CybersecurityChinese government hackers target personal e-mails of “all top national security and trade officials”: U.S.
The vulnerability of American government organizations to hacking by foreign government-baked hackers was in evidence again when, a few days ago, it was revealed that Russian government hackers, using spear-phishing attacks, breached Joint Staff e-mail system. The breach caused about 4,000 civilian and military employees to lose access to their e-mail while the system was cleaned. U.S. government sources say that a separate set of attacks by Chinese government hackers targeted the personal e-mails of “all top national security and trade officials.” These attacks, which began in 2010, were among the more than 600 hacks by hackers working for the Chinese government, and their target was the personal e-mail info of top administration officials. The hacks were still going on.
The vulnerability of American government organizations to hacking by foreign government-baked hackers was in evidence again when, a few days ago, it was revealed that Russian government hackers, using spear-phishing attacks, breached Joint Staff e-mail system. The breach caused about 4,000 civilian and military employees to lose access to their e-mail while the system was cleaned.
U.S. government sources told NBC News that a separate set of attacks by Chinese government hackers targeted the personal e-mails of “all top national security and trade officials.”
These attacks, which began in 2010, were among the more than 600 hacks by hackers working for the Chinese government, and their target was the personal e-mail info of top administration officials. The government source told NBC that the hacks were still going on.
The Guardian reports that the U.S. government has launched several different investigations into breaches of cybersecurity, the largest of which exposed the personal information of 22 million past and present government employees held in the Office of Personnel Management’s (OPM) database.
Cybersecurity experts say that the investigation into the OPM breach has been hobbled, by the agency’s own admission, by turf wars. Patrick McFarland, the OPM’s inspector general, wrote a strongly worded memo to acting OPM director Beth Cobert accusing the agency’s Office of the Chief Information Officer (OCIO) of hampering its inquiry into the hack, citing many instances of uncooperative conduct.
McFarland did not mince words, charging that the “OCIO failed to timely notify the OIG of the first data breach at OPM involving personnel records.”
The U.S. government has been grappling with the issue of establishing better safeguard for information government agencies hold in their databases, but as DHS assistant secretary for cybersecurity told Congress in reference to the OPM breach, in many cases, better encryption “would not have helped.”
One reason is that in the OPM case, the Russian attackers obtained the credentials of an employee at private firm KeyPoint Government Solutions and used them to gain legitimate access to the network, access which would not have been prevented by encryption.
The Guardian notes that timing of the latest revelations is helpful for proponents of the Cybersecurity Information Sharing Act (CISA), the controversial cybersecurity bill which will likely come for a vote in the Senate next month.
Privacy and digital rights advocates say that the revelations about the infiltration of U.S. government databases should not serve as arguments for CISA – but rather as arguments against the information-sharing bill. “The U.S. government has proven itself incompetent when it comes to protecting its data,” Evan Greer of advocacy group Fight for the Future told the Guardian. “Information sharing bills like CISA would make us even more vulnerable by dramatically expanding the amount of private data the US government keeps in its databases and the number of government and law enforcement agencies who would house that data.”