Chinese breach data of 4 million federal workers

(Ping! Zine Web Hosting Magazine) – The news broke last night that U.S. officials suspect that hackers in China stole the personal records of as many as four million people in one of the most far-reaching breaches of government computers.

The Federal Bureau of Investigation is probing the breach, detected in April at the Office of Personnel Management. The agency essentially functions as the federal government’s human resources department, managing background checks, pension payments and job training across dozens of federal agencies. Investigators suspect that hackers based in China are responsible for the attack, though the probe is continuing, according to people familiar with the matter. On Thursday, several U.S. officials described the breach as among the largest known thefts of government data in history.

Tony Berning, senior manager at OPSWAT:

“Unfortunately the federal government breach underlines the fact that current cyber security defences are not sophisticated enough to prevent infiltration. For high security and classified networks it is important to secure the data flow by deploying one-way security gateways and ensuring that no information can leave the network. In addition, to ensure the highest protection against known and unknown threats, multi-scanning with multiple anti-malware engines should be deployed, leveraging the power of the different detection algorithms and heuristics of each engine, and greatly increasing the detection rate of threats and outbreaks.”

Mark Bower, global director, HP Security Voltage:

“Theft of personal and demographic data allows one of the most effective secondary attacks to be mounted: direct spear-phishing to yield access to deeper system access, via credentials or malware thus accessing more sensitive data repositories as a consequence. These attacks, now common, bypass of classic perimeter defenses and data-at-rest security and can only realistically be neutralised with more contemporary data-centric security technologies adopted already by the leaders on the private sector. Detection is too late. Prevention is possible today through data de-identification technology. So why is this attack significant? Beyond spear-phishing, knowing detailed personal information past and present creates possible cross-agency attacks given job history data appears to be in the mix. Thus, its likely this attack is less about money, but more about gaining deeper access to other systems and agencies which might even be defense or military data, future economic strategy data, foreign political strategy, and sensitive assets of interest at a nation-state level for insight, influence and intellectual property theft.”

Tom Court, cyber crime researcher, Alert Logic:

“Attacks against high profile targets such as this require the adversary to possess the means, a motive and be given an opportunity to strike. In this case the attacker was a group of skilled hackers who had previously demonstrated they had the means by launching a similar attack against the same target in March last year. The motive is clear and should be a red flag to all organisations that hold large amounts of personal data. This information is fast becoming a currency that cyber criminals trade in and should be treated with the same degree of care as financial data. A large organisation with potential IT and security budget constraints presents an opportunity to would-be attackers. Nevertheless, once additional expertise was brought in, the breach was quickly discovered and remediated. This underlines the importance of continuous network monitoring to uncover anomalies before they become headlines.”