Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.
The federal government was hacked and experts are both frightened and unsurprised
The federal government was hacked and experts are both frightened and unsurprised
Cale Guthrie WeissmanJun 6, 2015, 00:45 IST
Yesterday afternoon the US federal agency the Office of Personnel Management admitted that its databases had been breached.What we know so far is that 4 million federal employee records were stolen in April. Initial reports pin China as a likely culprit."Since the incident was identified, OPM has partnered with the U.S. Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation to determine the impact to Federal personnel. And OPM immediately implemented additional security measures to protect the sensitive information it manages," the agency wrote in a blogpost.
What's at stake?
There are many concerning threads here. For one, the alarming amount of data stolen indicates that data processing agencies like the OPM - which stores all of the personal information of federal employees - are prime targets for this sort of cybercrime, and that these sorts of breaches will likely not cease.Even worse, however, is the fact that the OPM has been targeted before. Last summer, hackers also infiltrated the OPM's databases, targeting files of "tens of thousands of employees who have applied for top-secret security clearances," the New York Times reported.The fact that this has happened before to the same federal office has sent shock-waves through the cybersecurity community. "This is an extremely urgent situation," Chris Wysopal the CTO and CISO of Veracode told Business Insider. "And it's not going to stop"Hackers now want this kind of data and they know where to find it. He pointed to the rising occurrences of data breaches at large companies, be it Sony, Anthem Health, or Premera.The value of this sort of personal data is huge, too. Health records on the black market, said Wysopal, are worth "approximately ten times the value of a credit card."
What will happen to the data?
Now that the breach has been made public, no one knows whose hands this data will fall into. If it's a state-sponsored attack, it's unclear whether or not it will be sold on online black markets. But, as Danny Rogers from the company Terbium Labs explained, the line between politically motivated attacks and hackers hacking to sell data is now blurring. "It's hard to differentiate between these types of attacks," Rogers said.Companies like Terbium keep open tabs on what's being sold on dark web marketplaces. According to Rogers, government affiliated documents have been known to leak online. And there's no way to know the original source of this stolen data.
The government must get better
The key takeaways according to industry experts are that this isn't going to stop and the federal government needs to improve its security measures. Offices like the OPM hold a trove of personal data, and that's precisely the sort of information that both states and private cybercriminals want.The fact that the agency has been attacked twice underscores how vulnerable digital government assets are."The data is very valuable," explained Wysopal. Protecting the information can't be treated as "business as usual."
