China's hackers stole files on 4 MEELLION US govt staff? Bu shi, says China

Maybe Uncle Sam should fix its own security first

China is fending off accusations it was behind the theft of personal dossiers on four million US government workers – some of whom had applied for or were granted security clearances.

China's foreign ministry spokesman Hong Lei told NBC News: "We hope the United States could discard this kind of suspicion and stop groundless accusations."

On Thursday, the US Office of Personnel Management (OPM) confirmed that hackers broke into its servers. A data center in Denver was compromised, we're told, which resulted in the loss of personal information on four million current and former employees; the records could date back as far as 1985.

Anonymous US officials, talking to Bloomberg, believe that the attack came from within China, and was intended to gather sensitive information on well-placed staff for blackmail and bribery purposes. That intelligence could include interviews with the friends and families of government workers who had applied for security clearances, we're told.

And, of course, an audit of the office's network should have set off alarm bells

Perhaps Uncle Sam should get a grip on its network security before pointing the finger of blame at other countries: an audit [PDF] carried out in November last year noted that the "OPM does not maintain a comprehensive inventory of servers, databases, and network devices."

"You can't defend yourselves well if you don't know what systems you have and where your data is," Richard Bejtlich of infosec biz FireEye, bluntly told the Washington Post this afternoon.

The Office of Personnel Management was not running "mature vulnerability scanning" software, or at least none the auditors could find. However, even if it was, that may not have helped: according to the FBI, whoever infiltrated the OPM exploited a zero-day flaw to get into the network. That zero-day could have helped the hackers tiptoe around the US government's intrusion-detection system dubbed EINSTEIN 3 [PDF].

The OPM canceled an IT "modernization [plan] plagued by management weaknesses" in 2013. The office was found by auditors to be hooked up to the systems of 400 federal agencies, and relied on old COBOL code in places – a complete mess, in other words.

The OPM said it would be notifying those whose data was accessed, via e-mail or postal mail next week. The agency is offering 18 months of identity-theft protection and credit monitoring services for those who have had their personal details lifted.

The cyber-break-in was first noticed when the agency was in the middle of updating its IT security systems. The agency did not say when the attack is believed to have occurred.

The FBI is investigating the intrusion, though even if the attacks can be traced back to China, officials may not be able to prove the attacker was physically located in China (rather than running traffic through a proxy) and was working with the backing of the Chinese government. ®

Similar topics

Other stories you might like

  • UK Home Secretary delays Autonomy founder extradition decision to mid-December

    Could be a Christmas surprise in store from Priti Patel

    Autonomy Trial Autonomy founder Mike Lynch's pending extradition to the US has been kicked into the long grass again by the UK Home Office.

    Lynch is wanted in the US to stand trial on 17 charges of fraud and false accounting. He is alleged to have defrauded Hewlett Packard investors over the sale of British software firm Autonomy in 2011.

    Continue reading
  • Want to buy your own piece of the Pi? No 'urgency' says Upton of the listing rumours

    A British success story... what happens next?

    Industry talk is continuing to circulate regarding a possible public listing of the UK makers of the diminutive Raspberry Pi computer.

    Over the weekend, The Telegraph reported that a spring listing could be in the offing, with a valuation of more than £370m.

    Pi boss, Eben Upton, described the newspaper's article as "interesting" in an email to The Register today, before repeating that "we're always looking at ways to fund the future growth of the business, but the $45m we raised in September has taken some of the urgency out of that."

    Continue reading
  • All change at JetBrains: Remote development now, new IDE previewed

    Security, collaboration, flexible working: Fleet does it all apparently

    JetBrains has introduced remote development for its range of IDEs as well as previewing a new IDE called Fleet, which will form the basis for fresh tools covering all major programming languages.

    JetBrains has a core IDE used for the IntelliJ IDEA Java tool as well other IDEs such as Android Studio, the official programming environment for Google Android, PyCharm for Python, Rider for C#, and so on. The IDEs run on the Java virtual machine (JVM) and are coded using Java and Kotlin, the latter being primarily a JVM language but with options for compiling to JavaScript or native code.

    Fleet is "both an IDE and a lightweight code editor," said the company in its product announcement, suggesting perhaps that it is feeling some pressure from the success of Microsoft's Visual Studio Code, which is an extensible code editor. Initial language support is for Java, Kotlin, Go, Python, Rust, and JavaScript, though other languages such as C# will follow. Again like VS Code, Fleet can run on a local machine or on a remote server. The new IDE uses technology developed for IntelliJ such as its code-processing engine for features such as code completion and refactoring.

    Continue reading

Biting the hand that feeds IT © 1998–2021