Federal personnel info stolen
Hackers grab data on 4 million workers
Hackers grab data on 4 million workers
China-based
hackers are suspected of breaking into the computer networks of the
U.S. government personnel office and stealing identifying information of
at least 4 million federal workers — a “critically significant” breach
that could allow the culprits to mimic U.S. officials at all levels, a
leading computer security expert said.
The Department of Homeland Security said in a statement yesterday that data from the Office of Personnel Management — which handles nearly all federal security clearances — and the Interior Department had been compromised.
“The FBI is conducting an investigation to identify how and why this occurred,” the statement said.
The hackers were believed to be based in China, said U.S. Sen. Susan Collins, (R-Maine), a member of the Senate Intelligence Committee, who said the breach was “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”
Anthony Roman, president of Roman & Associates, a global investigative and security consulting firm, called it “critically significant,” saying, “This is an espionage attack, one that can lead to our banking system, classified information in the private sector, it can lead to a host of sensitive information,”
Roman said it appears Chinese hackers planted malware into U.S. computers back in December after a software provider notified the government of a potential security risk. He said hackers created just such software to inflitrate the computer system and remain undetected until April.
“They were incredibly successful,” Roman said. “Certain types of malware are like little sleeper cells. It goes in there, it may stay dormant, then it collects a little information and it may go dormant again. It can be very difficult to detect as a result.”
He said with access to the Office of Personnel Management files on 4 million current and former government workers, hackers can mimic real government employees by creating authentic looking email accounts and infiltrate still more U.S. systems.
“So now this breach has become exponential,” Roman said. “The exposure is huge. They can use all this to mimic the actual people in other circumstances and use it to send more malware in those transmittals so the risk spreads like a cancer. You can get into every system that the person can.”
A U.S. official who declined to be named said it could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen. The Office of Personnel Management is offering credit monitoring and identity theft insurance for 18 months to individuals potentially affected.
end quote from:
The Department of Homeland Security said in a statement yesterday that data from the Office of Personnel Management — which handles nearly all federal security clearances — and the Interior Department had been compromised.
“The FBI is conducting an investigation to identify how and why this occurred,” the statement said.
The hackers were believed to be based in China, said U.S. Sen. Susan Collins, (R-Maine), a member of the Senate Intelligence Committee, who said the breach was “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”
Anthony Roman, president of Roman & Associates, a global investigative and security consulting firm, called it “critically significant,” saying, “This is an espionage attack, one that can lead to our banking system, classified information in the private sector, it can lead to a host of sensitive information,”
Roman said it appears Chinese hackers planted malware into U.S. computers back in December after a software provider notified the government of a potential security risk. He said hackers created just such software to inflitrate the computer system and remain undetected until April.
“They were incredibly successful,” Roman said. “Certain types of malware are like little sleeper cells. It goes in there, it may stay dormant, then it collects a little information and it may go dormant again. It can be very difficult to detect as a result.”
He said with access to the Office of Personnel Management files on 4 million current and former government workers, hackers can mimic real government employees by creating authentic looking email accounts and infiltrate still more U.S. systems.
“So now this breach has become exponential,” Roman said. “The exposure is huge. They can use all this to mimic the actual people in other circumstances and use it to send more malware in those transmittals so the risk spreads like a cancer. You can get into every system that the person can.”
A U.S. official who declined to be named said it could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen. The Office of Personnel Management is offering credit monitoring and identity theft insurance for 18 months to individuals potentially affected.
end quote from:
No comments:
Post a Comment