Chinese hackers are suspected of being behind the massive data breach at the Office of Personnel Management, which has exposed the entire federal workforce of 2 million employees and just over 2 million federal retirees and other former employees.
It is believed that the hackers who carried out this attack were also responsible for the recent data breaches at health insurers Anthem and Primera.
Currently, there are conflicting reports about whether or not it was a state-sponsored attack designed to gather intelligence or if it was carried out by Chinese criminal hackers looking to use the stolen information for fraudulent purposes. According to Tim Kaufman, a spokesman for the American Federation of Government Employees, the hackers made off with OPM’s Central Personnel Data System File, which is a vast repository of detailed records about current and former employees.
The Central Personnel Data System File includes names, addresses, dates of birth, pay grades, records of personnel actions, as well as pension, insurance and health plan details, and social security numbers. The social security numbers on file are supposed to be encrypted due to their sensitive nature, but OPM has not clarified what security measures they had in place at the time of the attack. The OPM hack was detected in April, but the hackers were likely in the system last year.
If the hackers are cyber criminals, they will probably use the stolen data to launch spear-phishing e-mails designed to trick the recipient into opening a link or attachment, which then gives the hacker access to computer systems. Former White House cybersecurity official Rob Knake cautioned against immediately jumping to the conclusion that it was a state-sponsored attack, arguing, “this is a big trove of data that can be used for fraud. That is the most likely reason that someone would want this type of data. …It’s of very limited value within the intelligence community. …I think it’s more likely to have been a criminal act.”
However, some experts disagree, arguing that this group of hackers are better known for their acts of digital espionage, indicating that spies and intelligence agencies are no longer interested solely in stealing American corporate and military trade secrets, but also personal information.
John Hultquist, the senior manager of online espionage threat intelligence at iSight, a security firm, believes that the hackers are “creating a tremendous database of P.I.I. [personally identifiable information] that they can reach back to for further activity. It looks like they are casting a very wide net, possibly for following on operations or identifying persons of interest, but we’re in a new space here and we don’t entirely know what they’re trying to do with it.”
The FBI is investigating the breach and said in a recent statement, “we take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace.”