Last month’s massive breach of federal employees’ data at the hands of the Chinese, made public on Thursday, indicates a treacherous new reality in the global cyber game.
“It’s very serious indeed,” geopolitical expert Ian Bremmer, founder of Eurasia Group, told Business Insider said in an email. “China’s offensive cyber capabilities have consistently surprised the United States in terms of breadth and sophistication of attacks.
“The latest attacks revealed yesterday show millions of existing and former US government employees with their private data now in the hands of the Chinese state.”
The Obama administration has refrained from making any official statements about China’s role in the attack on the Office of Personnel Management (OPM), since it is still so difficult to trace a data breach back to its original source. An unnamed official told Reuters that information taken includes security clearance information and background checks going back decades.
“This is deep. The data goes back to 1985,” the official said. “This means that they potentially have information about retirees, and they could know what they did after leaving government.”
The data includes details about the private lives of more than four million US government workers.
“These [federal employees] are the people who hold US secrets,” national security expert Douglas Ollivant explained to Business Insider, referring to the employees’ varying levels of government security clearance.
“And now the hackers likely have access to blackmail-able levels of information, such as the employees’ passports, social security numbers, history of drug use or psychological counseling, foreign contacts, etc.”
Whether or not the attack was state-sponsored remains to be seen, but few doubt that the stolen personnel data will ultimately end up in the hands of the Chinese government.
“This is a really big deal,” Ollivant added. “Some might consider it an act of war.”
Furthermore, the hack is part of Beijing’s evolving cyber espionage operation.
“Having a large database of personal information on key individuals that have access to critical infrastructure or classified information gives China an advantage in whatever agenda they have,” Mark Wuergler, a senior cybersecurity researcher at Immunity, Inc., told Business Insider.
“By breaking into one organisation it points in the direction of the next juicy target to siphon data from, or add to, an arsenal of leverage over a superpower.”
The Chinese are masters of the long game, Wuergler noted, and Chinese hackers have been known to infiltrate servers and maintain their access for a year or more to quietly spy on their targets.
“They are really good at what they do, and when they break into something it’s not just smash-and grab,” Wuergler said, noting that hackers in the OPM network had been there for months before they were even detected.
According to Wuergler, a “complete overhaul” of the network and systems we use today would be needed to deter attacks like this in the future.
As Bremmer sees it, however, such efforts at deterrence would be largely futile given China’s determination to remain embedded in American networks.
“There’s no effective defence against these attacks and, as we’ve seen, there’s also no effective deterrence,” he said. “China isn’t trying to engage in ‘integrity’ attacks against the US — they don’t want to destroy American institutions and architecture as, after all, they’re hugely invested in American economic success.”
That said, Bremmer added, “we should be very clear: China is at virtual war with the United States, and the threat is far higher than that of terrorism, which gets the lion’s share of attention — and, in the post-9/11 world, funding.”
NOW WATCH: Briefing videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.