So much for "the best defense is a good offense"; for all its cyberspying, feds fail to stop Chinese hackers biggest attack yet
On Thursday the Obama administration acknowledged that up to 4 million current and former employees of U.S. federal government may have had their personal and/or financial records stolen. News of the massive data breach at the U.S. federal government comes after a report earlier in the day from The New York Times which revealed federal employees had began receiving notice of the breach.
I. The Third Attack
Both
The New York Times and
The Washington Post reported Thursday unnamed federal officials close to the ongoing investigation that the attacks had been traced to servers in China. The New York Times report points out that this is the third major breach of federal government networks traced to a rival superpower over the course of the last year.
In June
The New York Times reported that the networks of
the Office of Personnel Management (OPM) -- a semi-autonomous federal agency in charge of personnel duties -- were breached by hackers traced to Chinese IP addresses.
The hackers appeared to be hunting for a database housed on the network called e-QIP. e-QIP is used to screen federal security clearance request from government employees and contractors. Applicants have to submit personal information and financial records. The level of requested clearance is also in the database, hence it could potentially be used to identify high value targets such as undercover agents overseas and top researchers.
[Image Source: OPM/Stripes]
The attack was detected by watchdog software. Reports did not indicate whether or no exfiltration occured, but the attack forced a widespread effort shore up the security of federal networks.
Following the summer breach came news in October that
the White House found its email networks compromised. Various reports indicated the breach to be a probable espionage attempt. Various outlets reported the attack may have been traced to Russia, although some early reports noted administration suspicion of Chinese involvement.
A White House email network was breached last October. [Image Source: The White House/Peter Souza]
Now the OPM has yet again been targeted, but this time different kinds of data were taken and the scope appeared far broader, raising tough questions about not only the U.S. federal government's lacking network security, but also regarding what the attackers true motives are.
II. Russia, China, and U.S. Mired in Cyberwar
Tensions mounted with China and Russia last year following a series of geopolitical spats. Russia and the U.S. clashed on the subject of Ukraine, where a complex situation had led to an ouster of an embattled pro-Russia President amid a growing local rebellion. Russia accused the U.S. of backing a "coup" to install a Western leaning government. It subsequently helped to arm and train pro-Russia rebels in the east and Crimea, a sea-facing province of southeast of Ukraine.
Things grew more heated after eastern Ukranian rebels
in July to shoot down a Malaysian passenger jet, in an apparent case of mistaken identity. Russia was accused by the U.S. and European allies of providing the rebels with the anti-aircraft missiles used in the shootdown. The U.S. issued sanctions against Russia in response to its alleged involvement in the crash and ongoing support of pro-Russia rebels in Ukraine.
Russian Prime Minister Vladimir Putin has Clashed w/ the U.S. [Image Source: Reuters]
[Image Source: MakeUseOf]
China has been regularly hacking the Pentagon since at least 2007. [Image Source: CNN]
Tensions have run high since China found out about the NSA spy scheme and since the Obama administration countered by charging 5 PLA officers. [Image Source: FBI]
The Obama administration's dialogue with China failed to provoke action on the issue of spying.
[Image Source: Reuters]
Protesters picket a new NSA data center in Utah. [Image Source: Bloomberg]
III. The Big One
There's an old adage that "the best defense is a good offense."
That certainly does not appear to be true here. For all its global offense, the feds appear to be woefully lacking in defense. Now the U.S. federal government is left trying to determined the extent of damage from another Chinese-linked breach.
Unless the federal government is engaging in some elaborate deception to feign weakness or perhaps some sort of honeypot scheme, these ongoing embarassments ring rather ironic. Apparently the U.S. is better at spying on its citizens without due process and spying on trade allies than it is at defending its own networks.
Ironically, sources indicate that while the White House had vowed to put in place new security safeguards -- including more thorough review of all internet connection attempts to federal networks and restrictions to remote access -- federal security agencies were slow to act on that mandate. As a result hackers are believed to have gained access to the OPM network a second time late last year.
And they reportedly lurked on the network until April, when the breach was discovered. The good news is that discovery does sort of validate agency claims that the new security system software and procedures work. The software system -- dubbed "Einstein" -- detected signs of the breach shortly after it was installed earlier this year.
[Image Source: HowToDojo]
We take all potential threats to public- and private-sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” he said.
The FBI says it's investigating the breach. [Image Source: ClearanceJobs]
Just how damaging the attack will prove to be may fall upon who is behind it.
According to The New York Times, it's unclear whether the attackers are merely profit-motivated Chinese blackhats looking to scoop up social security numbers and other financial details stored by the OPM. Alternatively, there remains suspicion that the PLA could be behind the attack, covering its tracks by appearance of financial motive. Or the truth may lie somewhere in between.
OPM Director Katherine Archuleta comments:
Protecting our federal employee data from malicious cyberincidents is of the highest priority at O.P.M. We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.
The OPM has offered the estimated 4 million current and former employees exposed free credit reporting to watch for signs of identity theft.
The OPM is currently reaching out to 4 million government employees past and present to inform them of the breach and offer credit monitoring service. [Image Source: iStockPhoto]
The Washington Post offers up some more in-depth details on what is known so far about this latest intrusion,
reporting:
The OPM, using new tools, discovered the breach in April, according to officials at the agency who declined to discuss who was behind the hack.
Other U.S. officials, who spoke on the condition of anonymity, citing the ongoing investigation, identified the hackers as being state-sponsored.
One private security firm, iSight Partners, says it has linked the OPM intrusion to the same cyberespionage group that hacked the health insurance giant Anthem. The FBI suspects that that intrusion, discovered in February, was also the work of Chinese hackers, people close to the investigation have said.
The intruders in the OPM case gained access to information that included employees’ Social Security numbers, job assignments, performance ratings and training information, agency officials said. OPM officials declined to comment on whether payroll data was exposed other than to say that no direct-deposit information was compromised. They could not say for certain what data was taken, only what the hackers gained access to.
This infographic from CardConnect shows some key facts on Data Breaches in 2014.
[We are] very concerned [about the breach]. Data security, particularly in an era of rising incidence of identity theft, is a critically important matter. It is vital to know as soon as possible the extent to which, if any, personal information may have been obtained so that affected employees can be notified promptly and encouraged to take all possible steps to protect themselves from financial or other risks.
