Hackers Find Treasure Troves through Big US Data Breaches
This week, a massive compromise of US federal computer networks was brought to light and it is just the latest in a series of attacks aimed at stealing personal data, weapon plans and industrial secrets by suspected Chinese hackers from private and government computers. On Thursday, it was disclosed by the Obama Administration that the computer systems at the Office of Personnel Management had been breached because of which the records of about 4 million former and current federal employees may have been compromised. On the condition of anonymity, US officials said that they believe the hackers originate from China.
However, Beijing hasn’t been publicly blamed for US data breaches by Washington at this time as tensions are high over the territorial claims the Chinese have made in the South China Sea. Involvement has been completely denied by China. This is the second break-in at the computers of the personnel office of the federal government. The first breach had been connected to earlier thefts of personal data from hundreds of thousands of records at Anthem Inc., which is the second-largest health insurer in the US. This attack had also been said to be the work of Chinese hackers and a healthcare service provider called Premara Blue Cross.
A cybersecurity firm called Guidance Software said that Einstein, an intrusion detection system of the US government, first detected the signs of exfiltration. It said that activity had eventually been traced back to a machine that controlled by the Chinese Intelligence. According to other security firms and analysts, this is a different type of Cold War as there has been an increase in attacks on private company networks by Chinese hackers in the past three months. The most recent attack had been a breach at the US pharmaceutical group that had remained undisclosed.
This had cost the company hundreds of millions of dollars in terms of sensitive work concerning research and development. High-value data is being stolen and the attack at the pharma company had been carried out with malicious software installed with Baidu, the Chinese-language search engine. According to cyber analysts and US government officials, high-tech tactics are being implemented by Chinese hackers for building massive databases that can be used to achieve traditional espionage goals such as gaining access to secure and sensitive data on other networks or recruiting spies. The latest incident provided hackers with access to a treasure trove of personal information such as Social Security numbers, birthdates, security clearances and previous addresses.
All this data can prove to be useful for hackers as they can identify information concerning a specific target such as potential passwords for websites that can be portals to data about research data or weapon systems. Cybersecurity firms said that the hackers can learn about employees, including their vices, hobbies, habits and any skeletons they may have. This could be used for exploiting their position. They can target a huge number of people with phishing schemes or others for finding out more information that can be used for other malicious purposes.