Tech

Chinese Hackers Lurked Undetected In Database For Full Year

Daily Caller News Foundation logo
Peter Fricke Contributor
Font Size:

American officials say Chinese hackers had access to sensitive security data for up to a year before a breach at the Office of Personnel Management was finally detected.

The cyberattack — the second one targeting the federal government’s human resources agency this year — was detected earlier this month, but officials believe it may have begun as early as June 2014, The Washington Post reports.

Intelligence experts say the hack is particularly dangerous because it took so long to be detected, allowing Chinese spies unfettered access to information on security clearance procedures and ample time to analyze the data.

“The longer you have to exfiltrate the data, the more you can take,” former National Security Agency general counsel Stewart Baker told The Post. “If you’ve got a year to map the network, to look at the file structures, to consult with experts and then go in and pack up stuff, you’re not going to miss the most valuable files.”

The incident was discovered in the course of an investigation into a separate cyberattack against OPM that was detected in April and made public earlier this month, OPM said Thursday in a press release. In that case, analysts believe Chinese hackers were able to access personnel files on up to 4 million current and former government employees for roughly four months starting in December 2014. (RELATED: Chinese Hackers Suspected of Infiltrating US Post Office, Stealing Data on 800,000 People)

OPM is offering 18 months of free identity theft protection to affected individuals, but investigators increasingly believe the Chinese were primarily interested in amassing information that could be used to blackmail government employees for counterintelligence purposes, according to Reuters.

Of particular concern, the article claims, are security clearance forms submitted by job applicants, which contain sensitive disclosures such as past drug use, love affairs, and foreign contacts.

The government has not officially accused China of perpetrating either attack, but numerous officials have implicated the Chinese government in statements to the media. The Chinese Foreign Ministry, for its part, has responded with indignant denunciations of cyber espionage that nonetheless stopped short of actually denying its involvement. (RELATED: Chinese Government Won’t Deny it was Behind Cyberattack)

OPM is working to improve its cybersecurity in response to the breaches, which some say is long overdue, asserting that the agency’s lax approach made it an easy target for hackers.

“You failed utterly and totally,” Republican Rep. Jason Chaffetz told OPM officials at a House Oversight and Government Reform Committee hearing Tuesday. Citing critical reports from the agency’s Inspector General, Chaffetz added that, “OPM’s data security posture was akin to leaving all the doors and windows open at your house.”

Chaffetz noted that in the latest report, the IG had determined that 11 of OPM’s 47 major information systems “lacked proper security authorization, meaning the security of 11 major systems was completely outdated and unknown.” (RELATED: Cyberattack Map Shows US Continually Under Assault)

He did concede that OPM is not solely to blame, however, noting that while the Department of Homeland Security “has been given the lead responsibility for serving as the federal government’s ‘geek squad’ to monitor day-to-day cyber security practices … the technical tools that DHS has deployed to try to protect federal networks apparently aren’t doing the job.”

Follow Peter Fricke on Twitter

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.