Largest breach of federal government files carried out by suspected Chinese hackers

Jun 09, 2015

Security 7.jpgAs people enjoyed the warmth of summer weather this week, it was revealed that cybercriminals were also turning up the heat by successfully infiltrating federal networks and compromising government employee data. The Obama administration announced in early June that one of the largest breaches of federal employee information had been carried out, with at least 4 million current and former workers impacted. Officials investigating the breach believe the attack originated with malicious actors in China.

The affected records were stored by the Office of Personnel Management, the department that handles security clearances and employee files. According to officials within the administration, the breach appears to have started late last year, but the intrusion was not detected until April. The cybercriminals responsible for the breach appear to have been targeting Social Security numbers and other pieces of personally identifiable information, but officials were not able to determine if the attack was motivated by commercial gain or nation-state espionage.

The Office of Personnel Management is a high-value target for cybercriminals, no matter the motivating factor. The agency serves as the human resources department for the federal government, storing records on background checks, pension payments and forms containing information on what level of security clearance each federal employee has. However, an OPM spokesperson noted that background checks and security clearance forms are stored on a different network than other information in a personnel file and only the separate network was not affected by this particular intrusion. However, a wide range of other information may have been compromised, including Social Security numbers, job assignments, current and former addresses, birth dates and training files.

Nation-state attacks targeting government assets increasing
While all of the information exposed in the hack could be used to conduct identity theft and fraud, that may not be the intent in this scenario. While it is difficult to say definitively who the source of a hack is, federal officials speaking on the matter had little doubt that the cyberattack was launched from China. If this is the case, the breach was more likely conducted as a way to gather intelligence on U.S. officials and employees with high security clearance.

“Every law enforcement officer is recognizable as such in a personnel file,” said Jon Adler, head of the Federal Law Enforcement Officers Association. “[That information] could help terrorists identify who federal officers are, where they live and compromise their identities.”

This is the most recent in a string of data breaches targeting the U.S. government. It was revealed in May that the Internal Revenue Service had been the victim of a major data breach carried out by identity thieves in which tax information on more than 100,000 households was compromised. Cybersecurity experts say that the frequency of such scenarios will likely increase as attack methods become more advanced. On top of the threat of more sophisticated cyberattacks, researchers have also warned that civilian agencies such as the OPM are more vulnerable to being hacked because they don’t benefit from the protection of the Pentagon or National Security Agency.

Realizing the threats federal agencies face from cybercriminals and malicious nation state actors, the Obama administration has requested $14 billion to fund cybersecurity improvement efforts in the proposed 2016 budget, a dramatic increase from last year. However, a larger budget may be of little help if Congress cannot agree on clear guidance on cybersecurity legislation or a single agency to give the authority of overseeing cybersecurity investigations and defense.

Category: Cybersecurity