Four million U.S. government workers hit by cyber breach. The information was revealed this Friday, June 5 by Washington. According to the Cybersecurity expert advising U.S. government this vast cyber-attack against the federal government appears designed to build a vast database in what could be preparation for future attacks by China against U.S.
The breach was initially thought to have affected the Office of Personnel Management and the Department of Interior, but government officials said hackers hit nearly every federal government agency. An assessment continues, and it is possible millions more government employees may be affected. The stolen information included Social Security numbers and performance evaluations.
The detection of this “cyber-intrusion” dated April, but according to information obtained by the Washington Post to officials, who requested anonymity, the operation would have been fomented in December, just when the personnel management office was putting in place new safety procedures.
Failure to update software behind federal data breach…
The cybersecurity experts added that some government agencies have not been following the government’s own best practices for cybersecurity, such as updating operating systems with latest protections.
Security researchers have pointed to a cyber tool or family of malicious software called Derusbi that has been linked exclusively to Chinese actors.
Chinese Cyber espionage…
According to Analysts and Experts , other Chinese entities, including the military,may also be involved in the campaign, Chinese government hackers “are like a vacuum cleaner” in sucking up information electronically, “They’re becoming much more sophisticated in tying it all together. And they’re trying to harm us.”
China dismissed the allegation of hacking as “irresponsible and unscientific.” Chinese Foreign Ministry spokesman Hong Lei said Beijing wanted to cooperate with other nations to build a peaceful and secure cyberspace : “We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation,”.
The big-data approach being taken by the Chinese might seem to mirror techniques used abroad by the NSA, which has come under scrutiny for its data-gathering practices under executive authority. But in China, the authorities do not tolerate public debate over the proper limits of large-scale spying in the digital age.
EINSTEIN Detection System…
Employees of the legislative and judicial branches and uniformed military personnel were not affected.
The federal personnel office learned of the data breach after it began to toughen its cybersecurity defense system. When it discovered malicious activity, authorities used a detection system called EINSTEIN to unearth the information breach in April, the Department of Homeland Security said. A month later, the federal agency learned sensitive data had been compromised.The FBI is investigating what led to the breach.
src: cnn, washingtonpost