UNITED24 - Make a charitable donation in support of Ukraine!

Homeland Security

Chinese Hackers Break Into US Federal Worker Database

by William Gallo, William Ide June 05, 2015

U.S authorities are investigating a massive cyber attack by alleged Chinese hackers on the federal agency responsible for collecting background information on, and issuing security clearances for millions of government employees.

The Office of Personnel Management (OPM) said Thursday as many as 4 million current and former federal employees may have been affected, in what is the most extensive breach of government personnel data in years.

Samuel Schumach, OPM press secretary, told VOA Friday the personnel agency became aware of an intrusion in April 2015.

Schumach said OPM alerted the Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) "as quickly as possible' to assess the extent of the activity and to identify the records that may have been compromised.

​​'During the investigation, OPM became aware of potentially compromised data in May 2015,' he said, adding, "With any such event, it takes time to conduct a thorough investigation, and identify the affected individuals.'

Schumach noted the investigation is ongoing and could reveal additional exposure of federal workers.

"If that occurs, OPM will conduct additional notifications as necessary. Protecting the integrity of the information entrusted to the Office of Personnel Management is the agency's highest priority," he told VOA in an email.

Law enforcement officials said they believe China-based hackers, possibly with links to the Chinese government, were behind the attack.

China's Foreign Ministry spokesman Hong Lei called the accusations irresponsible and noted that such charges had been raised frequently in recent weeks. He also repeated China's complaint that it, too, is a victim of cyber attacks.

'Cyber attacks are generally anonymous and conducted across borders and their origins are hard to trace,' Hong told reporters Friday at a regular briefing. 'Not to carry out a deep investigation and keep using words such as 'possible' is irresponsible and unscientific.'

Hong said that what is needed is more trust and cooperation, adding that Beijing was willing to work together with the international community to address the problem.

OPM a 'high value' target

As the human resources office of the U.S. federal government, OPM is seen as a high-value hacking target. Its computers store sensitive employee information such as social security numbers, payroll data, job descriptions, performance reviews and family information.

​​Schumach told VOA information taken in the data breach included personnel folder data, such as employee names, social security numbers, addresses and job assignments.

He added that, at this time, 'We have no evidence that there has been any use or attempted use of the information compromised in this incident.'

Such information could be of value either to criminals, who could sell the data for financial gain, or to state-sponsored hackers motivated by nationalistic concerns, said Rob Pritchard, a cyber security specialist at the Royal United Services Institute.

'Not only do they now know who works in which government department, they also know something about them so they start to craft really good phishing emails which will get them to click on a link or open an attachment,' he told VOA.

OPM, which said it detected the security breach in April before it took what it calls an 'aggressive effort' to implement tougher controls, said the Federal Bureau of Investigation and Department of Homeland Security are working to determine the full extent of the damage.

The FBI said it takes all threats to public and private sector cyber systems seriously and will hold those who make such threats accountable.

It is not clear if specific government employees were targeted, or if the hackers simply swept up large amounts of employee data for later use. Officials would also not say what type of information was accessed or stolen.

OPM said it would notify all current and ex-federal employees whose information may have been compromised.

According to the OPM website, notifications of current and retired employees will take place June 8-19. The agency will offer those workers access to credit reports and monitoring, and identity theft recovery services at no cost.

Challenge to US-China ties

The growing problem of cyber threats and attacks is one of the biggest challenges China and the United States face.

The challenge was complicated in recent years by former National Security Agency contractor Edward Snowden's disclosure of Washington's extensive surveillance activities on the Internet and global telephone networks. In the years since, China has been accused of persistent attacks on U.S. companies.

Renmin University political scientist Shi Yinhong said that although the United States and China at one point had been making some progress in talks over cyber security, that is no longer the case.

A joint U.S.-China cyber working group was established in 2013, but talks have been suspended since last year, after the U.S. Department of Justice indicted five People's Liberation Army officers on cyber-espionage charges, accusing them of stealing trade secrets from several large American nuclear, metal and solar companies.

"Since then there has been no government to government negotiations or even dialogue on the issue," Shi said.

US lawmakers react

The top Democrat on the House Intelligence Committee, California's Adam Schiff, said the OPM attack is most shocking 'because Americans may expect that federal computer networks are maintained with state of the art defenses.'

'It's clear a substantial improvement in our cyber databases & defenses is perilously overdue,' he said.

​​U.S. Senator Susan Collins, a Republican and a member of Senate Intelligence Committee, said the data breach amounted to a foreign power seeking information on U.S. employees who have security clearances for access to sensitive information.

Collins told ABC News from the information she has received, the attack was very sophisticated and bears the hallmark of either China, Russia or Iran.

Cyber security specialist Pritchard said the attack 'demonstrates that for all the money the government is spending on cyber security they're still not getting it right.'

Other attacks

The OPM cyber attack may be the biggest, but is not the first time hackers gained access to federal government computer systems.

Unclassified computers at the White House and State Department have been hit. Some of the databases at OPM were struck by hackers nearly a year ago. And Twitter and YouTube accounts of the U.S. central military command were struck earlier this year.

The Internal Revenue Service, which is responsible for tax collection, said last month that hackers stole information on 100,000 U.S. taxpayers.

Cyber warriors have also attacked such commercial giants as the Sony Pictures movie studio, Target and Home Depot stores, the EBay on-line auction site and JP Morgan Chase bank.

Some of the attacks have been blamed on North Korea, Russia and China. Experts said China has shown a particular willingness to get its hands on U.S. industrial and trade secrets.

Mia Bush contributed to this report.

Join the GlobalSecurity.org mailing list