Published on July 14th, 2015 | by admin
Red Hot Data War: Using Intelligence Against Foreign Hacking
The recent attacks on the Federal Office of Personnel Management (OPM) have taken Chinese government hacking into a new realm. This isn’t a cold war; this is a red hot data war.
The latest figures for the number of compromised OPM accounts has risen (from an original 4 million) to 22.1 million U.S. citizens, with 1.8 million of them being the spouses and partners of government workers – not government workers themselves. The latest census.gov figures for the population of the U.S. is around 321 million, so nearly 7% of the population of the United States have had their private and personal details stolen by a foreign government.
Inter country espionage is hardly new, but what is new is the method of attack and the scope of the affected.
Chinese hackers have a history of attacks against U.S. cyber and data resources. In the late 1990s, there was a movement of politically motivated hacking by Chinese citizens against websites in the U.S. and other countries like Taiwan and Japan. This resulted in DDoS attacks and website defacement as an act of defiance against foreign governments who had in some way harmed or insulted the Chinese people and government. In 1999, for example, Chinese hackers mounted a large-scale attack against the White House because the U.S. accidentally bombed the Peoples Republic of China (PRC) embassy in Serbia during the conflict. And in 2001, a cyber-war was declared on the U.S. by Chinese hacking groups in retaliation to the sale of arms to Taiwan by the Bush-led government. This was also in anger at the (again accidental) collision between a U.S. surveillance plane and a Chinese fighter pilot. The hack culminated in DDoS and defacement attacks against 100 U.S. websites. The U.S. did fight back, however, by attacking about the same number of PRC sites.
Fast forward to today. The glaring difference between those hacktivist attacks against government owned websites and the current state of Chinese hacking attacks, such as the OPM breach, is not only the scale, but also who is affected. In the early attacks it was a few government owned websites; but now, it’s against citizens and their Personal Identifying Information (PII), which can be used, as it was in the recent IRS attack, to compromise personal accounts, such as tax claims, and potentially put government agency workers at risk. Other attacks like the Anthem and Blue Cross breaches are also likely to have their origins in a foreign government sponsored attack.
The OPM attack is a massive wake up call to the U.S. administration. This is cyber war at its most effective and dangerous. Although there is no clear evidence that the Chinese government itself initiated the OPM attack, it is highly suspicious – and the security firm who analyzed the breached data are convinced it was Chinese government directed.
What is clear, though, is that the tactics of cybercrime are changing. Large datasets are now being sought out, rather than just direct attacks on financial data (although this is still pervasive, as well). This data – which is massive data, not just big data – is being aggregated on an industrial scale and sold on through the hacking community. But perhaps more worrisome is when data isn’t being sold, which often indicates that the data is instead being used for cyber espionage purposes. This is what the Washington Post and many others suspect is happening with the OPM data.
So, what can we do about this? And is this going to affect companies as well as government organizations?
The attacks on commercial organizations such as Anthem and BlueCross suggest that these types of attacks are not limited to government. It’s likely that the OPM attack was carried out by a supply chain vendor’s compromised security credentials being used to enter the OPM network. How the hackers got the credentials could be due to a spear phishing email or other social engineering tactic, which exploit our natural vulnerabilities.
Because of the grave risks associated with human behavior, it’s imperative that your company use more intelligent security tools to counter sophisticated threats. Behavioral analysis is one of the best ways to alert your organization to an impending problem, it’s also one of the few ways to control insider threats, which will likely increase in prevalence if government sponsored hacking unearths information that can be used to blackmail people within organizations.
As former under secretary of State for Arms Control and International Security, John Bolton, said when interviewed recently, we need “offensive capabilities” to combat the level of cyber threats we are dealing with today. Is your company prepared to rapidly remediate post foreign attack?