The recent Office of Personnel Management hack was a data breach and espionage on a large scale – but who orchestrated it, and how could it come to pass? Read on for more info on what might be a modern day case of spying on an international level.
What was hacked?
The Office of Personnel Management within the federal government was hacked. Specifically, Ars Technica identified two breached systems including the Electronic Official Personnel Folder and the central database behind EPIC, software that collects data for government employee and contractor background investigations.
Officials say the hack likely affected 14 million people – specifically personnel data and background investigation data. The stolen data included social security numbers, names, dates, birth places, and addresses as well as detailed background security clearance related information including finances, criminal history, and past drug use.
When did this happen?
Two OPM investigative contractors – USIS and KeyPoint Solutions – identified these breaches over a four month period in 2014.
Who was responsible?
Current evidence points to a Chinese Cyber-espionage group dubbed “Deep Panda.” According to NPR, this has not been formally announced because, while they are convinced this is the case, this is the sort of espionage that many governments do and calling China out may be problematic.
Why did they do it?
Unlike credit card data breaches that we have seen recently, this was likely espionage. Attackers may use the information for blackmail, given the depth of the breach. Anyone with security clearance could potentially have had their info stolen.
How did the info get out and why wasn’t it caught?
According to Wired.com, there were multiple levels of failures. The OPM had no IT security staff until 2013. Equipment lacked appropriate encryption and inventory lists of servers and databases. The agency failed to properly implement multi-factor authentication for systems abroad. Arstechnica also explains contractors which OPM’s security team had limited visibility into were in charge of nearly half the major IT systems. Furthermore, internal systems also lacked the basic security measures and security testing. Ars Technica says that some of the contracted companies may even have employed Chinese nationals from overseas as subcontractors.
It is also thought that an inspector general’s report released in November 2014 might have identified some of the problems in security with the OPM, and may have tipped off the hackers.
Investigations are also focused on the government shutdown in October 2013. Due to this, workers who would have been monitoring the FEC networks were not on the job at the time. It is also possible a prior Chinese breach may have assisted hackers in finding vulnerabilities to exploit later on.
