Introduction

The U.S. Office of Personnel Management (OPM) has confirmed that they were a victim of one of the largest data breaches of the U.S Government. Personal information of over four million Federal Government employees was compromised. James Comey, FBI Director reported that the numbers could be much higher with as much as eighteen million personal records hacked.

The breach started in March 2014 and wasn’t discovered by OPM until April 2015 leaving plenty of time for hackers to access record numbers of data. According to the Wall Street Journal, United States Government officials suspect that Chinese hackers perpetrated the breach. The Washington Post has also reported that the attacks origins are from China. It also reported that the stolen data was said to have been personal info such as Social Security numbers, names, places of birth and addresses causing a serious concern for the victims’ privacy and well-being. The breach went even deeper likely retrieving such data as detailed background security clearance related background data.

The President of the American Federation of Government Employees, J. David Cox, said that the incident was a "catastrophe". He also stated that he believed the hackers retrieved “every affected person’s Social Security numbers, military records and veterans’ status information, addresses, birth dates, job and pay history, health insurance, life insurance, and pension information; age, gender, race, union status, and more”.

ABC news also reported that extremely sensitive 127 page SF-86 forms have undoubtedly have been put in tremendous risk by the Chinese hackers. SF-86 forms include a vast amount of data detailing information such as relatives, college roommates as well as foreign contacts and personal psychological information.

Although officials say that the hackers seemed to be targeting files on employees who had applied for security clearances, and had gained access to several databases, but had been stopped before they obtained the security clearance information.

Over the years OPM had been warned about a lax in their security systems and has even had audit reports in 2013 and 2014 warning of “persistent deficiencies” such as, “incomplete security authorization packages” and “insufficient security testing”.

Brian Naylor of NPR reported that this was not the first cyber attack on OPM systems and that they have been hacked by someone in the past seeking sensitive data and China is believed to be the culprit behind that breach as well. OPM has temporarily shut down access to its E-Qip system, which is used to submit background check application forms, as a proactive security measure.

Andy Ozment, official of the Department of Homeland Security, claims that the hackers possessed valid user credentials to the computers they where hacking, possibly through means of social engineering. One report by Ars Technica said there was at least one hacker with root access to every row in every database, which was located in China as well as another hacker having two more employees with Chinese passports.

Conclusion

It has been rumored that the cyber criminals working for the Chinese military intending to compile a database of Americans using the data obtained from the breach. Though we are not one hundred percent sure whether these cyber breaches are for government, militant or personal financial gain one thing we do know is China is the most aggressive in their approach to hack American and western countries alike to gain sensitive data for purposes unknown. In 2014 the U.S did indict five Chinese military officials for cyber economic espionage for hacking into the systems of major steel and other large companies retrieving plans as well as negotiating details.

China’s response to these cyber breaches is by saying that it has also been the target of cyber attacks in the past.




For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

- Suzanne Gonzalez

Gaithersburg, MD