. He added that hack­ing can “only be ad­dressed by in­ter­na­tional co­op­er­a­tion based on mu­tual trust and mu­tual re­spect.”

A U.S. of­fi­cial, who de­clined to be named be­cause he was not au­tho­rized to pub­licly dis­cuss the data breach, said it could po­ten­tially af­fect ev­ery fed­eral agency. One key ques­tion is whether in­tel­li­gence agency em­ployee in­for­ma­tion was stolen. For­mer gov­ern­ment em­ploy­ees are af­fected as well.

‘Attack against the na­tion’

“This is an attack against the na­tion,” said Ken Ammon, chief strat­egy of­fi­cer of Xceed­ium, who said the attack fit the pat­tern of those car­ried out by na­tion states for the pur­pose of es­pi­onage. The in­for­ma­tion stolen could be used to im­per­son­ate or black­mail fed­eral em­ploy­ees with ac­cess to sen­si­tive in­for­ma­tion, he said.

The Of­fice of Per­son­nel Man­age­ment is the hu­man re­sources depart­ment for the fed­eral gov­ern­ment, and it con­ducts back­ground checks for se­cu­rity clear­ances. The OPM con­ducts more than 90 per­cent of fed­eral back­ground in­ves­ti­ga­tions, ac­cord­ing to its web­site.

The agency said it is of­fer­ing credit mon­i­tor­ing and iden­tity theft in­sur­ance for 18 months to in­di­vid­u­als po­ten­tially af­fected. The Na­tional Trea­sury Em­ploy­ees Union, which rep­re­sents work­ers in 31 fed­eral agen­cies, said it is en­cour­ag­ing mem­bers to sign up for the mon­i­tor­ing as soon as pos­si­ble.

In Novem­ber, a for­mer DHS con­trac­tor dis­closed an­other cy­ber­breach that com­pro­mised the pri­vate files of more than 25,000 DHS work­ers and thou­sands of other fed­eral em­ploy­ees.

Cy­ber­se­cu­rity ex­perts also noted that the OPM was tar­geted a year ago in a cy­ber­at­tack that was sus­pected of orig­i­nat­ing in China. In that case, au­thor­i­ties re­ported no per­sonal in­for­ma­tion was stolen.

One ex­pert said it’s pos­si­ble that hack­ers could use in­for­ma­tion from gov­ern­ment per­son­nel files for fi­nan­cial gain. In a re­cent case dis­closed by the IRS, hack­ers ap­pear to have ob­tained tax re­turn in­forma- tion by pos­ing as tax­pay­ers, us­ing per­sonal in­for­ma­tion gleaned from pre­vi­ous com­mer­cial breaches, said Rick Hol­land, an in­for­ma­tion se­cu­rity an­a­lyst at For­rester Re­search.

“Given what OPM does around se­cu­rity clear­ances, and the level of de­tail they ac­quire when do­ing th­ese in­ves­ti­ga­tions, both on the sub­jects of the in­ves­ti­ga­tions and their con­tacts and ref­er­ences, it would be a vast amount of in­for­ma­tion,” Hol­land added.

DHS said its in­tru­sion de­tec­tion sys­tem, known as EIN­STEIN, which screens fed­eral In­ter­net traf­fic to iden­tify po­ten­tial cy­ber threats, iden­ti­fied the hack of OPM’s sys­tems and the In­te­rior Depart­ment’s data cen­ter, which is shared by other fed­eral agen­cies.

It was un­clear why the EIN­STEIN sys­tem didn’t de­tect the breach un­til af­ter so many records had been copied and re­moved.

“DHS is con­tin­u­ing to mon­i­tor fed­eral net­works for any sus­pi­cious ac­tiv­ity and is work­ing ag­gres­sively with the af­fected agen­cies to con­duct in­ves­tiga­tive anal­y­sis to as­sess the ex­tent of this al­leged in­tru­sion,” the state­ment said.

Cy­ber­se­cu­rity ex­pert Mor­gan Wright of the Cen­ter for Dig­i­tal Gov­ern­ment, an ad­vi­sory in­sti­tute, said EIN­STEIN “cer­tainly ap­pears to be a fail­ure at this point. The gov­ern­ment would be bet­ter off out­sourc­ing their se­cu­rity to the pri­vate sec­tor where’s there at least some ac­count­abil­ity.”

Rep. Adam Schiff, a mem­ber of the U.S. House of Rep­re­sen­ta­tives in­tel­li­gence com­mit­tee, called the hack “shock­ing, be­cause Amer­i­cans may ex­pect that fed­eral com­puter net­works are main­tained with state of the art de­fenses.”

Ammon said fed­eral agen­cies are rush­ing to in­stall two-fac­tor au­then­ti­ca­tion with smart cards, a sys­tem de­signed to make it harder for in­trud­ers to ac­cess net­works. But im­ple­ment­ing that tech­nol­ogy takes time.

Se­nate In­tel­li­gence Com­mit­tee Chair­man Richard Burr, said the gov­ern­ment must over­haul its cy­ber­se­cu­rity de­fenses. “Our re­sponse to th­ese at­tacks can no longer sim­ply be no­ti­fy­ing peo­ple af­ter their per­sonal in­for­ma­tion has been stolen,” he said. “We must start to pre­vent th­ese breaches in the first place.”

Newspapers in English

Newspapers from Taiwan

© PressReader. All rights reserved.