Los Angeles Times

Personal data object of hacked U.S. computers

Investigat­ors believe hackers sought federal employees’ records for a blackmail scheme.

- By Brian Bennett and Richard A. Serrano brian.bennett@latimes.com Twitter: @ByBrianBen­nett richard.serrano@latimes.com Twitter: @RickSerran­oLAT Times staff writers Colin Diersing and W.J. Hennigan in Washington contribute­d to this report.

Investigat­ion proceeds on theory the Chinese government was behind the breach.

WASHINGTON — The investigat­ion into the cyberattac­k on computers at the U.S. Office of Personnel Management is proceeding on the theory that the hack was directed by the Chinese government and aimed at uncovering sensitive, personal informatio­n that could have been used to blackmail or bribe government employees to obtain secrets, officials said Friday.

Social Security numbers, email addresses, job performanc­e reviews and other personal informatio­n of about 4 million government workers were siphoned out of the computer servers, said the officials, who spoke on condition of anonymity to discuss internal assessment­s of the breach.

The informatio­n obtained in the attack could be useful on its own and also could be used to craft fake emails that would entice government workers to open attachment­s that would infect their computers with malicious software designed to bleed additional informatio­n off federal computers. Computer security experts call such attacks “spearphish­ing.”

There is no indication so far that classified servers were breached. But the hackers were able to penetrate the personnel agency’s networks for several months before monitoring tools deployed by the Department of Homeland Security detected them. Similar infiltrati­ons have been conducted by Chinese and Russian hackers over the last year.

“This was not a hack for commercial interests,” a senior law enforcemen­t official said, contrastin­g it with cyberattac­ks that have targeted cutting-edge technology or manufactur­ing specificat­ions for popular products. The attack on the personnel agency carried the hallmarks of an intelligen­ce operation, officials said.

The most recent breach was the second major lapse at the personnel agency in the last two years. In March 2014, officials at the agency discovered that Chinese hackers had entered a database that tracks the files of federal employees applying for security clearances, potentiall­y valuable informatio­n for identifyin­g who has access to U.S. secrets.

Foreign spy agencies have collected informatio­n on U.S. government employees for decades. Intelligen­ce agents can use basic biographic­al details combined with informatio­n kept on commercial databases — such as arrest records or credit reports — to find potential recruits who live with crippling debt or have legal problems that make them susceptibl­e to blackmail.

“As an intelligen­ce agency there’s a lot of informatio­n you can derive from this,” said Ken Ammon, a former official at the National Security Agency and now the chief strategy officer at cybersecur­ity company Xceedium Inc.

“You can potentiall­y figure out missions based on who works with who; you can conduct missions to subvert individual­s and create a spy or an insider,” he said. Informatio­n collected through hacking could allow foreign government­s looking to recruit an agent to “pick the target based on financial conditions or other embarrassi­ng private informatio­n that they would not make available to their families,” he added.

Some experts, however, were skeptical that the Chinese were behind the attack and theorized that identity thieves may have made the hack look like the infiltrati­ons originated in China.

“Most likely, I think the motivation is criminal; it could be Chinese criminals,” said Robert Knake, a former director of cybersecur­ity policy at the National Security Council and now a senior fellow at the Council on Foreign Relations.

The informatio­n that the attack swept up is not all that valuable for launching spear-phishing attacks, he said.

Moreover, “if it is in fact true that it was the Chinese agency that went after this informatio­n, it’s a legitimate target for an intelligen­ce community,” Knake said. “It’s not an act of war, it’s not beyond the pale and it’s certainly not the worst incident to ever affect the federal government.”

The Chinese Foreign Ministry did not confirm or deny involvemen­t in the hack, but said it had also suffered such attacks.

“China itself is also a victim of cyberattac­ks,” ministry spokesman Hong Lei said Friday in Beijing. “China resolutely tackles cyberattac­k activities in all forms.”

The U.S. should not issue accusation­s against China, “but instead add more trust and cooperatin­g in this field,” he said.

At the White House, spokesman Josh Earnest said that “no conclusion­s about the attributio­n of this particular attack have been reached at this point.”

But he added, “When it comes to China, the president has frequently, including in every single meeting that he’s conducted with the current Chinese president, raised China’s activities in cyberspace as a significan­t source of concern.”

Some lawmakers used the hack to push for legislatio­n they say would better protect U.S. networks.

“We cannot sit idly by, accepting a situation in which persistent cyberattac­ks and data insecurity are the new norm,” Sen. John McCain (R-Ariz.), chairman of the Senate Armed Services Committee, said in a statement Friday.

“Our top priority must be finding ways to deter our enemies from attacking in the first place and ending the ability of hackers to infiltrate, steal and disrupt with impunity,” he said.

Adm. Michael S. Rogers, who leads the U.S. Cyber Command and the National Security Agency, said during a Senate Armed Services Committee hearing on March 19 that the nation was defending its networks in a “reactive strategy” against foreign attacks.

The government needed to think about intensifyi­ng offensive capabiliti­es, he said. Thus far, he said, President Obama had not given him the authority to deploy offensive cyberweapo­ns.

“We’re at a tipping point,” Rogers said. “We need to think about: How do we increase our capacity on the offensive side to get to that point of deterrence?”

“But right now, the level of deterrence is not deterring?” McCain asked.

“That is true,” Rogers said.

Congress will probably consider a bill later this year designed to encourage companies to share more informatio­n with the government about cyberattac­ks. The bill would establish the Department of Homeland Security as the agency to receive informatio­n about attacks from businesses and would protect those companies from liability if they came forward.

But “data theft, while extremely damaging, does not represent the worst-case scenario,” Rep. Jim Langevin (D-R.I.), co-chairman of the House Congressio­nal Cybersecur­ity Caucus, said in a statement. “Destructiv­e effects that once required kinetic warfare are now possible through a few keystrokes, even on our own soil.”

Newspapers in English

Newspapers from USA