Posted on Jun 21, 2015
GySgt Wayne A. Ekblad
2.75K
12
7
4
4
0
Ed85ca0d
For more than five years, American intelligence agencies followed several groups of Chinese hackers who were systematically draining information from defense contractors, energy firms and electronics makers, their targets shifting to fit Beijing’s latest economic priorities.

But last summer, officials lost the trail as some of the hackers changed focus again, burrowing deep into United States government computer systems that contain vast troves of personnel data, according to American officials briefed on a federal investigation into the attack and private security experts.

Undetected for nearly a year, the Chinese intruders executed a sophisticated attack that gave them “administrator privileges” into the computer networks at the Office of Personnel Management, mimicking the credentials of people who run the agency’s systems, two senior administration officials said. The hackers began siphoning out a rush of data after constructing what amounted to an electronic pipeline that led back to China, investigators told Congress last week in classified briefings.

Much of the personnel data had been stored in the lightly protected systems of the Department of the Interior, because it had cheap, available space for digital data storage. The hackers’ ultimate target: the one million or so federal employees and contractors who have filled out a form known as SF-86, which is stored in a different computer bank and details personal, financial and medical histories for anyone seeking a security clearance.

“This was classic espionage, just on a scale we’ve never seen before from a traditional adversary,” one senior administration official said. “And it’s not a satisfactory answer to say, ‘We found it and stopped it,’ when we should have seen it coming years ago.”

http://www.msn.com/en-us/news/us/attack-gave-chinese-hackers-privileged-access-to-us-systems/ar-AAbTypk
Edited >1 y ago
Avatar feed
Responses: 7
PO1 John Miller
2
2
0
Is it really that difficult to encrypt a database containing sensitive information? NO IT ISN'T! WHY ISN'T OPM DOING THAT ALREADY???
(2)
Comment
(0)
Avatar small
SSG Sr Security Analyst
2
2
0
I've said it a million times and I'll say it again. The government and DoD say that cyber security is a top priority but we're not seeing those words turn into action. Lack of money, lack of expertise, lack of training, lack of persistence. Cyber security is not a sprint, it's a marathon. It takes a lot of work and a lot resources to properly establish a layered defense that will effectively deter or slow down these APTs (advanced persistent threats). DOD must prop cyber security up there with SHARP if they want to start making a dent.
(2)
Comment
(0)
Avatar small
PO2 Skip Kirkwood
1
1
0
Why? Because we don't take things like this seriously; we spend tons of money on stuff that we DON'T need (weapons systems that the services don't want but Congress wants made in their district), while ignoring things that we really DO need.

We don't have "policy" being made by Congress, we have "pork trading" and deal making going on instead.

A pox on all of their houses!
(1)
Comment
(0)
Avatar small

Join nearly 2 million former and current members of the US military, just like you.

close