China Hacks Data on 4 Million U.S. Government Workers and Retirees
'We should be very clear: China is at virtual war with the United States'
June 6, 2015Business Insider - Last month's massive breach of federal employees' data allegedly at the hands of Chinese hackers, made public Thursday, indicates a treacherous new reality in the global cyber game.
"It's very serious indeed," geopolitical expert Ian Bremmer, the founder of Eurasia Group, told Business Insider.The Obama administration has refrained from making any official statements about China's role in the attack on the Office of Personnel Management, since it is still so difficult to trace a data breach back to its original source.
"China's offensive cyber capabilities have consistently surprised the United States in terms of breadth and sophistication of attacks.
"The latest attacks revealed yesterday show millions of existing and former US government employees with their private data now in the hands of the Chinese state."
An unnamed official told Reuters that information taken includes security clearance information and background checks going back decades.
"This is deep. The data goes back to 1985," the official said. "This means that they potentially have information about retirees, and they could know what they did after leaving government."
Reuters notes that the Office of Personnel Management "conducts more than 90% of all federal background investigations, including those required by the Department of Defense and 100 other federal agencies."
The data includes details about the private lives of more than 4 million US government workers. These federal employees "are the people who hold US secrets," national security expert Douglas Ollivant explained to Business Insider, referring to the employees' varying levels of government security clearance.
"And now the hackers likely have access to blackmail-able levels of information, such as the employees' passports, Social Security numbers, history of drug use or psychological counseling, foreign contacts, etc."Whether the attack was state-sponsored remains to be seen, but few doubt that the stolen personnel data will ultimately end up in the hands of the Chinese government.
"This is a really big deal," Ollivant added. "Some might consider it an act of war."Further, the alleged hack is part of Beijing's evolving cyber-espionage operation.
"Having a large database of personal information on key individuals that have access to critical infrastructure or classified information gives China an advantage in whatever agenda they have," Mark Wuergler, a senior cybersecurity researcher at Immunity Inc., told Business Insider.
"By breaking into one organization it points in the direction of the next juicy target to siphon data from, or add to, an arsenal of leverage over a superpower," Wuergler said.The Chinese are masters of the long game, Wuergler added, and Chinese hackers have been known to infiltrate servers and maintain their access for a year or more to quietly spy on their targets.
"They are really good at what they do, and when they break into something it's not just smash and grab," Wuergler said, noting that hackers in the OPM network had been there for months before they were even detected.According to Wuergler, a "complete overhaul" of the network and systems we use today would be needed to deter attacks like this in the future.
As Bremmer sees it, however, such efforts at deterrence would be largely futile given China's determination to remain embedded in American networks.
"There's no effective defense against these attacks and, as we've seen, there's also no effective deterrence," he said. "China isn't trying to engage in 'integrity' attacks against the US — they don't want to destroy American institutions and architecture as, after all, they're hugely invested in American economic success."That said, Bremmer added:
"We should be very clear: China is at virtual war with the United States, and the threat is far higher than that of terrorism, which gets the lion's share of attention — and, in the post-9/11 world, funding."
No comments:
Post a Comment