Last March, an unknown group of Chinese hackers successfully penetrated the systems of the United States Office of Personnel Management, stealing the details and information of thousands of government employees in one of the greatest losses of publicly held data to date.
It’s still unclear how the attackers got in, and so far the United States government doesn’t seem too enthusiastic to reveal information about their attack path either.
Contained within these files include thousands of government employees’ intimate personal details, including foreign contacts, background checks, and even whether or not they had used drugs in the past.
In response to the attacks, the Department of Homeland Security has issued a statement claiming that while they aren’t sure of the exact extent of the breach, they were confident much of the data lifted out of their systems would hold up under any decryption efforts the Chinese may attempt to exert while cracking into the treasure trove they’d acquired.
“The administration has never advocated that all intrusions be made public,” said Caitlin Hayden, a spokeswoman for the Obama administration. “We have advocated that businesses that have suffered an intrusion notify customers if the intruder had access to consumers’ personal information. We have also advocated that companies and agencies voluntarily share information about intrusions.”
While the action itself isn’t all that surprising (Chinese hackers make thousands of attempts on critical government systems each month), it’s the fact that they were actually able to penetrate the US’ defenses this time around that makes this story so intriguing.
The hackers apparently targeted the “e-QIP” area of the network first, which is the system that is designed to grant security clearances to prospective employees who are either moving up the chain of command or need to have their background verified before gaining access to materials like top secret data or black budget operations.
With this information, the Chinese could potentially fool internal government networks into revealing highly sensitive information that would otherwise be reserved for only the most senior officials with clearances far beyond that of the average employee.
This event marks just another in a long line of back and forth cyber-espionage scenarios between Chinese and US officials, and while the DHS wasn’t specific (a running trend it seems) as to whether or not this latest debacle was state sponsored, it just goes to show that for all the rabble rousing we’ve made over the allegations of NSA spying, there is still a distinct reason the agency has a reason to be paranoid about these types of attacks putting the American people at risk.
The feds have refused to delve too deeply into what might have actually been taken during the assault, but have confirmed the hackers were able to avoid detection for nearly two days before the automatic scanning systems noticed that anything had gone wrong.