US data breach is an in­tel­li­gence coup for Peo­ple’s Repub­lic of China


The hack­ing of mil­lions of U.S. gov­ern­ment em­ploy­ees is likely part of an ef­fort by Peo­ple’s Repub­lic of China (PRC) in­tel­li­gence for long-term pro­fil­ing — and pos­si­bly more ne­far­i­ous things.

Se­cu­rity an­a­lysts say con­sid­er­able ev­i­dence points to the PRC, and that the cy­ber­in­tru­sion shows the long and pa­tient ef­forts in Bei­jing to col­lect and com­pile data which may be use­ful in the fu­ture.

“It’s nor­mal for big in­tel­li­gence agen­cies to cre­ate large bi­o­graphic data­bases on their op­po­nents,” said James Lewis, a se­nior fel­low at the Cen­ter for Strate­gic and In­ter­na­tional Stud­ies, a Wash­ing­ton think tank.

Lewis said that while data on in­di­vid­u­als may not seem sig­nif­i­cant on the sur­face, anal­y­sis of huge amounts of in­for­ma­tion can pro­vide a strate­gic ad­van­tage.

“They get the same kinds of big data in­sights that com­pa­nies use for tar­geted ad­ver­tis­ing,” he told AFP.

Re­ports last week in­di­cated some 4 mil­lion cur­rent or for­mer gov­ern­ment em­ploy­ees were hit, but a union let­ter said many more — ev­ery fed­eral em­ployee, ev­ery fed­eral re­tiree, and up to 1 mil­lion for­mer fed­eral em­ploy­ees — could also have had per­sonal data com­pro­mised.

Th­ese types of cy­ber­at­tacks are trou­ble­some be­cause they in­volve stealth ac­cess that al­lows in­trud­ers to re­main on com­puter net­works for long pe­ri­ods of time, an­a­lysts say.

John Dick­son, a for­mer Air Force in­tel­li­gence of­fi­cer who is now a part­ner with the se­cu­rity firm Denim Group, said the data­base con­tains a trove of im­por­tant in­for­ma­tion for a for­eign in­tel­li­gence ser­vice, in­clud­ing back­ground checks from peo­ple with se­cu­rity clear­ances.

An anal­y­sis of the in­ci­dent by the Vir­ginia-based se­cu­rity firm ThreatCon­nect backs the the­ory that the PRC was be­hind the breach.

John Schindler, a for­mer Na­tional Se­cu­rity Agency of­fi­cer who is now a con­sul­tant, said the data is “the Holy Grail” from an in­tel­li­gence per­spec­tive.

The hack “is un­prece­dented in its scope, of­fers our ad­ver­saries the op­por­tu­nity to pen­e­trate our gov­ern­ment and use that in­for­ma­tion to de­ceive it at a strate­gic level,” he said in a blog post.

Health Hack Con­nec­tion?

The attack tar­get­ing the U.S. Of­fice of Per­son­nel Man­age­ment could be con­nected to other data breaches even though they may not seem sim­i­lar on the sur­face, say an­a­lysts.

In re­cent months, breaches af­fect­ing tens of mil­lions of Amer­i­cans have been re­ported at health in­sur­ance firms such as An­them and CareFirst, mem­bers of the Blue Cross Blue Shield As­so­ci­a­tion — which cover many fed­eral gov­ern­ment em­ploy­ees.

ThreatCon­nect said its anal­y­sis shows sim­i­lar soft­ware and signatures in both the OPM in­ci­dent and the health care breaches, sug­gest­ing th­ese could be part of the same ef­fort to com­pile in­tel­li­gence data.

Anup Ghosh, founder and chief ex­ec­u­tive of the se­cu­rity firm In­vincea, said the in­ci­dents sug­gest a long-term plan “build­ing dossiers on tar­gets of in­ter­est.”

Newspapers in English

Newspapers from Taiwan

© PressReader. All rights reserved.