The Greatest Security Breach in US History? China’s cyberattack on 4 million Federal Employees
On Thursday, Washington officials released information stating that in December 2014, hackers took data from an estimated 4 million “current and previous federal employees” in the private governmental agency, the Office of Personnel Management (OPM). However, government officials reported this morning “nearly every federal government agency was hit by the hackers.” Investigators are pointing fingers at the Chinese government, when asked who is responsible for the attacks.
The breach was “discovered in April” using “new detection tools,” but the DHS “said it didn’t conclude until May that the records had been taken.” The information hackers had access to from the OPM, according to officials, includes employees “Social Security numbers, job assignments, performance ratings and training information.”
Although specific proof has not yet been provided on this hack, attacks on our cyber security from China are far from unprecedented. In March 2014, a security breach of OPM was tracked back to Chinese cyber attackers. In May 2014, five Chinese military officials were indicted on charges of “economic cyber espionage.” The FBI suspects that a security intrusion on Anthem Health Insurance, which runs Blue Cross and Blue Shield health plans, in February was the work of Chinese hackers as well.
China responded Friday saying the accusations are “irresponsible and unscientific.” Hong Lei, the spokesman for the Chinese Foreign Minister has stated, “We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation.” The Chinese President XI Jinping’s first planned visit to the US is set for September, and cyber security is planned to be a topic of discussion between Presidents.
The Washington Post reports, “Intruders used a ‘zero-day’ – a previously unknown cyber-tool – to take advantage of a vulnerability that allowed the intruders to gain access into the system.” The Department of Homeland Security reportedly used “intrusion detection system EINSTEIN” to discover the invasion of foreign entities in the cyber system. However, according to the Center for Digital Government’s Cyber security expert Morgan Wright, the system has become a “failure.”
The OPM website describes their role as providing “human resources, leadership, and support to Federal agencies and helps the Federal workforce achieve their aspirations as they serve the American people.” The OPM is essentially the Human Resources department of the government, ensuring the entire government is running smoothly with jobs such as hiring and firing employees, managing payroll, training, confirming security clearances for government personnel and “conducting more than 90 percent of federal background investigations.”
The OPM is a valuable government agency holding large amounts of information on each federal employee. Donna Seymour said of the situation, “Certainly, OPM is a high- value target. We have a lot of information about people, and that is something that our adversaries want.” A few examples of what China could do with this information includes use it to conduct their own counterintelligence operations seeking to root out potential U.S. intelligence officers, sending emails from personal email addresses to other co-workers in order to target specific federal computers, or targeting government employees that could “provide useful intelligence” for espionage purposes.
Representative Adam Schiff (D-CA), the senior Democrat on the Intelligence Committee tweeted yesterday his shock with current security measures set in place by the government. Schiff also stated legislation that “passed the House last month” concerning cyber security should pass quickly in the Senate in light of the attack.
The New York Times reports, “The personnel office told current and former federal employees that they could request 18 months of free credit monitoring to make sure that their identities had not been stolen.” As more details come to fruition on one of the greatest security breaches in US history, the US government will decide the necessary steps it needs to take in order to prevent future cyber attacks from not only China, but Russia as well.
The FBI said it is currently investigating the situation and promised to “hold accountable those who pose a threat in cyberspace.”