In the Media: Chinese Hackers Breach Data Systems in the US Government’s Personnel Office

Ellen Nakashima at The Washington Post described a recent data breach at the federal government’s Office of Personnel Management by Chinese hackers. This was a significant breach of personal data and was discovered after the OPM implemented security tools and protocols designed to find such breaches.

Over recent years, China has aggressively targeted the U.S. and other western government networks in attempts to gain advantage through any means necessary. Chinese hackers have also targeted large corporations, searching for sensitive data and intellectual property. Compromised personal data can be used to not only target individuals, but may also allow hackers to phish those individuals for additional access to other sensitive systems.

The frequency and impact of attacks like this one have been increasing in recent years.

Optio Labs Insight: To me, this is one symptom from a larger trend that has emerged over the last ten years – cyber crime is increasingly commoditized. When you hear ‘hacker’, most of us still envision a lone wolf maliciously banging on the dirty keyboard, while the modern reality is that your truly significant threats are coming from places that look like all IT factories – a team of engineers shows up around 8, goofs off around 12, and sneaks out the door a few minutes early so they can cash their paycheck and get onto the weekend. Sometimes these teams are paid by governments, or even “corporations,” that turn a profit by selling the malware toolkit. Combine this with another truth – it’s not the number of threats detected/avoided that matter, but the impact of each threat. If a single threat with a high impact succeeds (like this one) then your organization is in trouble on multiple angles e.g. PR issues, legal effects, maintaining existing customers, engineering work halting as disaster recovery kicks in, etc.

The remediation path is including organizational security into the business model and into any business software from day one. Security remains an add-on option in many existing software toolkits, and commonly it’s quite hard to correctly enable security features. While technically challenging, the security model of the future is based around software that is secure-by-default with options that “just work” while still allowing the advanced IT admin to configure as needed. Business intelligence for security is also a valuable improvement – technology to detect and remediate threats is undergoing something of an evolution as machine learning is being incorporated into existing technologies such as IDS and detecting entire categories and patterns of bad behavior. I see a growing field of “smart security” that Optio is in the middle of with our OptioGrizzly product, where we provide the technical know-how to turn a stream of data into actionable results using best-in-class software and algorithms.

Read the full article.

By Hamilton Turner, Optio Labs Director of Malware Research

Share this blog