China denies it was behind massive breach of US government data and employee records
Chinese hackers have been accused of an attack on America, after the US government suffered a second massive hack of the federal agency that handles security clearances and staff records.
The attack, which was reportedly detected back in April this year, hit the Office of Personnel Management (OPM) which handles staff records and security clearances.
A US law enforcement source told Reuters a “foreign entity or government” was believed to be behind the cyber attack. Authorities were looking into a possible Chinese connexion, a source close to the matter reportedly said.
The FBI is investigating the breach, which could potentially be the largest ever compromise of US government data.
But it should be noted that this is not the first time that the Office of Personnel Management (OPM) has been hacked.
Last July it was revealed that the OPM had been hacked in March 2014. The hackers back then targeted the files on tens of thousands of employees who had applied for top-secret security clearances, and they were apparently able to gain access to some of the agency’s databases, before the federal authorities detected the threat and blocked it. That attack was traced to China.
In this latest attack, Reuters said that the OPM did detect malicious activity affecting its information systems. The Department of Homeland Security said it concluded at the beginning of May that the agency’s data had been compromised and about 4 million workers may have been affected.
It was not revealed what kind of information has been compromised, but the hackers reportedly hit OPM’s IT systems and its data stored at the Department of the Interior’s data centre, a shared service centre for federal agencies.
The Chinese have once again denied that they were behind the latest attack.
Chinese Foreign Ministry spokesman Hong Lei told the media that China hoped the United States would have more trust and cooperate more.
“Without first thoroughly investigating, always saying that ‘it’s possible’, this is irresponsible and unscientific,” Hong was quoted as saying.
“In terms of sensitive data, whoever carried out this attack has hit the mother lode,” said Chris Boyd, a malware intelligence analyst at Malwarebytes. “If reports are correct and a huge number of government employees details have been compromised, then this could not only be used for financial gain, but also as the basis for targeted attacks through spear phishing. Government employees pose a lot of interesting opportunities for so-minded individuals, and a stolen database of their details has a lot of value.”
“The personal information stolen is the kind which never really expires or goes out of fashion. As such, many of the 4 million affected could find they’ll have this following them around for many years to come,” said Boyd. “This is another example of how, given a ripe target, well motivated sophisticated hacker groups are proving a huge problem for organisations which maintain vast databases of sensitive information.”
“Unfortunately the federal government breach underlines the fact that current cyber security defences are not sophisticated enough to prevent infiltration,” said Tony Berning, senior manager at OPSWAT.
“For high security and classified networks it is important to secure the data flow by deploying one-way security gateways and ensuring that no information can leave the network,” said Berning. “In addition, to ensure the highest protection against known and unknown threats, multi-scanning with multiple anti-malware engines should be deployed.”
“Theft of personal and demographic data allows one of the most effective secondary attacks to be mounted: direct spear-phishing to yield access to deeper system access, via credentials or malware thus accessing more sensitive data repositories as a consequence,” said Mark Bower, global director, HP Security Voltage.
“These attacks, now common, bypass of classic perimeter defenses and data-at-rest security and can only realistically be neutralised with more contemporary data-centric security technologies,” said Bower. “Detection is too late. Prevention is possible today through data de-identification technology.”
China has been repeatedly blamed in the past for a number of “state sponsored” attacks against US government departments and businesses. Attempts by both countries to tackle the scourge of cyber crime together stalled last year.
Matters were not helped when the US filed hacking charges against Chinese army personnel. In late May 2014, the US filed indictments against five members of Unit 61398 of the Chinese People’s Liberation Army (PLA).
Previous “state sponsored” attacks have hit healthcare provider Anthem; US Investigations Services (USIS), the largest provider of background investigations to the American government; as well as numerous defence contractors.
As a result, President Barack Obama, created a new sanctions scheme against hackers after he signed an executive order in April this year.
He declared hacking a “national emergency” and it means that for the first time ever that sanctions will be used to financially punish individuals and groups outside the United States who are involved with malicious cyber attacks.
What do you know about Internet security? Find out with our quiz!