The massive breach of a federal personnel database allegedly at the hands of of Chinese hackers was “classic espionage” on an unprecedented scale, a senior administration official told the New York Times.
“This was classic espionage, just on a scale we’ve never seen before from a traditional adversary,” the official said.
“And it’s not a satisfactory answer to say, ‘We found it and stopped it,’ when we should have seen it coming years ago.”
The Obama administration has been reluctant to place blame on the Chinese government for the hack, but their seems to be little doubt among experts and investigators regarding who carried out the theft.
“Unlike other actors operating from China who conduct industrial espionage, take intellectual property or steal defence technology, this group has primarily targeted information that would enable it to build a database of Americans, with a likely focus on diplomats, intelligence operatives and those with business in China,” Mike Oppenheim, the manager of threat intelligence at the cybersecurity firm FireEye, told the Times.
Obama administration officials reportedly fear that publicly blaming the breach on the Chinese government — which has vehemently denied the allegations as “irresponsible” and “unscientific” — might discourage China from working with the US to limit Iran’s nuclear program.
The Times notes that though the hackers’ targets may have changed, their ‘digital fingerprints’ have stayed the same — including a long-observed tactic of Chinese hackers to infiltrate servers and maintain their access for a year or more to quietly spy on their targets.
Hackers who infiltrated the Office of Personnel Management (OPM) had access to the agency’s security clearance computer system for over a year, giving them ample time to steal as much information as possible from OPM’s database of military and intelligence officials, the Washington Post reported on Friday.
Initial estimates put the number of people affected at around 4 million, but a government worker’s union has insisted that as many as 14 million federal employees may have had their sensitive security clearance and background information stolen in the breach.
“The average time Chinese hackers have access to a compromised system is 356 days and the longest recorded was 4 years and 10 months,” Mark Wuergler, a senior cybersecurity researcher at Immunity Inc., told Business Insider, citing research published in a 2013 Mandiant report that tracked high-profile Chinese hacking groups.
“They are really good at what they do, and when they break into something it’s not just smash and grab,” Wuergler said.
The news that hackers remained in OPM’s system for over a year follows reports that contractors in Argentina and China were given “direct access to every row of data in every database” when they were hired by the Office of Personnel Management (OPM) to manage the personnel records of federal employees.
“Undetected for nearly a year, the Chinese intruders executed a sophisticated attack that gave them ‘administrator privileges’ into the computer networks at the Office of Personnel Management, mimicking the credentials of people who run the agency’s systems,” the Times noted, based on testimony from two administration officials.
“The hackers began siphoning out a rush of data after constructing what amounted to an electronic pipeline that led back to China.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.