China-based hackers are suspected once again of breaking into U.S. government computer networks
***KEY LEGALSHIELD INFO AT THE BOTTOM***
By Ken Dilanian and Ricardo Alonso-ZaldivarAssociated Press
WASHINGTON — China-based hackers are suspected once again of breaking into U.S. government computer networks, and the entire federal workforce could be at risk this time.
The Department of Homeland Security said in a statement that data from the Office of Personnel Management — the human resources department for the federal government — and the Interior Department had been compromised.
"The FBI is conducting an investigation to identify how and why this occurred," the statement Thursday said.
The hackers were believed to be based in China, said Sen. Susan Collins, a Maine Republican.
Collins, a member of the Senate Intelligence Committee, said the breach was "yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances."
But in Beijing Friday, the Chinese Foreign Ministry dismissed the allegations.
A spokesman for the ministry, Hong Lei said at a regular news briefing that Beijing hopes the U.S. would be "less suspicious and stop making any unverified allegations, but show more trust and participate more in cooperation."
Beijing routinely dismisses any allegation of its official involvement in cyberattacks on foreign targets, while invariably noting that China is itself the target of hacking attacks and calling for greater international cooperation in combating hacking.
"We know that hacker attacks are conducted anonymously, across nations, and that it is hard to track the source," Hong said. "It's irresponsible and unscientific to make conjectural, trumped-up allegations without deep investigation."
A U.S. official, who declined to be named because he was not authorized to publicly discuss the data breach, said the breach could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen. Former government employees are affected as well.
The Office of Personnel Management conducts more than 90 percent of federal background investigations, according to its website.
The agency said it is offering credit monitoring and identity theft insurance for 18 months to individuals potentially affected. The National Treasury Employees Union, which represents workers in 31 federal agencies, said it is encouraging members to sign up for the monitoring as soon as possible.
In November, a former DHS contractor disclosed another cyberbreach that compromised the private files of more than 25,000 DHS workers and thousands of other federal employees.
Cybersecurity experts also noted that the OPM was targeted a year ago in a cyberattack that was suspected of originating in China. In that case, authorities reported no personal information was stolen.
Chinese groups have persistently attacked U.S. agencies and companies, including insurers and health-care providers, said Adam Meyers, vice president for intelligence at Irvine, California-based CrowdStrike, which has studied Chinese hacking groups extensively.
The Chinese groups may be looking for information that can be used to approach or compromise people who could provide useful intelligence, Meyers said. "If they know someone has a large financial debt, or a relative with a health condition, or any other avenues that make them susceptible to monetary targeting or coercion, that information would be useful."
One expert said hackers could use information from government personnel files for financial gain. In a recent case disclosed by the IRS, hackers appear to have obtained tax return information by posing as taxpayers, using personal information gleaned from previous commercial breaches, said Rick Holland, an information security analyst at Forrester Research.
"Given what OPM does around security clearances, and the level of detail they acquire when doing these investigations, both on the subjects of the investigations and their contacts and references, it would be a vast amount of information," Holland added.
DHS said its intrusion detection system, known as EINSTEIN, which screens federal Internet traffic to identify potential cyberthreats, identified the hack of OPM's systems and the Interior Department's data center, which is shared by other federal agencies.
It was unclear why the EINSTEIN system didn't detect the breach until after so many records had been copied and removed.
"DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion," the statement said.
Cybersecurity expert Morgan Wright of the Center for Digital Government, an advisory institute, said EINSTEIN "certainly appears to be a failure at this point. The government would be better off outsourcing their security to the private sector where's there at least some accountability."
Senate Intelligence Committee Chairman Richard Burr, R-N.C., said the government must overhaul its cybersecurity defenses. "Our response to these attacks can no longer simply be notifying people after their personal information has been stolen," he said. "We must start to prevent these breaches in the first place."
Background
What Happened?
On June 4, 2015, the U.S. Office of Personnel Management (OPM) announced that a cybersecurity incident occurred that may have compromised the personal information of current and former Federal employees.
Who Is Affected?
Four million current and former Federal employees.
On June 4, 2015, the U.S. Office of Personnel Management (OPM) announced that a cybersecurity incident occurred that may have compromised the personal information of current and former Federal employees.
Who Is Affected?
Four million current and former Federal employees.
Potential Threats
At this point, the OPM has only described the compromised employee data as “Personally Identifiable Information.”
Provides Coverage for Victims
OPM states that between June 8 and continuing through June 19 notifications will be sent to individuals whose information was potentially compromised in this incident. The email will come from opmcio@csid.com and it will contain information regarding identity theft services to be provided by CSID. Those notified will have access to an 18-month membership which will provide credit report access, credit monitoring, identity theft insurance, and recovery services. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service.
At this point, the OPM has only described the compromised employee data as “Personally Identifiable Information.”
Provides Coverage for Victims
OPM states that between June 8 and continuing through June 19 notifications will be sent to individuals whose information was potentially compromised in this incident. The email will come from opmcio@csid.com and it will contain information regarding identity theft services to be provided by CSID. Those notified will have access to an 18-month membership which will provide credit report access, credit monitoring, identity theft insurance, and recovery services. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service.
• “With your LegalShield identity theft plan in place, you don’t have to panic and worry like most people do. We are monitoring your identity, and licensed investigators are available to restore your identity if yours is compromised.”
• “These are just the basics. If you’d like to know more about it, please take advantage of your membership and call a representative at Kroll. Here’s the number: 888-494-8519.”
*IF YOU ARE NOT A MEMBER AND NOT PROTECTED BY OUR IDENTITY THEFT PLAN*
• In light of this breach—and the many others in the news recently—I invite you to enhance your coverage right now so you don’t have to lose any sleep over who’s watching out for your personal information. You can learn more and sign up to protect your family by visiting www.JASKEW.com now! www.JASKEW.com is a division of JMA Investigative Services, Inc. www.JMAPI.com
Reminder to Members
Scammers may try to use this event to trick people into giving up personal information.
• Consider Placing Fraud Alerts
If you feel you may be impacted by this breach, you have the right by federal law to place fraud alerts with the three national credit reporting agencies (CRAs). Here are the numbers:
If you feel you may be impacted by this breach, you have the right by federal law to place fraud alerts with the three national credit reporting agencies (CRAs). Here are the numbers:
Equifax: 888-766-0008
Experian: 888-397-3742
TransUnion: 800-680-7289
Experian: 888-397-3742
TransUnion: 800-680-7289
• Read IDShield Plan Alerts
If you receive an alert from your IDShield Plan and do not recognize the activity as something you authorized, please call 888-494-8519 to speak to an investigator.
If you receive an alert from your IDShield Plan and do not recognize the activity as something you authorized, please call 888-494-8519 to speak to an investigator.
No comments:
Post a Comment