Big US Data Breaches Offer Treasure Trove for Hackers

Advertisement
By Reuters | Updated: 8 June 2015 10:06 IST
Big US Data Breaches Offer Treasure Trove for Hackers
A massive breach of US federal computer networks disclosed this week is the latest in a flood of attacks by suspected Chinese hackers aimed at grabbing personal data, industrial secrets and weapons plans from government and private computers.

The Obama administration on Thursday disclosed the breach of computer systems at the Office of Personnel Management and said the records of up to 4 million current and former federal employees may have been compromised.

US officials have said on condition of anonymity they believe the hackers are based in China, but Washington has not publicly blamed Beijing at a time when tensions are high over Chinese territorial claims in the South China Sea.

China has denied involvement.

It was the second computer break-in in less than a year at the OPM, the federal government's personnel office.

The first breach has been linked to earlier thefts of personal data from millions of records at Anthem Inc, the second largest US health insurer, an attack also blamed on Chinese hackers, and Premera Blue Cross, a healthcare services provider.

Advertisement

Guidance Software, a cyber-security firm, said the first signs of data "exfiltration" were originally detected with Einstein, a US government intrusion detection system. That activity, it said, was eventually traced back to a machine under the control of Chinese intelligence.

"It's a different form of Cold War at this point," said Rob Eggebrecht, co-founder and chief executive of Denver-based InteliSecure, a private cyber-security firm.

Advertisement

Eggebrecht said his firm had seen a spike in attacks on private company networks by Chinese actors over the past three months. The latest was a previously undisclosed breach at a US pharmaceutical group, which cost the firm hundreds of millions of dollars in sensitive research and development work.

Eggebrecht declined to identify the firm, which he said only learned of the major breach within the last 72 hours.

Advertisement

"We've seen a huge uptick in opportunistic exfiltration of high-value data," he said, adding that the attack on the pharma company involved malicious software installed together with the Chinese-language search engine Baidu.

"Dizzying rate"
Admiral James Winnefeld, vice chairman of the Joint Chiefs of Staff, told a cyber conference at West Point military academy last month that US adversaries like China and Russia were rapidly increasing their assaults on military networks.

"We're haemorrhaging information at a dizzying rate, evidenced by the uncanny similarity of some of our potential adversaries' new platforms to those we've been developing," said Winnefeld.

China has in recent years introduced two new stealth fighters that analysts say bear a striking resemblance to the F-22 and F-35 built by Lockheed Martin Corp. Lockheed redoubled security efforts focused on suppliers after a "significant and tenacious" attack on its computer networks in 2011 that was enabled by lax security at a supplier.

US senators have added $200 million in funding to their proposed fiscal 2016 budget to fund a detailed study of the cyber vulnerabilities of major weapons systems.

The move came after the Pentagon's chief weapons tester told Congress that nearly every major weapons program tested in 2014 showed "significant vulnerabilities" to cyber-attack, including misconfigured and unpatched software.

US government officials and cyber analysts say Chinese hackers are using high-tech tactics to build massive databases that could be used for traditional espionage goals, such as recruiting spies, or gaining access to secure data on other networks.

The latest incident gives hackers access to a treasure trove of personal information, including birth dates, Social Security numbers, previous addresses, and security clearances.

All that data could help hackers identify information about specific targets, including potential passwords for websites that may be portals to information about weapons systems or other research data.

"They can dig down into that data and learn more about the individuals, what their hobbies are, what their vices are, what skeletons they have in their closet," said Babak Pasdar, president and chief executive of Bat Blue Network, a cyber-security firm.

He said he was involved in a recent case in which hackers gained access to private data of a website administrator by finding passwords on a public website linked to the person's hobby.

"This empowers the malevolent cyber actor to target a huge number of people with phishing and other schemes to reel in information," said one US defence official. "The more targets you have, the more likely you are to score."

© Thomson Reuters 2015

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Vivo X200 FE Global Launch Confirmed; Design Teased
  2. Poco F7 Launch Date, Price in India, Design and Key Features Leaked Online
  3. Vivo Y400 Pro 5G India Launch Date Confirmed; Design Revealed
  4. OnePlus Nord 5 Series, OnePlus Buds 4 to Launch in India on This Date
  5. Hisense U7Q Mini-LED TV Launched in India With These Features
  6. Oppo Reno 14 5G Series, Watch X2 Mini, Enco Buds 3, Pad SE to Launch Globally
  7. Oppo K13x 5G India Launch Date, Price Range and Key Features Revealed
  8. Vivo T4 Lite 5G to Launch in India Soon; Battery Capacity Revealed
  1. Bitget Partners UNICEF Unit to Expand Blockchain Training Across India, Other Countries 
  2. WhatsApp Reportedly Working on Ability to Scan Documents on Android Smartphones
  3. ElevenLabs Expands Eleven V3 Text-to-Speech Model With Support for 41 New Languages
  4. Vivo T4 Lite 5G India Launch Confirmed; Battery Capacity, Price Range Teased
  5. TikTok Pushes Deeper Into AI-Generated Video Ads With New Tools
  6. Apple Risks Fresh EU Charge Sheet Over App Store Curbs
  7. The Witcher 4 Will Target 60 FPS on Consoles, but Series S Will Be 'Extremely Challenging' Says CD Projekt Red
  8. Oppo Reno 14 5G Series Global Launch Teased Alongside Watch X2 Mini, Enco Buds 3 and Pad SE
  9. Microsoft Begins Testing AI Agents in Windows 11, Brings Option to Share Recall Snapshots in Europe
  10. watchOS 26 to Bring Control Center Customisation Options with User-Defined Toggles
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.