The Washington Post
Fri Jun 05 2015
The hack was the largest breach of federal employee data in recent years.
Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S.officialssaid Thursday, and the agency will notify about 4 million current and former federal employees that their personal data may have been compromised.
The hack was the largest breach of federal employee data in recent years. It was the second major intrusion of the same agency by China in less than a year and the second significant foreign breach into U.S.governmentnetworks in recent months. Russia last year compromised White House and State Department email systems in a campaign of cyber-espionage.
The OPM, using new tools, discovered the breach in April, according to officials at the agency who declined to discuss who was behind the hack.
Other U.S.officials, who spoke on the condition of anonymity, citing the ongoing investigation, identified the hackers as being state-sponsored.
One private security firm,iSightPartners, says it has linked the OPM intrusion to the samecyberespionagegroup that hacked the health insurance giant Anthem. The FBI suspects that that intrusion, discovered in February, was also the work of Chinese hackers, people close to the investigation have said.
The intruders in the OPM case gained access to information that included employees' Social Security numbers, job assignments, performance ratings and training information, agency officials said. OPM officials declined to comment on whether payroll data was exposed other than to say no direct-deposit information was compromised. They could not say for certain what data was taken, only what the hackers gained access to.
"Certainly, OPM is a high-value target," OPM Chief Information Officer Donna Seymour said in an interview. "We have a lot of information about people, and that is something that our adversaries want."
The personal information exposed could be useful in crafting "spear-phishing" emails, which are designed to fool recipients into opening a link or an attachment so that the hacker can gain access to computer systems. Using the stolen OPM data, for instance, a hacker might send a fake email purporting to be from a colleague at work.
After the earlier breach discovered in March 2014, the OPM undertook "an aggressive effort to update ourcybersecurityposture, adding numerous tools and capabilities to our networks," Seymour said. "As a result of adding these tools, we were able to detect this intrusion into our networks."
"Protecting our federal employee data from malicious cyber incidents is of the highest priority at OPM," the agency's director, Katherine Archuleta, said in a statement.
In the current incident, the hackers targeted an OPM data center housed at the Interior Department. The database did not contain information on background investigations or employees applying for security clearances, officials said.
By contrast, in March 2014, OPM officials discovered that hackers had breached an OPM system that manages sensitive data on federal employees applying for clearances. That often includes financial data, information about family and other sensitive details. That breach, too, was attributed to China, other officials said. OPM officials declined to comment on whether the data affected in this incident was encrypted or had sensitive details masked. They said it appeared that the intruders are no longer in the system.
"There is no current activity," an official said. But Chinese hackers frequently try repeat intrusions.
Seymour said the agency is working to better protect the data storedinits servers throughout the government, including by using data masking or redaction. "We've purchased tools to be able to implement that capability for all" the data, she said.
Among the steps taken to protect the network, the OPM restricted remote access to the network by system administrators, officials said. When the OPM discovered the breach, it notified the FBI and Department of Homeland Security.
A senior DHS official, who spoke on the condition of anonymity because of the ongoing investigation, said the "good news" is that the OPM discovered the breach using the new tools. "These things are going to keep happening, and we're going to see more and more because our detection techniques are improving," the official said.
FBI spokesman Josh Campbell said his agency is working with DHS and OPM officials to investigate the incident. "We take all potential threats to public- and private-sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace," he said.
The intruders used a "zero-day" — a previously unknown cyber-tool — to take advantage of a vulnerability that allowed the intruders to gain access into the system.
China is one ofthe most aggressivenations targeting U.S.andother Western states' networks.InMay 2014, the United States announced the indictments of five Chinese military officials for economiccyberespionage— hacking into the computers of major steel and other companies and stealingplans, sensitive negotiating details and other information.
"China is everywhere," said Austin Berglas, head of cyber investigationsatK2 Intelligence and a former top cyber officialatthe FBI's New York field office. "They're looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information."
Rep. Adam Schiff of California, ranking Democrat on the House Intelligence Committee, said the past few months have seen a massive series of data breaches affecting millions of Americans.
"This latest intrusion.. .isamong the most shocking because Americans may expect that federal computer networks are maintained with state-of-the-art defenses," he said. "Thecyberthreatfrom hackers, criminals, terrorists and state actorsisone of the greatest challenges we face on a daily basis, and it's clear that a substantial improvement in our cyber-databases and defensesisperilously overdue."
The president of the nation's second-largest federal worker union, the National Treasury Employees Union, said the union "is very concerned" about the breach. "Data security, particularly in an era of rising incidence of identity theft, is a critically important matter," President Colleen Kelley said.
"It is vital to know as soon as possible the extent to which, if any, personal information may have been obtained so that affected employees can be notified promptly and encouraged to take all possible steps to protect themselves from financial or other risks," she said.
Former special forces commander Prabowo to take up Indonesian presidency
Indonesia's Prabowo Subianto will take over as president of the world's third-largest democracy after sweeping the country's election with policies like free meals for school children
Who is Prabowo Subianto, incoming president of Indonesia?
A wealthy ex-general with ties to Indonesia's popular outgoing president and its dictatorial past, looks set to be its next leader.
Trump says he would impose tariffs on China if China went into Taiwan
Republican presidential candidate Donald Trump said he would impose additional tariffs on China if China were to "go into Taiwan,"
Iran's supreme leader says Hamas leader's death will not halt 'Axis of Resistance'
The "Axis of Resistance", built up with years of Iranian support, includes Hamas, the Lebanese Hezbollah group, the Houthi movement in Yemen, and various Shi'ite groups in Iraq and Syria.
Putin says Russia willing to seek compromises between Iran and Israel
Russia is ready to help seek compromises between arch-foes Israel and Iran, President Vladimir Putin said on Friday, saying these would be difficult but possible.
What proposals will Russia push at the BRICS summit?
The proposal is also to establish a BRICS reinsurance company to allow uninterrupted shipment of goods and key commodities between members.
Indonesia's free meals plan in the spotlight as Prabowo readies for office
Prabowo calls the programme one of the main drivers of economic growth, eventually set to add an estimated 2.5 million jobs.
Astro AWANI's revamped English news website, AWANI International, launches on Oct 21
Astro AWANI's revamped English platform delivers in-depth global news and expert analysis to keep you informed on key developments.
Israeli strikes kill 33 people in Jabalia refugee camp in Gaza, medics say
Residents of Jabalia said Israeli tanks had reached the heart of the camp after pushing through suburbs and residential districts.
Liam Payne's ex-partner calls for media restraint after 'painful' death
Cheryl Tweedy used her statement to urge the media to remember they had a seven-year-old son, Bear, who could read the reports.
Analysts: Indonesia's strong MoF leadership team to boost investor confidence
Sri Mulyani Indrawati as head of Indonesia's Ministry of Finance is expected to instil confidence among investors.
Biden offers both a carrot and a stick to Israel as his term nears an end
Israel has frequently resisted US advice and has caused political difficulties for the Biden administration.
Putin says BRICS will generate most of global economic growth
Russian President Vladimir Putin will host a summit of the group in the city of Kazan on Oct. 22-24.
ISIS Malaysia's perspective of Budget 2025
An excellent rakyat-centric budget under the overarching principle of a caring and humane economy.
Budget 2025: Record increase in STR, SARA aid initiatives
The government will provide a significant boost to the Sumbangan Tunai Rahmah (STR) and Sumbangan Asas Rahmah (SARA) initiatives next year.
Budget 2025: EPF contributions to be made mandatory for foreign workers – PM Anwar
The government plans to make it compulsory for all non-citizen workers to contribute to the Employees Provident Fund (EPF).
What policies to expect from Indonesia's new President Prabowo
Prabowo will be open to foreign investment, his aide has said, such as by offering investors management of airports and sea ports.
Budget 2025: Govt allocates RM470 mil to empower women's participation in PMKS
The Women's Leadership Apprenticeship Program will be intensified as an effort to produce more female corporate personalities.
Israel sends more troops into north Gaza, deepens raid
Residents of Jabalia in northern Gaza said Israeli tanks had reached the heart of the camp, using heavy air and ground fire.
Indonesia ramps up security ahead of Prabowo's inauguration
Prabowo Subianto will be sworn in as Indonesia's president on Sunday with Vice President-elect, Gibran Rakabuming Raka, also taking office.