US government cyber attack:

the key questions

F R I D AY 05 JUNE 2015

US officials point the finger of blame at China after hackers break into US government
computers, compromising the personal data of 4 million current and former federal
employees.

China has responded angrily to the suggestion, after the attack on the US
government's Office of Personnel Management (OPM).
What has happened?
As yet unidentified hackers broke into the OPM's information systems, with
the malicious activity detected by the agency in April.
A Department of Homeland Security (DHS) official said the attack hit OPM's
IT systems and its data stored at the Department of the Interior's data

centre - a shared service center for federal agencies.

The DHS has said that at the beginning of May it concluded the agency's
data had been compromised and the data of around 4 million workers may
have been affected.
A US law enforcement source told Reuters a "foreign entity or government"
was believed to be behind the cyber attack and it was reported on Friday
that authorities were looking into a possible Chinese connection.
The OPM is now working with the DHS and FBI to determine the full impact
of the cyber attack. The FBI said it "will continue to investigate and hold
accountable those who pose a threat in cyberspace".
Why blame China?
US authorities are reported to be looking into a possible China connection to
the OPM breach.
Cyber investigators at iSight Partners have linked the OPM hack to earlier
thefts of healthcare records from Anthem, a health insurance company, and
Premera Blue Cross, a healthcare services provider - in which tens of
millions of records may have been stolen. Several US states were already
investigating a Chinese link to the Anthem attack, it has been reported.
iSIGHT Partners @iSIGHT_Partners
We have high degree of confidence that OPM and Anthem breaches linked to same
actor group...and high hopes this will be major wake up call
9:31 AM - 5 Jun 2015

41

133

4a R

Allv ethree breaches have one thing in common, said John Hultquist of iSight. He said
ot
rw
ie
te
et
ss

that while cyber espionage usually focuses on stealing commercial or government

secrets, these attacks targeted personally identifiable information.
Though iSight could not confirm that China was behind the attacks, Mr
Hultquist said the similar methods, servers and habits of the hackers
pointed to a single state-sponsored group.
Chinese hackers were also blamed for penetrating OPM's computer
networks last year.
What does China say about it?
China routinely denies involvement in hacking and a spokesman for the
Foreign Ministry in Beijing said suggestions it was involved in the OPM
breach were "irresponsible and unscientific."
Chinese Foreign Ministry spokesman Hong Lei said: "We hope that the US
can stop being constantly paranoid and make groundless accusations, but
instead show more trust and cooperation in this field."
What has been stolen?
At this stage the OPM is unable to tell what information has been taken in
the attack, only what has been accessed.
According to the Washington Post, agency officials said the hackers had
access to information including employees' social security numbers, job
assignments, performance ratings and training information. The OPM
declined to comment on whether payroll data was exposed other than to
say no direct-deposit information was compromised.

Above: the US Department of the Interior

This information could be sold in the dark web for a range of reasons, but
iSight Partners says the data "doesn't appear to have been monetised and
the actors seem to have connections to cyberespionage activity".
If the culprits are state-sponsored hackers, then it is likely that they are not
after money. Philip Lieberman of security software company Lieberman
Software said the information could be used to create targeted email
attacks, otherwise known as spear phishing, to obtain more confidential
data.
Others security experts said, given the data affected included job histories,
the information could be used to target other government departments.
"It's likely this is less about money and more about gaining deeper access
to other systems and agencies," said Mark Bower of HP Security Voltage, a
data security company.
What is the OPM about it?
The OPM was already in the process of "an aggressive effort to update its

cybersecurity posture", the agency said. It was because of these new tools
that it detected the malicious activity.
Additional security measures have been implemented to protect sensitive
data, the OPM said, and over the next couple of weeks it will be emailing
the affected individuals with advice on credit monitoring and identity theft
protection.
Is the UK at risk from a similar attack?
Mark James, a security specialist at anti-virus firm Eset, said that the data
breach at such a high level should concern every government, including the
UK's.
"Any breach of this type of nature has implications worldwide," he said.
"The type of data obtained could be used in advanced phishing techniques
to contact or infiltrate other organisations."
Roy Duckles, channel director for Europe at online security firm Lieberman
Software, suggested that given the UK's position as an ally of the US,
similar cyber security practices to those breached in the US could be in
place here.
"Should the UK government be concerned, the answer is yes. Don't forget
that friendly nation states often share information both at a domestic and
international level and this includes using shared IT practices in many
instances.
"If the US can be breached, in what appears to be a very targeted and
specific attack, then there is nothing to say that hackers aren't already in
similar networks in the UK government."
Posted by Thavam