Report exposes missteps in bid to halt hacking
While chasing one hacker, feds missed a second
WASHINGTON — It was time to purge the hacker from the U.S. government’s computers.
After secretly monitoring the hacker’s online movements for months, officials worried he was getting too close to critical information, so they devised a plan, called the “Big Bang,” to expel him.
Trouble was, with all their attention focused in that case, they missed the other hacker entirely.
A congressional report provides previously undisclosed details and a behind-the-scenes chronology of one of the worst-ever cyberattacks on the United States. It lays out missed opportunities before the break-in at the Office of Personnel Management exposed security clearances, background checks and fingerprint records. That intrusion — blamed on China’s government — compromised information of more than 21 million current, former and prospective federal employees and led to the resignation of the OPM director.
The report by the House Committee on Oversight and Government Reform faulted the personnel agency for failing to secure sensitive data despite warnings for years that it was vulnerable to hackers.
“We had literally tens of millions of Americans whose data was stolen by a nefarious overseas actor, but it was entirely preventable,” Rep. Jason Chaffetz, R-Utah, the committee chairman, said.
The agency’s acting director, Beth Cobert, said that OPM disagrees with much of the report, which she said “does not fully reflect where this agency stands today.” She said the hack “provided a catalyst for accelerated change within our organization,” including hiring new cybersecurity experts.
The government discovered the first hacking in March 2014.
Unknown to the experts, a second intruder posing as an employee of a contractor had infiltrated the system weeks before the “Big Bang” and created an undetected foothold. That hacker used a contractor’s credentials to log into the system, install malicious software and create a backdoor to the network.
Over the next several months, the hacker moved unchecked through the system and stole sensitive security clearance background investigation files, personnel files and, ultimately, fingerprint data.
That breach went undetected until April 2015 when officials traced the flow of stolen material back to an internet address that had been registered to Steve Rogers, the alter ego of Captain America, indicating a spoof account.
The House inquiry did not go into great detail about who was responsible. It mentions that the data breaches discovered in 2015 were likely the work of “Deep Panda,” which has been linked to the Chinese military.