After The Breaches: The Even Worse News About The Chinese Hacks

For the past year, newspaper headlines have screamed about major data breaches at big retailers (Target), huge health insurers (Anthem), and big government (the United States’ Internal Revenue Service, also the massive breach of employee records at the Office of Personnel Management, OPM).

Note:  there may be more press coverage of hacks in the United States. But security experts are adamant that there is plenty of hacking of information in the United Kingdom, Australia, Germany, and throughout much of the developed world. No networked nation is safe. If information is online, it has people trying to steal it.

The question has to be asked:  what are hackers hunting for? Some hacks seem to be oldfashioned credit info gathering operations (Target, for instance). But many others – including several recent ones – seem to have other, more mysterious motivations.

The OPM breach, for instance, may have involved theft of data on an untold number of present, past, and prospective government employees who underwent background checks for the purpose of gaining a security clearance.

Know this:  the process of gaining security clearance is both highly personal and intrusive.  Neighbors and relatives are interviewed along with co-workers.  Financial records are sifted.  Polygraphs may be administered. Blood may be checked for drugs.  The list goes on.  Exactly that info was apparently targeted, and stolen, at OPM.

Another four million federal employees also apparently had at least some of their data stolen in the OPM breach.

What possible value could that information have to a hacker?  Plenty.  Think blackmail and extortion.  But it could go well beyond that.  Rich personal data are fuel for what security experts call spear-phishing, which is a highly targeted attempt to pry information from a specific individual (as opposed to phishing which is a kind of mass mailing).

Know a lot about a target, and also about important people in the target’s life, and it is easy to craft a spear-phish that will frequently prod the individual into giving up valuable information.

John Worrall, chief marketing officer at security firm CyberArk, explained:  “By gaining personal information, attackers can conduct fine-tuned phishing attacks aimed at specific employees within an organization – usually IT or Sys Admins with privileged and administrative access.”  Get a system administrator’s credentials and that computer network is toast.

That raises the other question:  Who is behind the OPM breach?  Experts increasingly believe the OPM breach is the work of hackers with some affiliation with the Chinese government.

It has to be said, we don’t know the Chinese are the culprits, but “a lot of evidence points at them,” said Dustin Ormond, an assistant professor of business intelligence at Creighton University in Nebraska.

“It is very difficult to do attribution,” said Stephen Pao, GM of security at Barracuda, a data protection company. Good hackers, he explained, are clever about disguising their trail and they also are known to leave false clues (such as stray bits of Arabic or Russian, even when the hacker actually is from the opposing side).

But, still, most fingers now point at the Chinese for the OPM hack and probably also the hacks at big health insurers where, in some cases, even the medical records of millions were apparently stolen.

But why? Ormond added: “We honestly don’t know what the Chinese are interested in with this information, assuming it is them.”

But he speculated that there are many possibilities. They may, for instance, be gearing up for a bigger attack designed to cripple critical national computing infrastructures.

They may also be selectively deleting information about certain individuals, said Ormond. Imagine there is a Chinese agent under investigation in the US. And what if key files about him/her vanished?

The Chinese also are known to have invested heavily in developing data analytical skills, the key to making use of massive data hauls.  They now are believed to have the knowhow to data mine, to assemble pinpointed dossiers on individuals and institutions.

To what end? That’s the puzzle. The Eastern Europeans seem interested only in money. But the Chinese interest remains enigmatic.

And that has to be keeping us up at night.

Leave a Comment