Massive hack of federal gov't spurs critical concerns

Jun 5, 2015 4:54 PM by CBS/AP

WASHINGTON -- China-based hackers are suspected of breaking into the computer networks of the U.S. government personnel office and stealing identifying information of at least 4 million current and former federal workers, American officials said.

There is concern that some of the information that was tapped could be used to aid the espionage operations of China, which quickly emerged as the likely source of the hack, reports CBS News chief White House correspondent Major Garrett.

The Department of Homeland Security said Thursday in a statement that data from the Office of Personnel Management -- the human resources department for the federal government -- and the Interior Department had been compromised.

"The FBI is conducting an investigation to identify how and why this occurred," the statement said.

Cyber security experts believe the hack of the OPM system bears similarities to the hack of Anthem Health earlier this year. Both appear to be data-mining hacks as opposed to a search for financial information. Both trails lead back to China.

On "CBS This Morning" Friday, the former head of the FBI's cybersecurity branch said that based on the data collected, it would not surprise him if China was to blame.

"It's indicative of collecting intelligence that would allow them to have some added value as they target human beings in the future, trying to collect information, perhaps trying to penetrate U.S. government agencies," Shawn Henry said.

A U.S. official who declined to be named because he was not authorized to publicly discuss the data breach told The Associated Press the breach could potentially affect every federal agency.

The hackers were believed to be based in China, said Sen. Susan Collins, a Maine Republican.

Collins, a member of the Senate intelligence committee, said the breach was "yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances."

Garrett reports Chinese hackers are seen as the most likely culprit based on the malware and tactics that were used. But U.S. officials insist this isn't as clear-cut a case as the direct attribution, from no less than President Obama, of North Korea being blamed for the hack of Sony Studios late last year.

Beijing says any allegations China was involved are irresponsible and unscientific.

Chinese Foreign Ministry spokesman Hong Lei made the comments Friday at a regular news briefing.

A spokesman for the Chinese Embassy in Washington called such accusations "not responsible and counterproductive."

"Cyberattacks conducted across countries are hard to track and therefore the source of attacks is difficult to identify," spokesman Zhu Haiquan said Thursday night. He added that hacking can "only be addressed by international cooperation based on mutual trust and mutual respect."

The Office of Personnel Management is the human resources department for the federal government, and it conducts background checks for security clearances. The OPM conducts more than 90 percent of federal background investigations, according to its website.

CBS Radio News correspondent Dan Raviv notes that CIA employees are in a separate database, one that's not part of the OPM.

Correspondent Garrett points out that initial suggestions that the hackers did not access information relevant to background and security clearance investigations may not be true. U.S. officials tell Garrett that information may well have been accessed.

The "EINSTEIN" system, the best current government cyberdefense software system, is not deployed across all government agencies, meaning vulnerabilities remain, Garrett reports.

Chinese hackers -- either from the government or indirectly working with or on behalf of the government -- have a history of seeking information from U.S. government databases that helps them develop profiles that make their spies harder to detect, Garrett reports.

That means the real goal of Chinese hackers could be to learn what personnel and security profiles on federal employees look life, so their spies could appear more legitimate. In other words, cyberpenetration is typically about providing Chinese hackers the means to help Chinese spies look more like benign operators in the U.S.

At this stage, there is no absolute proof this was the goal of the most recent hack, but it is the current working theory, Garrett reports.

EINSTEIN is in its third iteration. ‎The original plan was to have EINSTEIN 3 across all federal government agencies by 2018, but the DHS has stepped up the pace to increase cybersecurity. The current phase has EINSTEIN 3 working in 13 federal departments and agencies, covering roughly half the federal workforce. The current plan is to have it installed throughout all federal agencies and systems by 2016.

"This is an attack against the nation," said Ken Ammon, chief strategy officer of Xceedium, who said the attack fit the pattern of those carried out by nation states for the purpose of espionage. The information stolen could be used to impersonate or blackmail federal employees with access to sensitive information, he said.

The OPM said it is offering credit monitoring and identity theft insurance for 18 months to individuals potentially affected. The National Treasury Employees Union, which represents workers in 31 federal agencies, said it is encouraging members to sign up for the monitoring as soon as possible.

In November, a former DHS contractor disclosed another cyberbreach that compromised the private files of more than 25,000 DHS workers and thousands of other federal employees.

Cybersecurity experts also noted that the OPM was targeted a year ago in a cyberattack that was suspected of originating in China. In that case, authorities reported no personal information was stolen.

One expert said it's possible that hackers could use information from government personnel files for financial gain. In a recent case disclosed by the IRS, hackers appear to have obtained tax return information by posing as taxpayers, using personal information gleaned from previous commercial breaches, said Rick Holland, an information security analyst at Forrester Research.

"Given what OPM does around security clearances, and the level of detail they acquire when doing these investigations, both on the subjects of the investigations and their contacts and references, it would be a vast amount of information," Holland added.

DHS said its EINSTEIN identified the hack of OPM's systems and the Interior Department's data center, which is shared by other federal agencies.

It was unclear why the EINSTEIN system didn't detect the breach until after so many records had been copied and removed.

"DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion," the statement said.

Cybersecurity expert Morgan Wright, of the Center for Digital Government, an advisory institute, said EINSTEIN "certainly appears to be a failure at this point. The government would be better off outsourcing their security to the private sector where's there at least some accountability."

Rep. Adam Schiff, ranking Democrat on the House intelligence committee, called the hack "shocking, because Americans may expect that federal computer networks are maintained with state of the art defenses."

Ammon said federal agencies are rushing to install two-factor authentication with smart cards, a system designed to make it harder for intruders to access networks. But implementing that technology takes time.

Senate Intelligence Committee Chairman Richard Burr, R-N.C., said the government must overhaul its cybersecurity defenses. "Our response to these attacks can no longer simply be notifying people after their personal information has been stolen," he said. "We must start to prevent these breaches in the first place."

© 2015 CBS Interactive Inc. All Rights Reserved.


Most Popular