The latest massive computer hack suggests the Chinese had it right: it may be time for the U.S. to build a great wall to protect its data and that of 320 million Americans. That’s why the U.S. secretly expanded the National Security Agency’s warrantless wiretapping program to root out hackers in 2012. But, as a rash of recent data breaches makes clear, the hackers retain the upper hand.
U.S. officials said Thursday they believe that Chinese hackers penetrated federal computer networks and plundered personal information on more than 4 million current and former U.S. workers. That makes it among the largest theft of U.S. government data in history, with federal officials warning the total could grow as their probe continues. U.S. officials said the hack appears similar to others that have been made into private companies’ networks, including data on 80 million Americans pilfered from the Anthem insurance company, suggesting a widespread Chinese effort.
The Internet, made up of millions of computers and servers, only works if they can communicate easily with one another. Every password, firewall or other internal barrier built into the system to keep hackers out pushes it closer to grinding to a halt. That’s why, just like with your money, more valuable data is more heavily guarded. While the alleged Chinese hackers apparently got basic personal information—names, addresses, Social Security numbers—they apparently didn’t get into tougher-to-access personnel files that contained sensitive information that is routinely collected during background checks.
The government used its Einstein anti-hacking system to detect the breach. The Department of Homeland Security calls it “an intrusion detection and prevention system that screens federal Internet traffic to identify potential cyber threats.”
The FBI is investigating the intrusion, which involved the federal Office of Personnel Management, responsible for overseeing the personnel records of U.S. employees. The bureau believes the attack originated in China, but either lacks, or is unwilling to share, the evidence that pinpoints the nation. Attributing the source of such attacks is difficult, and the U.S. doesn’t know if this one were carried out by the government, by some entity working for the government, or hackers independent of the government.
While U.S. officials have linked the thefts to China because of the peculiar hacking techniques and computer addresses involved, they haven’t been able to come up with a motive. The data haven’t shown up on the black market. China denied any role in the hack. “If you keep using the words ‘maybe’ or ‘perhaps’ without making a thorough study, this is irresponsible and unscientific,” Chinese Foreign Ministry spokesman Hong Lei said.
The U.S. hasn’t been reticent about blaming Beijing for cyber attacks in recent years. In addition to this latest series of attacks, Beijing also downloaded terabytes of design data on the Pentagon’s $400 billion F-35 fighter program and other weapons, U.S. officials say. They’re also alleged to have stolen additional billions in intellectual property developed by U.S. companies.
“A great deal of what China, North Korea, Iran, and the vast majority of cyber-criminals and self-proclaimed hacktivists do isn’t very sophisticated,” Stephanie O’Sullivan, the principal deputy to Director of National Intelligence James Clapper, told an April cyber-security conference. They tend to exploit vulnerabilities in computer systems for which fixes exist but haven’t been installed. “The Chinese in particular are cleaning us out because we know we’re supposed to do these simple things and yet we don’t do them,” she said. “Most Chinese cyber intrusions are through well-known vulnerabilities that could be fixed with patches already developed.”
It’s not known if the latest attack exploited such a weakness, but one thing is certain: “Good basic security habits,” says Peter W. Singer of the New America Foundation, “would stop over 90% of attacks.”