The latest massive computer hack suggests the Chinese had it right: it may be time for the U.S. to build a great wall to protect its data and that of 320 million Americans. That’s why the U.S. secretly expanded the National Security Agency’s warrantless wiretapping program to root out hackers in 2012. But, as a rash of recent data breaches makes clear, the hackers retain the upper hand.
U.S. officials said Thursday they believe that Chinese hackers penetrated federal computer networks and plundered personal information on more than 4 million current and former U.S. workers. That makes it among the largest theft of U.S. government data in history, with federal officials warning the total could grow as their probe continues. U.S. officials said the hack appears similar to others that have been made into private companies’ networks, including data on 80 million Americans pilfered from the Anthem insurance company, suggesting a widespread Chinese effort.
The Internet, made up of millions of computers and servers, only works if they can communicate easily with one another. Every password, firewall or other internal barrier built into the system to keep hackers out pushes it closer to grinding to a halt. That’s why, just like with your money, more valuable data is more heavily guarded. While the alleged Chinese hackers apparently got basic personal information—names, addresses, Social Security numbers—they apparently didn’t get into tougher-to-access personnel files that contained sensitive information that is routinely collected during background checks.
The government used its Einstein anti-hacking system to detect the breach. The Department of Homeland Security calls it “an intrusion detection and prevention system that screens federal Internet traffic to identify potential cyber threats.”
The FBI is investigating the intrusion, which involved the federal Office of Personnel Management, responsible for overseeing the personnel records of U.S. employees. The bureau believes the attack originated in China, but either lacks, or is unwilling to share, the evidence that pinpoints the nation. Attributing the source of such attacks is difficult, and the U.S. doesn’t know if this one were carried out by the government, by some entity working for the government, or hackers independent of the government.
While U.S. officials have linked the thefts to China because of the peculiar hacking techniques and computer addresses involved, they haven’t been able to come up with a motive. The data haven’t shown up on the black market. China denied any role in the hack. “If you keep using the words ‘maybe’ or ‘perhaps’ without making a thorough study, this is irresponsible and unscientific,” Chinese Foreign Ministry spokesman Hong Lei said.
The U.S. hasn’t been reticent about blaming Beijing for cyber attacks in recent years. In addition to this latest series of attacks, Beijing also downloaded terabytes of design data on the Pentagon’s $400 billion F-35 fighter program and other weapons, U.S. officials say. They’re also alleged to have stolen additional billions in intellectual property developed by U.S. companies.
“A great deal of what China, North Korea, Iran, and the vast majority of cyber-criminals and self-proclaimed hacktivists do isn’t very sophisticated,” Stephanie O’Sullivan, the principal deputy to Director of National Intelligence James Clapper, told an April cyber-security conference. They tend to exploit vulnerabilities in computer systems for which fixes exist but haven’t been installed. “The Chinese in particular are cleaning us out because we know we’re supposed to do these simple things and yet we don’t do them,” she said. “Most Chinese cyber intrusions are through well-known vulnerabilities that could be fixed with patches already developed.”
It’s not known if the latest attack exploited such a weakness, but one thing is certain: “Good basic security habits,” says Peter W. Singer of the New America Foundation, “would stop over 90% of attacks.”
More Must-Reads from TIME
- Introducing the 2024 TIME100 Next
- Sabrina Carpenter Has Waited Her Whole Life for This
- What Lies Ahead for the Middle East
- Why It's So Hard to Quit Vaping
- Jeremy Strong on Taking a Risk With a New Film About Trump
- Our Guide to Voting in the 2024 Election
- The 10 Races That Will Determine Control of the Senate
- Column: How My Shame Became My Strength
Contact us at letters@time.com