23 June 2015

CHINESE HACKERS HAD A YEAR TO ACCESS OPM SECURITY CLEARANCE SYSTEM

20 Jun 2015

The bombshells just keep coming in the Office of Personnel Management’s hack, which is bidding to eclipse Obamacare’s launch as the most stunning example of Big Government incompetence in the Information Age. The latest bad news is that Chinese hackers had a full year to rummage around inside the OPM’s security clearance system–plenty of time to take just about anything they wanted.

The considerable lag time between breach and discovery means that the adversary had more time to pull off a cyber-heist of consequence, said Stewart Baker, a former National Security Agency general counsel.

“The longer you have to exfiltrate the data, the more you can take,” he said. “If you’ve got a year to map the network, to look at the file structures, to consult with experts and then go in and pack up stuff, you’re not going to miss the most valuable files.”

“This is some of the most sensitive non-classified information I could imagine the Chinese getting access to,” said Baker, who also is a former senior policy official in the Department of Homeland Security.

Later in the article, we learn this was China’s second attempt to penetrate the security clearance system in 2014. The first attempt was thwarted, according to OPM, but “the agency was not able to prevent a different group of Chinese government hackers from successfully penetrating the same network a few months later, said officials with knowledge of the probe.”

The two groups of hackers were supposedly distinguished by their “tactics and techniques.” Given what we learned earlier this week, one of the distinctive tactics of the second, successful cyber-espionage team might have been using valid names and passwords to waltz right into the system.

Reuters has some more on the successful data thieves:

The Chinese hacking group suspected of stealing sensitive information about millions of current and former U.S. government employees has a different mission and organizational structure than the military hackers who have been accused of other U.S. data breaches, according to people familiar with the matter.

These sources say the well-known cyber-war unit of the Chinese People’s Liberation Army “typically goes after defense and trade secrets,” while the team that hit OPM “has repeatedly accessed data that could be useful to Chinese counter-intelligence and internal stability.” They may be associated with China’s Ministry of State Security.

A major repercussion of the data breach will be the loss of confidence and trust within government agencies, a particularly acute problem for the intelligence community, which will have a difficult time determining which government employees, contractors, and foreign contacts have been compromised. Along those lines, Business Insider reports that “U.S. citizens are losing trust in their government’s security posture as more details arise.”

“Worse, federal employees are worried about their safety, given that China allegedly heisted millions of their personal documents from a thought-to-be-safe server,” BI continues.

A painful example of this came when OPM tried to send “vital information to its hundreds of thousands of employees, and many mistook these emails for malicious phishing campaigns.” More specifically, it was an email offering credit monitoring services to federal employees, containing a suspicious-looking link to a non-governmental website, a link that would have broken OPM protocols and cyber-security training before the massive data breach took place.

That is a sadly predictable consequence of such a massive security failure. It is not at all unreasonable to contemplate OPM mail in your inbox and wonder if it is actually a virus-saturated spear-phishing email from the People’s Republic of Plausibly Deniable Espionage. By now, most people potentially affected by the hack have probably heard security experts talk about how the stolen data would likely be used for further hacking attacks. They know the worst could be yet to come … and the news about what already happened gets worse with every passing day.

No comments: