Chinese Cyberattack Steals Data On 4 Million Federal Workers

[jimmy olsen]

I hope we're responding in kind 

http://edition.cnn.com/2015/06/04/politics/federal-agency-hacked-personnel-management/index.html

Cyberattack compromises government workers


By Kevin Liptak and Theodore Schleifer, CNN


Updated 0203 GMT (0903 HKT) June 5, 2015

Washington (CNN)—Four million current and former federal employees may have had their personal information hacked, the Office of Personnel Management said on Thursday.

The agency, which is conducts background checks, warned it was urging potential victims to monitor their financial statements and obtain new credit reports.

U.S. officials believe this could be the biggest breach ever of the government's computer networks.

The breach is beyond the Office of Personnel Management and Department of Interior, with nearly every federal government agency hit by the hackers, government officials said.

An assessment continues and it is possible millions more government employees may be impacted.

American investigators believe they can trace the breach to the Chinese government. Hackers working for the Chinese military are believed to be compiling a massive database of Americans, intelligence officials told CNN on Thursday night.
It is not clear what the purpose of the database is.

Employees of the legislative and judicial branches, and uniformed military personnel, were not affected.

There are currently 2.7 million federal executive branch employees -- it's unclear if this affected every single one (plus former employees), or only a portion.

The federal personnel office learned of the data breach after it began to toughen its cybersecurity defense system. When it discovered malicious activity, authorities used a detection system called EINSTEIN to eventually unearth the information breach in April 2015, the Department of Homeland Security said. A month later, the federal agency learned sensitive data had been compromised.

The federal agency learned of the breach in April 2015, the Department of Homeland Security said in a statement Thursday. A month later, the federal agency learned data had been compromised.

The FBI is now investigating what exactly led to the breach.

"We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace," the FBI said in a statement.

The federal personnel office said "personally identifiable information" had been breached, though didn't name who might be responsible.

The Washington Post and Wall Street Journal first reported Thursday that Chinese hackers were responsible for the breach.

Senate Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wisconsin, called the breach "disturbing" and said the Office of Personnel Management needs to do a better job securing its information.

"It is disturbing to learn that hackers could have sensitive personal information on a huge number of current and former federal employees -- and, if media reports are correct, that information could be in the hands of China," Johnson said in a statement. "(The office) says it 'has undertaken an aggressive effort to update its cybersecurity posture.' Plainly, it must do a better job, especially given the sensitive nature of the information it holds."

California Rep. Adam Schiff, the top Democrat on the House Intelligence Committee, said hackers are one of the "greatest challenges we face on a daily bases."

"It's clear that a substantial improvement in our cyber databases and defenses is perilously overdue," Schiff said in a statement. "That's why the House moved forward on cybersecurity legislation earlier this year, and it's my hope that this latest incident will spur the Senate to action."

Russia is believed to have been responsible for a separate data breach earlier this week that made 100,000 Americans' tax returns vulnerable to criminals, when the Internal Revenue Service was attacked.

[11B4V]

FUCKING AWESOME

[Razgovory]

Someone warned us about this.

[LaCroix]

American investigators believe they can trace the breach to the Chinese government. Hackers working for the Chinese military are believed to be compiling a massive database of Americans, intelligence officials told CNN on Thursday night.
It is not clear what the purpose of the database is.

doesn't seem that bad if it's in the hands of the chinese government. with private hackers, there'd be a strong chance social security numbers and credit card info (if those were even seized) would be exploited for personal harm. with the chinese government, there's merely a chance the info is exploited. and there's going to be a massive improvement of security after this, so it might lead to a positive consequence. 

[Eddie Teach]

doesn't seem that bad if it's in the hands of the chinese government. with private hackers, there'd be a strong chance social security numbers and credit card info (if those were even seized) would be exploited for personal harm. with the chinese government, there's merely a chance the info is exploited. and there's going to be a massive improvement of security after this, so it might lead to a positive consequence. 

[The Brain]

On the plus side public sector unions have made sure that only 2 million of them actually work.

[Admiral Yi]

Federal workers can't unionize. 

[Grey Fox]

Looking for potential personel to turn into spying for them.

[MadImmortalMan]

Looking for potential personel to turn into spying for them.

Or blackmail into it.

[11B4V]

Federal workers can't unionize. 

I think that is a wrong statement. CBU workers cannot strike due to a no strike clause in the CBA's. There are unions in the federal government, International Association of Machinists & Aerospace Workers is an example of one of the big ones at PSNS.

Besides the Police union just finish negotiating their latest contract. So, I know your statement is incorrect.

Here's an example of a CBA
http://www.sddod-fop.org/assets/files/20131111El%20Centro%20CBA.pdf

[Admiral Yi]

Kay

[Tonitrus]

Looking for potential personel to turn into spying for them.

Or blackmail into it.

Pr0n records would work better than personnel records for that.

[HisMajestyBOB]

Jesus
http://www.politico.com/story/2015/06/hackers-federal-employees-security-background-checks-118954.html?hp=t2_r

Hackers have breached a database containing a wealth of sensitive information from federal employees' security background checks, the Obama administration said Friday — news that experts say could deal a devastating blow to U.S. intelligence gathering.

The revelations came just a week after officials disclosed a previous massive cyber intrusion into the same federal personnel office, compromising records of more than 4 million current and past employees in a breach that administration officials have privately blamed on Chinese hackers.

The stolen records in the hack disclosed Friday included data on intelligence and military personnel, The Associated Press reported. A senior administration official would not confirm that information but confirmed that the breach occurred at the Office of Personnel Management.

The hackers are believed to have obtained data from a security intake form known as a Standard Form-86, which includes details such as financial trouble, past convictions, drug use and close relationships with citizens of other countries. The form is used for background checks of current, former and prospective federal employees.

"This is crown jewels material ... a gold mine for a foreign intelligence service," said Joel Brenner, a former NSA senior counsel.

The SF-86 breach could have dire consequences for U.S. intelligence gathering, former officials said, noting that it would make it extremely difficult for anyone inside the database to ever work in a covert capacity. For example, that would include someone employed by the State or Agriculture departments who gathers intelligence for the Defense Intelligence Agency.

"This is not the end of American human intelligence, but it's a significant blow," Brenner said.

As of October, 4.5 million Americans were cleared for access to classified information, including approximately a million contractors.

And because the SF-86s are stored in an indexed database, that database could also be combed for secrets, said Robert Caruso, a former Navy special security officer who has worked in security at the State and Defense departments. For example, Chinese agents could search the database for instances when agents with NSA covers were in the same place at the same time and make reasonable deductions about what they were doing there.

Brenner and Caruso both said it's likely that clearance forms from the Defense Department and its related intelligence agencies, including NSA and the Defense Intelligence Agency, could be accessed through OPM. It's much less likely that CIA employee clearance information was accessed that way because the CIA has traditionally insisted on managing its own personnel information.

"CIA refuses to put its people's information in with OPM, and of course they're right," Brenner said. One lesson to draw from the breach, he said, is that "any serious clandestine agency has to be in charge of its own personnel information. Full stop."

Investigators became aware of this second breach of the OPM's systems as they pursued a previously disclosed breach into an unencrypted system holding personnel files of as many as 4.2 million current and past federal employees. That information included Social Security numbers, as well as names, addresses, pay grades, personnel actions and pension, insurance and health plan details.

The administration official said the relevant federal agencies received notification of the latest hack on Monday. "We expect OPM will conduct additional notifications as necessary," the official said in a statement.

Administration officials have said privately that signs point to the first hack having originated in China, and security experts have said it appeared to be part of a Chinese effort to build dossiers on federal employees who might be approached later for espionage purposes.

Friday's new revelations appeared to back up that theory.

The SF-86 "gives you any kind of information that might be a threat to [the employees'] security clearance," said Jeff Neal, a former Department of Homeland Security official and a senior vice president at ICF International. "It's really a personal document."

It's likely that the hackers are building a database on federal employees to "make it easier for them to try to pick off people that they want," he added, saying most Americans who end up spying for foreign governments are motivated by money. With the security clearance data, plus the data from their earlier OPM hack, the attackers can compile lists of attractive and vulnerable intelligence targets.

Previously revealed data breaches at U.S. health insurance companies, which have also been attributed to Chinese state actors, only compound the accuracy of such a database, Neal said. "They can basically build a large record on federal employees."

One federal cybersecurity official said the stolen data go beyond just the information on the employees themselves.

"They got more than just your security form," the official said, speaking on condition of background. "They got the supporting documentation."

Attackers also have information not just on federal employees with security clearances, but also any contact information that those cleared personnel entered into the form. "How deep is the personally identifying information on the other people, I don't know," the official said. "It might just be their contact information, and I think that's what [investigators are] trying to find out."

The disclosures add concern about employees being blackmailed or co-opted by foreign governments, former officials said.

Security clearance investigations, by their very nature, expose people's darkest secrets — the things a foreign government might use to blackmail or compromise them such as drug and alcohol abuse, legal and financial troubles and romantic entanglements.

The best solution at this point, former officials said, may be what the government has already begun to do — drastically ramping up the government's network defenses, both to prevent additional breaches from abroad and to more readily spot mischief by co-opted employees.

There may also be calls to further expand "insider threat" detection efforts, Caruso suggested.

Since the Chelsea Manning and Edward Snowden leaks that disclosed a wealth of classified data, the Defense Department and intelligence agencies have put increased emphasis on programs to continuously monitor some employees' computer activity to spot anomalies — such as a China analyst accessing documents on Iran after hours. On a smaller scale, they've also ramped up "continuous evaluation programs," which monitor public databases to turn up information suggesting added stress or abnormal behavior, such as financial troubles or an unreported drunken driving arrest.

Also on Friday, the White House announced a "30-day Cybersecurity Sprint" in which the administration is instructing agencies to take actions such as testing their networks' vulnerabilities, patching weaknesses, restricting the number of privileged user accounts and "dramatically" ramping up the use of so-called multifactor authentication, which goes beyond requiring people to use passwords. In addition, a "Cybersecurity Sprint Team" will engage in a 30-day review of federal cyber efforts.

Read more: http://www.politico.com/story/2015/06/hackers-federal-employees-security-background-checks-118954.html#ixzz3cuUUv1B2

[Camerus]

Either the USA will eventually decide to bring significant consequences / deterrence against the Chinese for hacking, or this will simply be the new normal - on both sides.  In the age of cyber-warfare, the old patterns of espionage (denial and secret counter attacks largely hidden from the public eye) are probably no longer useful or relevant, given both the high stakes and the extremely public nature of attacks.

[DGuller]

Well, this has definitely been the Pearl Harbor of cyber warfare.  Fingers crossed that it works out for Chinese as well as the real Pearl Harbor worked out for Japanese.  I also wonder if Chinese will share some of what they found with Russia, a country that is much more openly hostile to US.