The massive hack that may have stolen the personal information of four million federal employees appears designed to build a vast database in what could be preparation for future attacks by China against the U.S., cybersecurity experts advising the government told CNN Friday afternoon.
Law enforcement officials also said Friday that the hack appears to have been carried out by the same Chinese hackers who attacked Anthem Insurance earlier this year, in which information on tens of millions of customers was stolen.
U.S. officials believe the breach, which was revealed Thursday and affected current and former federal workers from nearly every government agency, could be the biggest ever of the government’s computer networks.
“The extent of personal data stolen makes this attack an order of magnitude greater than any we have seen of its kind in the past,” said California Democratic Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee who was briefed on the attack.
China has called the allegation that it was behind the attack irresponsible. But the experts said that the goal behind the attack is to build a database of federal employees — using the stolen personal information to fool and impersonate government workers — to set up future “insider” attacks. By revealing who has security clearances and at what level, the Chinese may now be able to identify, expose and blackmail U.S. government officials around the world, the experts added.
The connection between the hacking attack and the Anthem incident was first reported by The New York Times.
The cybersecurity experts added that some government agencies have not been following the government’s own best practices for cybersecurity, such as updating operating systems with latest protections.
The Office of Personnel Management, which is conducting background checks, warned it was urging potential victims to monitor their financial statements and get new credit reports.
Federal employees lash out
Some federal employees took to Facebook to express their displeasure.
“Unreal, I don’t have enough money as it is,” Facebook user Shari Saeler posted on the Office of Personnel Management’s page. “Now I have to worry about someone stealing it!”
Retiree Linda Eleanor Rigby Robbins posted she didn’t know if she was affected.
“I do not understand why I heard this on the news instead of via letter or email from OPM,” she wrote.
George Thomas, who works as an analyst at the Smithsonian Institute, said he felt his employer had done its job in trying to keep his personal information safe. But Thomas also said that in the fast-changing world of technology, it can be difficult for employers to stay ahead of hackers and information breaches.
“It’s an uphill battle,” Thomas said.
The breach was initially thought to have affected the Office of Personnel Management and the Department of Interior, but government officials said hackers hit nearly every federal government agency.
An assessment continues, and it is possible millions more government employees may be affected.
U.S. investigators: We believe this was China’s work
U.S. investigators believe they can trace the breach to the Chinese government. The Chinese Foreign Ministry neither confirmed nor denied its involvement in the hack, simply pointing out it too has been a victim of cyberattacks in the past.
“China itself is also a victim of cyberattacks,” Chinese Foreign Ministry spokesman Hong Lei said Friday in Beijing. “China resolutely tackles cyberattack activities in all forms.”
He added that China would like to have more global cooperation “to build a peaceful and safe, open and collaborative cyberspace.”
And he also called on the United States not to make groundless accusations about China’s involvement “but instead add more trust and cooperating in this field.”
A spokesman from the Chinese Embassy in Washington late Thursday objected to allegations that the Chinese government may be behind the massive hack.
“Cyberattacks conducted across countries are hard to track, and therefore the source of attacks is difficult to identify. Jumping to conclusions and making (a) hypothetical accusation is not responsible and counterproductive,” Zhu Haiquan said.
EINSTEIN detection system
Employees of the legislative and judicial branches and uniformed military personnel were not affected.
There are 2.7 million federal executive branch employees. It’s unclear whether the breach affected all of them, along with former employees, or only a portion of them.
The federal personnel office learned of the data breach after it began to toughen its cybersecurity defense system. When it discovered malicious activity, authorities used a detection system called EINSTEIN to unearth the information breach in April, the Department of Homeland Security said.
A month later, the federal agency learned sensitive data had been compromised.
The FBI is investigating what led to the breach.
“We take all potential threats to public and private sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” the FBI said in a statement.
The federal personnel office said “personally identifiable information” had been breached, though the office didn’t name who might be responsible.
Senator: The breach is ‘disturbing’
Senate Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wisconsin, called the breach “disturbing” and said the Office of Personnel Management needs to do a better job securing its information.
“It is disturbing to learn that hackers could have sensitive personal information on a huge number of current and former federal employees — and, if media reports are correct, that information could be in the hands of China,” Johnson said in a statement. “(The office) says it ‘has undertaken an aggressive effort to update its cybersecurity posture.’ Plainly, it must do a better job, especially given the sensitive nature of the information it holds.”
U.S. Rep. Adam Schiff of California, the top Democrat on the House Intelligence Committee, said hackers are one of the “greatest challenges we face on a daily bases.”
“It’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue,” Schiff said in a statement. “That’s why the House moved forward on cybersecurity legislation earlier this year, and it’s my hope that this latest incident will spur the Senate to action.”
And former Arkansas governor and 2016 Republican presidential hopeful Mike Huckabee blasted the Obama administration in a statement over what he felt were inadequate precautions taken to protect the personal data of millions of federal workers.
“What will it take for the White House to do its job? What will it take for the Obama administration to wake up and defend America?” he asked. “The lack of common sense in this White House is beyond breathtaking.”
At a press briefing earlier Friday, White House Press Secretary Josh Earnest, citing the ongoing investigation, declined to discuss specific details about the attack. But he blamed Congress for not doing enough to pass laws that would enhance cybersecurity.
“We need the United States Congress to come out of the Dark Ages and actually join us here in the 21st century to make sure that we have the kinds of defenses that are necessary to protect a modern computer system,” he said.