【Comment】
The hacking of 4 million US federal personnel could be disastrous, which
might include not only the private information but the details of secret service
personnel.
The worst part is not personal threat or blackmail on the above
personnel.
The worst part might be that the personnel information can be used for
China, or ISIS for example, to launch “spear-fishing attack,” or insider attack,
which is almost impossible to prevent.
Obama blamed the Government of China for the mass hacking. revised at 1520
China might be building vast database of federal worker info, experts
say○CNN (2015.06.06)
Washington (CNN)The
massive hack that may have stolen the personal information of four million
federal employees appears designed to build a vast database in what could be
preparation for future attacks by China against the U.S., cybersecurity experts
advising the government told CNN Friday afternoon.
Law enforcement officials also said Friday that the hack appears to have
been carried out by the same Chinese hackers who attacked Anthem Insurance
earlier this year, in which information on tens of millions of customers was
stolen.
U.S. officials believe the breach, which was revealed Thursday and
affected current and former federal workers from nearly every government
agency, could be the biggest ever of the government's computer networks.
"The extent of personal data stolen makes this attack an order of magnitude
greater than any we have seen of its kind in the past," said California
Democratic Rep. Adam Schiff, the ranking Democrat on the House Intelligence
Committee who was briefed on the attack.
China has called the allegation that it was behind the attack
irresponsible. But the experts said that the goal behind the attack is to build
a database of federal employees -- using the stolen personal information to
fool and impersonate government workers -- to set up future "insider"
attacks. By revealing who has security clearances and at what level, the
Chinese may now be able to identify, expose and blackmail U.S. government
officials around the world, the experts added.
The connection between the hacking attack and the Anthem incident was
first reported by The New York Times.
The cybersecurity experts added that some government agencies have not
been following the government's own best practices for cybersecurity, such as
updating operating systems with latest protections.
The Office of Personnel Management, which is conducting background
checks, warned it was urging potential victims to monitor their financial
statements and get new credit reports.
Federal employees lash out
Some federal employees took to Facebook to express their displeasure.
"Unreal, I don't have enough money as it is," Facebook user
Shari Saeler posted on the Office of Personnel Management's page. "Now I
have to worry about someone stealing it!"
Retiree Linda Eleanor Rigby Robbins posted she didn't know if she was
affected.
"I do not understand why I heard this on the news instead of via
letter or email from OPM," she wrote.
George Thomas, who works as an analyst at the Smithsonian Institute,
said he felt his employer had done its job in trying to keep his personal
information safe. But Thomas also said that in the fast-changing world of
technology, it can be difficult for employers to stay ahead of hackers and
information breaches.
"It's an uphill battle," Thomas said.
The breach was initially thought to have affected the Office of
Personnel Management and the Department of Interior, but government officials
said hackers hit nearly every federal government agency.
An assessment continues, and it is possible millions more government
employees may be affected.
U.S. investigators: We believe this was China's work
U.S. investigators believe they can trace the breach to the Chinese
government. The Chinese Foreign Ministry neither confirmed nor denied its
involvement in the hack, simply pointing out it too has been a victim of
cyberattacks in the past.
"China itself is also a victim of cyberattacks," Chinese
Foreign Ministry spokesman Hong Lei said Friday in Beijing. "China
resolutely tackles cyberattack activities in all forms."
He added that China would like to have more global cooperation "to
build a peaceful and safe, open and collaborative cyberspace."
And he also called on the United States not to make groundless
accusations about China's involvement "but instead add more trust and
cooperating in this field."
A spokesman from the Chinese Embassy in Washington late Thursday
objected to allegations that the Chinese government may be behind the massive
hack.
"Cyberattacks conducted across countries are hard to track, and
therefore the source of attacks is difficult to identify. Jumping to
conclusions and making (a) hypothetical accusation is not responsible and
counterproductive," Zhu Haiquan said.
EINSTEIN detection system
Employees of the legislative and judicial branches and uniformed
military personnel were not affected.
There are 2.7 million federal executive branch employees. It's unclear
whether the breach affected all of them, along with former employees, or only a
portion of them.
The federal personnel office learned of the data breach after it began
to toughen its cybersecurity defense system. When it discovered malicious
activity, authorities used a detection system called EINSTEIN to unearth the
information breach in April, the Department of Homeland Security said.
A month later, the federal agency learned sensitive data had been
compromised.
The FBI is investigating what led to the breach.
"We take all potential threats to public and private sector systems
seriously and will continue to investigate and hold accountable those who pose
a threat in cyberspace," the FBI said in a statement.
The federal personnel office said "personally identifiable
information" had been breached, though the office didn't name who might be
responsible.
Senator: The breach is 'disturbing'
Senate Homeland Security and Governmental Affairs Chairman Ron Johnson,
R-Wisconsin, called the breach "disturbing" and said the Office of
Personnel Management needs to do a better job securing its information.
"It is disturbing to learn that hackers could have sensitive
personal information on a huge number of current and former federal employees
-- and, if media reports are correct, that information could be in the hands of
China," Johnson said in a statement. "(The office) says it 'has
undertaken an aggressive effort to update its cybersecurity posture.' Plainly,
it must do a better job, especially given the sensitive nature of the
information it holds."
U.S. Rep. Adam Schiff of California, the top Democrat on the House
Intelligence Committee, said hackers are one of the "greatest challenges
we face on a daily bases."
"It's clear that a substantial improvement in our cyber databases
and defenses is perilously overdue," Schiff said in a statement.
"That's why the House moved forward on cybersecurity legislation earlier
this year, and it's my hope that this latest incident will spur the Senate to
action."
And former Arkansas governor and 2016 Republican presidential hopeful
Mike Huckabee blasted the Obama administration in a statement over what he felt
were inadequate precautions taken to protect the personal data of millions of
federal workers.
"What will it take for the White House to do its job? What will it
take for the Obama administration to wake up and defend America?" he
asked. "The lack of common sense in this White House is beyond
breathtaking."
At a press briefing earlier Friday, White House Press Secretary Josh
Earnest, citing the ongoing investigation, declined to discuss specific details
about the attack. But he blamed Congress for not doing enough to pass laws that
would enhance cybersecurity.
"We need the United States Congress to come out of the Dark Ages
and actually join us here in the 21st century to make sure that we have the
kinds of defenses that are necessary to protect a modern computer system,"
he said.
沒有留言:
張貼留言
請網友務必留下一致且可辨識的稱謂
顧及閱讀舒適性,段與段間請空一行