 
So much for "the best defense is a good offense"; for all its cyberspying, feds fail to stop Chinese hackers biggest attack yet
On Thursday the Obama administration acknowledged that up to 4 million current and former employees of U.S. federal government may have had their personal and/or financial records stolen. News of the massive data breach at the U.S. federal government comes after a report earlier in the day from The New York Times which revealed federal employees had began receiving notice of the breach.
I. The Third Attack
Both The New York Times and The Washington Post reported Thursday unnamed federal officials close to the ongoing investigation that the attacks had been traced to servers in China. The New York Times report points out that this is the third major breach of federal government networks traced to a rival superpower over the course of the last year.
In June The New York Times reported that the networks of the Office of Personnel Management (OPM) -- a semi-autonomous federal agency in charge of personnel duties -- were breached by hackers traced to Chinese IP addresses.
The hackers appeared to be hunting for a database housed on the network called e-QIP. e-QIP is used to screen federal security clearance request from government employees and contractors. Applicants have to submit personal information and financial records. The level of requested clearance is also in the database, hence it could potentially be used to identify high value targets such as undercover agents overseas and top researchers.
 [Image Source: OPM/Stripes] The attack was detected by watchdog software. Reports did not indicate whether or no exfiltration occured, but the attack forced a widespread effort shore up the security of federal networks.
Following the summer breach came news in October that the White House found its email networks compromised. Various reports indicated the breach to be a probable espionage attempt. Various outlets reported the attack may have been traced to Russia, although some early reports noted administration suspicion of Chinese involvement.
 A White House email network was breached last October. [Image Source: The White House/Peter Souza]
Now the OPM has yet again been targeted, but this time different kinds of data were taken and the scope appeared far broader, raising tough questions about not only the U.S. federal government's lacking network security, but also regarding what the attackers true motives are.
Tensions mounted with China and Russia last year following a series of geopolitical spats. Russia and the U.S. clashed on the subject of Ukraine, where a complex situation had led to an ouster of an embattled pro-Russia President amid a growing local rebellion. Russia accused the U.S. of backing a "coup" to install a Western leaning government. It subsequently helped to arm and train pro-Russia rebels in the east and Crimea, a sea-facing province of southeast of Ukraine.
Things grew more heated after eastern Ukranian rebels in July to shoot down a Malaysian passenger jet, in an apparent case of mistaken identity. Russia was accused by the U.S. and European allies of providing the rebels with the anti-aircraft missiles used in the shootdown. The U.S. issued sanctions against Russia in response to its alleged involvement in the crash and ongoing support of pro-Russia rebels in Ukraine.
 Russian Prime Minister Vladimir Putin has Clashed w/ the U.S. [Image Source: Reuters]
Russia countered with sanctions of its own and with accusations that the U.S. was colluding with the Saudi royal family to artificially depress oil prices, damaging Russia's economy. Russia has also turned a blind eye to nationalist blackhat hackers that since 2013 have scored massive breachesagainst top U.S. corporations, including Target Corp. (TGT), Home Depot Inc. (HD), and most recently Staples, Inc. (SPLS). The hacks successfully stole millions of Americans' credit card numbers.
 [Image Source: MakeUseOf]
At the same time the Obama administration was trading jabs with China, a key trade partner, butalso an economic rival. China -- known for its "Great Firewall" and extensive online censorshipefforts -- had for years been accused of targeting the U.S. government with hacks beginning with a major hack of the Pentagon back in 2007. It was also criticized for failing to bring charges against black hat hackers who stole intellectual property secrets from U.S. companies. Chinese hackers have even been accused of infilitrating America's power grid and hacking into U.S. space-control networks.
In 2010 then-U.S. Secretary of State Hillary Clinton delivered a fiery speech denouncing Chinese cyberagression and the Asian superpower's alleged censorship efforts against search giant GoogleInc. (GOOG). In May 2011 the Pentagon chimed in, releasing a new guideline threatening thatcyberattacks could be considered an act of war.
 China has been regularly hacking the Pentagon since at least 2007. [Image Source: CNN]
In Oct. 2012 Chinese companies were scrutinized by a national security panel at the U.S. House. Some in Congress even suggested a ban on sale of Chinese-owned companies' telecommunications hardware and consumers electronics devices. Chinese devicemakers were outraged, pointing out that American firms manufacture their devices in China as well.
The White House ultimately noted to Congress in a report that it was unable to find evidence of Chinese companies actively engaging in cyberespionage, while noting that some Chinese executives' government ties could yet one day prove a threat. But Chinese companies wouldcontinue to face a stream of accusations suggesting that they might be playing a role in cyberattacks.
Private sector security experts tracking Chinese-sourced attacks in 2013 suggested that a secretive Beijing-base unit of hackers within China's Army (the People's Liberation Army (PLA)) of cyberespionage. Experts alleged that this "Unit 61398" had been succesfully exfiltrating of blueprints from military contractors and gathering other valuable secrets via hacks on government entities in the U.S. The unit is believed to be behind a 2012 breach of the White House network.
 Tensions have run high since China found out about the NSA spy scheme and since the Obama administration countered by charging 5 PLA officers. [Image Source: FBI]
China barked back accusing the U.S. of censorship and claiming the U.S. government was targeting it with cyberattacks, not the other way around. It denied claims that it was training a crack unit of military hackers for global cyberespionage.
After the Obama administration threatened vague consequences in a 2013 policy document, China invited American officials to engage in joint talks about cybersecurity. But ultimately both sides left the table unsatisfied. Meanwhile former Obama administration officials continued accusations against top Chinese companies.
The Obama administration's dialogue with China failed to provoke action on the issue of spying.
[Image Source: Reuters]
In June of 2013 things would take an interesting turn after U.S. National Security Agency (NSA)whistleblower Edward Joseph Snowden revealed that federal spy agency was contracting cybercriminals and using a mixture of communication cable intercepts, malware, hardware implants, and zero day exploits to spy on its own citizens, Chinese citizens, Chinese corporations, and the Chinese government.
State-owned Chinese media outlets were fast to blast the Obama administration and U.S. Congress for the constant accusations they had leveled against the PLA and Chinese devicemakers in recent years. In light of the revelations of massive NSA spying on phone and internet networks worldwide, the criticism were at best hypocritical, Chinese reporters argued. And China's government demanded "answers" from the Obama administration about the secret global spy program.
 Protesters picket a new NSA data center in Utah. [Image Source: Bloomberg]
Rather than apologize, though, the Obama administration doubled down, charging five PLA officers believed to be part of Unit 61398 with charges pertaining to a string of private sector intrusions and breach of the U.S. Department of Defense (DoD). China threatened dire "consequences" againstU.S. companies and the U.S. government. It indeed did make some punitives gestures against top American tech firms in months to come.
III. The Big One
There's an old adage that "the best defense is a good offense."
That certainly does not appear to be true here. For all its global offense, the feds appear to be woefully lacking in defense. Now the U.S. federal government is left trying to determined the extent of damage from another Chinese-linked breach.
Unless the federal government is engaging in some elaborate deception to feign weakness or perhaps some sort of honeypot scheme, these ongoing embarassments ring rather ironic. Apparently the U.S. is better at spying on its citizens without due process and spying on trade allies than it is at defending its own networks.
Ironically, sources indicate that while the White House had vowed to put in place new security safeguards -- including more thorough review of all internet connection attempts to federal networks and restrictions to remote access -- federal security agencies were slow to act on that mandate. As a result hackers are believed to have gained access to the OPM network a second time late last year.
[Image Source: Symantec]
And they reportedly lurked on the network until April, when the breach was discovered. The good news is that discovery does sort of validate agency claims that the new security system software and procedures work. The software system -- dubbed "Einstein" -- detected signs of the breach shortly after it was installed earlier this year.
Reportedly attackers used a zero-day exploit to circumvent security measures. Zero-day exploitsare a relatively rare and coveted class of security vulnerabilities that are not only unpatched, but unknown to the company who makes the targeted software product. So-called "whitehat" and "grayhat" hackers try to track down these flaws to prevent this kind of catastrophic breach. Major software companies also extensively review their code for signs of exploitable features. However, ultimately many zero-day exploits slip through the cracks and are only detected when blackhat attacks occur in the wild.
 [Image Source: HowToDojo]
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are currently investigating the breach. Based on the fact that federal employees were notified, it seems probable that they suspect the attackers exfiltrated some data. FBI spokesman Josh Campbell said in a statement:
We take all potential threats to public- and private-sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” he said.
 The FBI says it's investigating the breach. [Image Source: ClearanceJobs]
Just how damaging the attack will prove to be may fall upon who is behind it.
According to The New York Times, it's unclear whether the attackers are merely profit-motivated Chinese blackhats looking to scoop up social security numbers and other financial details stored by the OPM. Alternatively, there remains suspicion that the PLA could be behind the attack, covering its tracks by appearance of financial motive. Or the truth may lie somewhere in between.
OPM Director Katherine Archuleta comments:
Protecting our federal employee data from malicious cyberincidents is of the highest priority at O.P.M. We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.
The OPM has offered the estimated 4 million current and former employees exposed free credit reporting to watch for signs of identity theft.
 The OPM is currently reaching out to 4 million government employees past and present to inform them of the breach and offer credit monitoring service. [Image Source: iStockPhoto]
The Washington Post offers up some more in-depth details on what is known so far about this latest intrusion, reporting:
The OPM, using new tools, discovered the breach in April, according to officials at the agency who declined to discuss who was behind the hack.
Other U.S. officials, who spoke on the condition of anonymity, citing the ongoing investigation, identified the hackers as being state-sponsored.
One private security firm, iSight Partners, says it has linked the OPM intrusion to the same cyberespionage group that hacked the health insurance giant Anthem. The FBI suspects that that intrusion, discovered in February, was also the work of Chinese hackers, people close to the investigation have said.
The intruders in the OPM case gained access to information that included employees’ Social Security numbers, job assignments, performance ratings and training information, agency officials said. OPM officials declined to comment on whether payroll data was exposed other than to say that no direct-deposit information was compromised. They could not say for certain what data was taken, only what the hackers gained access to.
 This infographic from CardConnect shows some key facts on Data Breaches in 2014.
Colleen M. Kelley, president of the second-largest federal worker union, the National Treasury Employees Union (NTEU), comments:
[We are] very concerned [about the breach]. Data security, particularly in an era of rising incidence of identity theft, is a critically important matter. It is vital to know as soon as possible the extent to which, if any, personal information may have been obtained so that affected employees can be notified promptly and encouraged to take all possible steps to protect themselves from financial or other risks.
For now federal employees will just have to wait and see who got their hands on the data and what the long term impact will be, both on the citizens involved and the government itself. The OPM has posted a brief overview acknowledging the attack and some of the details that were reported earlier in the day.
|
No comments:
Post a Comment