U.S. Government Personnel Network Breached

Report: Chinese Hackers Targeted Files of Employees
U.S. Government Personnel Network Breached

(Editor's note: This story has been updated.)

See Also: A Smarter Approach to Third-Party Vendor Risk: A Case Study

Chinese hackers broke into the computer system of the Office of Personnel Management in March and appeared to target the files of tens of thousands of employees seeking top-secret security clearances, the New York Times reports.

"We have no reason to believe that personally identifiable information was compromised," White House spokesman Josh Earnest said at a press briefing in Austin, Texas, where President Obama was visiting.

Officials at OPM and the Department of Homeland Security said in July 10 statements that there was "a potential intrusion" of the OPM network in mid-March. "Neither OPM nor U.S.-CERT have identified any loss of personally identifiable information," the DHS official said.

The OPM official credited constant monitoring of systems at DHS and OPM for identifying the intrusion. "We acted immediately, in collaboration with DHS and interagency partners, to mitigate the risks identified," the OPM official said. "We continue to exercise the utmost vigilance in monitoring for potential threats and protecting our information and systems. A multi-agency investigation into the attempted breach is ongoing."

Secretary of State John Kerry, in Beijing on July 10, told reporters that the breach did not appear to have compromised any sensitive information. He said he did not discuss the breach with Chinese leaders, but added, "We've been clear on larger terms that this is an issue of concern."

China Reacts

Chinese Foreign Ministry spokesman Hong Lei didn't confirm nor deny Chinese involvement in the OPM attack, but he dismissed the Times' report, saying China firmly opposes cyber-hacking. "Recently, some American media and Internet security firms keep playing the card of China Internet threat and smear China's image," the spokesman said in his daily press briefing. "They cannot produce tenable evidence. Such reports and comments are irresponsible and are not worth refuting."

DHS's National Cybersecurity and Communications Integration Center became aware of a potential intrusion and deployed an onsite U.S. Computer Emergency Readiness Team to assess and mitigate any risks identified, the DHS official said, adding that U.S.-CERT is continuing its investigation.

Citing senior U.S. officials, the Times reports that the hackers gained access to some of the OPM databases before federal authorities detected the threat and blocked them from the network. It is not yet clear how far the hackers penetrated the agency's systems, in which applicants for security clearances list their foreign contacts, previous jobs and personal information, such as past drug use, the Times reports.

Next Steps

Even if personally identifiable information was not taken by the hackers, the federal government should notify employees who received top-secret clearance that their files may have been exposed so they can be careful when working online, such as not opening attachments they didn't expect to receive, says Michael Quinn, associate managing director in the cyber investigations practice at Kroll, a risk mitigation and response solutions provider.

"People are human and they're going to make mistakes [and they need] to be more cautious about what they do, especially online," says Quinn, a former supervisory special agent in the FBI's criminal division. "Just don't click on an e-mail, just don't click on attachments."


Hear Michael Quinn discuss the effectiveness of indicting Chinese hackers.

American officials told the Times the attack was notable because while hackers try to breach United States government servers nearly every day, they rarely succeed.

Cybersecurity issues have put a crimp in relations between China and the U.S. In May, federal prosecutors indicted five Chinese military officers for hacking U.S. companies and giving corporate secrets to Chinese competitors (see U.S. Charges 5 Chinese with Hacking). In response to the indictments, China suspended a working group on cyber-related matters.


About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network