The Office of Personnel Management (OPM) and the Interior Department were the latest targets of a massive data breach. On Thursday (June 4), the Obama administration announced what appeared to be one of the largest breaches of federal employees' data and could potentially affect four million people across all federal agencies. While the motive was unclear, the target appeared to be social security numbers and other personally identifiable information.
The OPM essentially functions as the federal government's human resources department, managing background checks, pension payments and job training across dozens of federal agencies. The information stolen can be used to facilitate identity theft or fraud. One expert said hackers could use information from government personnel files for financial gain. In a recent case disclosed by the IRS, hackers appear to have obtained tax return information by posing as tax payers, using personal information obtained from previous commercial breaches.
While US law enforcement officials believe the Chinese are behind the attack, foreign ministry spokesman Hong Lei of the Chinese government issued a statement of denial. "We know that hacker attacks are conducted anonymously, across nations, and that it is hard to track the source," Hong said. "It's irresponsible and unscientific to make conjectural, trumped-up allegations without deep investigation."
The intrusion came before the personnel office fully put into place a series of new security procedures that restricted remote access for administrators of the network and reviewed all connections to the outside world through the Internet. The Department of Homeland Security (DHS) uses an antihacking system called EINSTEIN to help them identify potential cyberattacks and compromises of federal employee data. EINSTEIN is an intrusion detection system (IDS) for monitoring and analyzing Internet traffic as it moves in and out of the United States federal government networks. The system filters packets at the gateway and reports anomalies to the United States Computer Emergency Readiness Team at the Department of Homeland Security. The most recent version, EINSTEIN 3, is currently being tested in a pilot program. EINSTEIN 3 detects and responds to cyber threats before harm is done. It appears that the DHS will need to push EINSTEIN 3 through the pilot phase much faster after the latest breach.
In response to the latest breach, the personnel office told current and former federal employees that they could request 18 months of free credit monitoring to make sure that their identities had not been stolen. They also reported that they are working with cybersecurity experts to assess the effects of the breach.
The breach reported on Thursday is the latest sign of the U.S. government's struggles to protect its own data. This is the third major foreign intrusion into an important federal computer system in the past year. Last year, the White House and the State Department found that their email systems had been compromised in an attack that was attributed to Russian hackers. Furthermore, the personnel office announced last summer that hackers appeared to have targeted the files of tens of thousands of workers who had applied for top-secret security clearances. It is believed the hackers were seeking information on security clearances that could help identify covert agents, scientists and others with data of great interest to foreign governments. This specific breach also appeared to have originated in China.
Senate Intelligence Committee Chairman Richard Burr, said the government must overhaul its cybersecurity defenses. "Our response to these attacks can no longer simply be notifying people after their personal information has been stolen," he said. "We must start to prevent these breaches in the first place."
