Saturday, June 6, 2015

U.S. Government Suffers Cybersecurity Breach

Via Council on Foreign Relations
U.S. officials announced a significant cybersecurity breach (NYT) in which hackers broke into government computers at the Office of Personnel Management, which handles government security clearances and federal employee records. The incident could compromise data on at least four million current and former government workers (WSJ), and while it remained unclear whether the attack was related to commercial gain or espionage, officials said the hackers were believed to be based in China. Beijing called the allegations unproven and irresponsible (AP), saying it wished the United States would cease making "unverified allegations." 
"A failure to confidently attribute an attack or determine whether such activity constituted an attack could limit U.S. response options. Such confusion, uncertainty, and delay could weaken deterrence and the credibility of U.S. assurances, trigger a misperception of U.S. commitment, and undermine a U.S.-led coalition," writes Benjamin Brake in a CFR Contingency Planning Memo.
"The agency now has the power to search the data streams it has access to for snippets of code and other identifying information to spot hackers and track their activities. It is doing so by relying on one of its most important tools: Its position atop the global Internet infrastructure," writes Elias Groll for Foreign Policy.
"Security researchers say that medical data and personnel records have become more valuable to cybercriminals than credit card data. The price of stolen credit cards has fallen in online black markets, in part because massive breaches have spiked supply," writes Jeremy Wagstaff for Reuters.