WASHINGTON — The White House on Friday revealed that hackers had breached a second computer system at the Office of Personnel Management, and said that President Obama was considering financial sanctions against the attackers who gained access to the files of millions of federal workers.
Investigators had already said that Chinese hackers appeared to have obtained personal data from more than four million current and former federal employees in one of the boldest invasions into a government network.
But on Friday, officials said they believed that a separate computer system at the agency was breached by the same hackers, putting at risk not only data about the federal employees, but also information about friends, family members and associates that could number millions more. Officials said that the second system contained files related to intelligence officials working for the F.B.I., defense contractors and other government agencies.
Sam Schumach, a spokesman for the personnel office, said that the F.B.I.’s incident response team had concluded “with a high degree of confidence” that systems containing information related to background investigations of current, former and prospective federal employees were compromised.
A senior government official, speaking on the condition of anonymity, said that investigators became aware of the second intrusion while assessing the damage from the first breach. The official said the information apparently taken in the second breach appeared not to be limited to federal employees.
The database contains copies of what is known as Standard Form 86, a questionnaire filled out by applicants for national security positions. The 127-page form can include medical data, including information on treatment or hospitalization for “an emotional or mental health condition.”
In addition, the form asks for detailed information on close relatives and “people who know you well.” The form has spaces for each contact’s home or work address, email address, phone number and other information.
The personnel office has said that the number of federal employees and applicants affected could rise beyond the four million already reported. If the relatives and close contacts are included, the total number of people affected could be several times as high, officials said.
At the White House, officials said that Mr. Obama was weighing the use of an executive order he signed in April that allows the Treasury secretary to impose sanctions on individuals or groups that engage in malicious cyberattacks, or people who benefit from them.
“This newly available option is one that is on the table,” said Josh Earnest, the White House press secretary.
Mr. Obama signed the executive order after the attack on Sony Pictures’ computer network, an intrusion that American officials believe was carried out by the government of North Korea. The order gives the administration the ability to freeze assets in the United States, bar Americans from doing business with groups that sponsor cyberattacks, and cut the groups off from American goods and technology. But the use of the sanctions authority could be more significant if Mr. Obama wielded it against China, which officials believe has continued to sponsor cyberattacks even as the two nations warily seek a working relationship in other areas.
Mr. Earnest declined to say whether investigators had concluded that the attacks at the personnel office affected many millions more people than the four million already announced. And he declined to say whether officials at the United States Embassy in China were being relocated out of a fear that the hackers retrieved information about their contacts in that country.
“We have acknowledged that potentially sensitive data about a substantial number of federal employees was breached or is at least now at risk,” Mr. Earnest said. “But we haven’t talked publicly about the details of that.”
Security experts say the forensic evidence from the attacks suggests that they were the work of a sophisticated Chinese group that for the past three years has targeted a number of government agencies and defense contractors.
More recently, however, the group appears to have been looking for inroads into the personal lives of government workers, military and intelligence personnel, and defense contractors, and it has been gathering the personal data and medical histories of its targets. Though experts say it is not clear what the attackers plan to use the information for, they note that it is the sort of delicate medical data that could be used for blackmail.
While the group is not a unit of the People’s Liberation Army’s Third Department, which oversees the Chinese military’s cyberintelligence gathering, the chronology of its attacks matches Beijing’s stated economic and strategic objectives.
It is unclear what exactly the relationship is between the attackers and the Chinese state, but for years security researchers have found evidence of a freelance market for Chinese hackers. Previous attacks against targets that would be of interest to the Chinese government have been tied to students and educators at Chinese universities and employees at Chinese Internet firms.
The impact of the breach of personnel files is continuing to ripple across other federal agencies. On Friday, for example, the Office of Management and Budget announced new steps that agencies must take to secure their networks as part of a “30-Day Cybersecurity Sprint” ordered by the government’s chief information officer.
Those steps include continuous, real-time monitoring of computer networks and the use of multifactor authentication, in which users are required to go beyond user names and passwords to verify their identity when logging on. Neither of those security features was in place at the personnel office before the attack last month.
View the original content and more from this author here: http://ift.tt/1C40PbQ
from cyber security caucus http://ift.tt/1JQeD07
via IFTTT
No comments:
Post a Comment