Officials: Hackers sought info for blackmail
WASHINGTON – The investigation into the cyberattack on computers at the U.S. Office of Personnel Management is proceeding on the theory that the hack was directed by the Chinese government and aimed at uncovering sensitive, personal information that could have been used to blackmail or bribe government employees to obtain secrets, officials said Friday.
Social Security numbers, email addresses, job performance reviews and other personal information of about 4 million government workers were siphoned out of the computer servers, said the officials, who spoke on condition of anonymity to discuss internal assessments of the breach.
The information obtained in the attack could be useful on its own and also could be used to craft fake emails that would entice government workers to open attachments that would infect their computers with malicious software designed to bleed additional informa- tion off federal computers. Computer security experts call such attacks “spearphishing.”
There is no indication so far that classified servers were breached. But the hackers were able to penetrate the personnel agency’s networks for several months before monitoring tools deployed by the Department of Homeland Security detected them. Similar infiltrations have been conducted by Chinese and Russian hackers over the last year.
“This was not a hack for commercial interests,” a senior law enforcement official said, contrasting it with cyberattacks that have targeted cutting-edge technology or manufacturing specifications for popular products. The attack on the personnel agency car- ried the hallmarks of an intelligence operation, officials said.
The most recent breach was the second major lapse at the personnel agency in the last two years. In March 2014, officials at the agency discovered that Chinese hackers had entered a database that tracks the files of federal employees applying for security clearances, potentially valuable information for identifying who has access to U.S. secrets.
Foreign spy agencies have collected information on U.S. government employees for decades. Intelligence agents can use basic biographical details combined with information kept on commercial databases – such as arrest records or credit reports – to find potential recruits? who live with crippling debt or have legal problems that make them susceptible to blackmail.
“As an intelligence agency, there’s a lot of information you can derive from this,” said Ken Ammon, a former official at the National Security Agency.