U.S. officials announced a significant cybersecurity breach (NYT) in which hackers broke into government computers at the Office of Personnel Management, which handles government security clearances and federal employee records. The incident could compromise data on at least four million current and former government workers (WSJ), and while it remained unclear whether the attack was related to commercial gain or espionage, officials said the hackers were believed to be based in China. Beijing called the allegations unproven and irresponsible (AP), saying it wished the United States would cease making "unverified allegations."
ANALYSIS
"A
failure to confidently attribute an attack or determine whether such activity
constituted an attack could limit U.S. response options. Such
confusion, uncertainty, and delay could weaken deterrence and the credibility of
U.S. assurances, trigger a misperception of U.S. commitment, and undermine a
U.S.-led coalition," writes Benjamin Brake in a CFR Contingency Planning
Memo.
"The
agency now has the power to search the data streams it has access to for
snippets of code and other identifying information to spot hackers
and track their activities. It is doing so by relying on one of its most
important tools: Its position atop the global Internet infrastructure," writes
Elias Groll for Foreign Policy.
"Security
researchers say that medical data and personnel records have become more valuable to cybercriminals
than credit card data. The price of stolen credit cards has fallen in online
black markets, in part because massive breaches have spiked supply," writes
Jeremy Wagstaff for Reuters.
