China Hacks Federal Employee Records

China Hack Photo composition by Thursday Review

Photo composition by Thursday Review

China Hacks Federal Employee Records
| published June 5, 2015 |

By Keith H. Roberts Thursday Review contributor

For at least the second time in one year U.S. security experts say that hackers with direct links to China have breached U.S. government websites and taken critical data, this time the personal information of more than four million current and former federal employees. The data was stolen from the Office of Personnel Management.

Rumors of the attack began early in May, but the scope and severity of the data breach was not confirmed until this week. The FBI and the U.S. Department of Homeland Security have each issued statements describing the attack as the work of China, though U.S. officials are reluctant to pin the blame on official Chinese military and cyber operatives, or on rogue criminal elements based within China.

In either case, some in Congress want the cyber-attack to be characterized as an act of war. U.S. Senator Susan Collins (R-Maine) said that the recent attack is “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”

On Friday, government officials confirmed that some of the employee information in the purloined files dates back decades, possibly to the middle 1980s. This means that the personal information included in security and background checks from 30 years ago may now be in the hands of Chinese hackers. Much of the highly secure information was once in analog form, but almost all had been converted in recent years into electronic files to make accessing the data faster when detailed employee records needed to be made available.

The White House and the Office of Personnel Management (OPM) say that those former and current employees whose personal information may have been stolen will be contacted next week, though it is not clear just how long it will take for the government to alert all 4.1 million people affected by the breach. Many of the files stolen would be of former federal workers and military personnel, long since retired.

The cyber-attack does not affect all current or former government employees, but it does impact millions. Government employees who require any form of security clearance or those federal employees placed in highly sensitive roles are subjected to a background check, generally conducted by the Office of Personnel Management, which is also charged with collating, maintaining and storing that employee data. The OPM will inform employees whose records were impacted that it will provide credit monitoring and identity theft counter measures beginning immediately.

Security experts are divided over the ramifications of the attack. Some consider the attack evidence that China is seeking to gain leverage with federal workers—or their family members—in the U.S., presumably for the purposes of blackmail or coercion. Such an attack on the OPM database would yield detailed information about a government employee’s past life, especially if a full background check was conducted. Chinese operatives could then use derogatory information or private data to leverage political or military favors.

But other analysts suggest that the attack may have been merely a garden variety attempt to gain as much information as possible for the purposes of identity theft or to syphon funds from bank accounts. A recent analysis shows that more than half of all counterfeit tax returns involve money which is traced overseas, typically to hackers posing as American taxpayers. Some cyber security analysts suggest that since much of the stolen data is the personal information of former federal workers and retired military personnel, the problem of fake tax returns could, in theory, grow exponentially over the next year or two as hackers sell—or use—the legitimate information for filing taxes.

U.S. officials with several agencies have confirmed that the source of the attack was the People’s Republic of China, a country known to have probed, tested and occasionally successfully gained access to critical data in the past. But neither the FBI nor the White House were quick characterize the cyber-attack as a state-sponsored act.

China has nevertheless made its position clear: it says that no member of its military or its intelligence agencies were responsible for the data breach. In fact Beijing called the U.S. claim that China was involved irresponsible, and urged the United States to consider international trust and cooperation as the appropriate course of action. U.S. analysts shrugged off China’s denial, pointing out that China has never acknowledged its participation in previous data breaches and hacks, despite sometimes hard evidence that the source of the attacks were inside China.

The recent attack on the Office of Personnel Management database comes only months after it was revealed that Chinese hackers may have stolen the personnel files of as many as 25,000 employees of the U.S. Department of Homeland Security. And the May attack is the second time that Chinese hackers have attempted to breach the walls at OPM. Last year a similar attack was launched—but failed—and as a result no personal information was ever at risk. But some in Congress want to know why, after that first attack, security measures were not quickly stepped up.

China has been linked to previous cyber-attacks in the United States, including a penetration of the computer network of Anthem Healthcare, a major hospital chain which operates hundreds of medium-sized hospitals in dozens of states. The hackers gained access to the financial records of thousands of patients and former patients, including names, addresses, phone numbers, birthdates, and payment methods and debit card information.

Last year, hackers in North Korea seized control of the computer system at Sony Pictures Entertainment, commandeering the network and its hundreds of computers, stealing financial records and legal documents, collecting the personal information of thousands of employees—including actors, directors and producers—and even stealing high quality digital copies of entire movies. The cost to Sony may never be fully known, but some business analysts suggest it could run into the hundreds of millions of dollars.

Related Thursday Review articles:

Taxpayer Information Stolen From IRS Website; Keith H. Roberts; Thursday Review; May 27, 2015.

Russians May Have Been Behind White House Cyber-Attack; Thursday Review; April 8, 2015.