The United States government is a hacker’s paradise.
The Obama administration announced last week that hackers had stolen the personal information of more than four million past and present federal employees from the Office of Personnel Management. Analysts estimate that the data breach might affect roughly one percent of all Americans; it has already been described by the New York Times as the largest breach of federal data in history.
The Times report comes after a particularly embarrassing few months for the U.S. government’s cybersecurity posture: In October of 2014, Russian hackers breached unclassified White House computer networks, before moving on to the State Department. The recent China attacks, though unrelated, add insult to injury: The New York Times reports that the OPM issued a memo in November (in the midst of the holiday hack-a-rama) that called the agency’s computer security systems a “Chinese hacker’s dream” and begged officials to patch the problems. But it turned out they were warning of vulnerabilities that had already been compromised; the Times reports that Chinese hackers had already stolen tens of thousands of files on security clearances and were actually preparing for last week’s breach.
“Hackers in China apparently figured [the vulnerabilities] out months before the report was published,” the Times reports. In the summer of 2014, government officials had detected a breach specifically targeting the agency’s clearance records. While minimally protected, those records contain information that could easily allow hackers to access “email or other accounts belonging to those entrusted with the nation’s secrets,” according to the Times. Still, the OPM vulnerabilities went unfixed.
Picture: SimonOx (flickr.com) [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)%5D, via Wikimedia Commons