Wed, Aug 12, 2015 - Page 1 News List

Chinese hack of US security details revealed

The Guardian, NEW YORK

The ongoing saga of successful foreign hack attacks on US government databases continued on Monday with news of another break-in allegedly perpetrated by China.

Just days after the reported spear-phishing attack on the Pentagon’s Joint Staff e-mail system, which exposed about 4,000 civilian and military employees and is believed to have been sponsored by Russia, anonymous government sources told NBC News that a separate set of Chinese hack attacks targeted the personal e-mails of “all top [US] national security and trade officials.”

These attacks — among the more than 600 hacks attributed by US officials to hackers working for the Chinese government — sought personal e-mail info from top US administration officials and began in 2010.

NBC’s source said the hacks were still going on, but would not name any of the officials targeted.

The US government is dealing with several different investigations into breaches of security, the largest of which is the hack of the Office of Personnel Management (OPM) — an intrusion that exposed the personal information of about 22 million people.

That investigation has been troubled by intramural squabbling by the agency’s own admission: Patrick McFarland, the office’s inspector general, wrote a strongly worded memo to acting office director Beth Cobert accusing the agency’s Office of the Chief Information Officer (OCIO) of hampering its inquiry into the hack, citing multiple instances of uncooperative behavior.

Notable among them was the accusation that the “OCIO failed to timely notify the OIG of the first data breach at OPM involving personnel records.”

The US government is trying to put together the best way to safeguard its information but in many cases, better encryption “would not have helped,” as US Department of Homeland Security Assistant Secretary for Cybersecurity Andy Ozment testified before the US Congress with reference to the OPM hack.

In that case, attackers obtained the credentials of an employee at private firm KeyPoint Government Solutions and used them to gain legitimate access to the network.

These newly revealed hacks of private e-mails took place over the period when then-US secretary of state Hillary Rodham Clinton was receiving work-related correspondence in her own private accounts, though no victims of the hacks have been named.

The timing of the revelations is potentially fortuitous for at least one group of people: proponents of the Cybersecurity Information Sharing Act (CISA), the controversial bill that will likely come before the US Senate again next month.

Internet activists are not biting.

“The US government has proven itself incompetent when it comes to protecting its data,” Evan Greer of Fight for the Future said.

“Information sharing bills like CISA would make us even more vulnerable by dramatically expanding the amount of private data the US government keeps in its databases and the number of government and law enforcement agencies who would house that data,” he said.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top