Editing Office of Personnel Management data breach (2015)

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
''[This page is under construction. Sources to include: [https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach Office of Personnel Management data breach]]''
{| class="wikitable"
! scope="row"|Date
| The exact date of the breach into Office of Personnel Management servers is unknown. Nevertheless, malware had been residing in the servers since at least 2012 and the earliest known malicious activity so far disclosed dates back to November 2013. The gravest part of the attack – an exfiltration of background investigation and personal data – was carried out between June 2014 and March 2015. The attack was not completely blocked until 30 June 2015.<ref>[https://archive.org/stream/ReportFromTheCommitteeOnOversightAndGovernmentReformOnTheOPMBreach/Report%20from%20the%20Committee%20on%20Oversight%20and%20Government%20Reform%20on%20the%20OPM%20Breach_djvu.txt “Report from the Committee on Oversight and Government Reform on the OPM Breach”] (September 7, 2016), Committee on Oversight and Government Reform, U.S. House of Representatives.</ref>
! scope="row"|Suspected actor
|Unknown state-sponsored group working for the Chinese government.<ref>Josh Fruhlinger, [https://www.csoonline.com/article/3318238/the-opm-hack-explained-bad-security-practices-meet-chinas-captain-america.html “The OPM hack explained: Bad security practices meet China's Captain America”] (November 6, 2018), CSO.</ref><ref>Ian Smith, [https://www.fedsmith.com/2018/09/21/bolton-confirms-china-behind-opm-data-breaches/ “Bolton Confirms China was Behind OPM Data Breaches”] (September 21, 2018), FedSmith.com.</ref>
! scope="row"|Target
|United States Office of Personnel Management
! scope="row"|Target systems
! scope="row"|Method
|It is not entirely clear how attackers gained access to OPM's networks. In the first phase, an attacker (A1) used a domain registered in the OPM server and exfiltrated IT system architecture and manuals. OPM found out about A1’s malicious activity and began to monitor it. Later, another separate attack was carried out by an attacker (A2) associated with A1 who posed as a background investigations contractor - KeyPoint - and, using an OPM credential, remotely accessed OPM’s network and installed PlugX malware to create a backdoor. On 27 May 2014 the OPM shut down its compromised systems in an effort to avoid more severe breaches by A1. While the OPM successfully expelled A1, A2, thanks to the backdoor, preserved its presence on the OPM network and later moved through the OPM environment to the U.S. Department of Interior data center where OPM personnel records were stored. The data exfiltration continued undiscovered until April 2015, when an OPM contractor working on IT security detected suspicious activity on the OPM network.
! scope="row"|Purpose
|Unclear. The attack was seen as an effort to gain valuable information about U.S. agencies and their employees as a part of an espionage campaign.<ref>Tom Risen, Staff Writer, [https://www.usnews.com/news/articles/2015/06/05/china-suspected-in-theft-of-federal-employee-records “China Suspected in Theft of Federal Employee Records”] (June 5, 2015), US News.</ref> The personal data of the U.S. employees could be also used for financial gain. Actually, some employees affected by the hack have claimed that they have been subjected to fraudulent credit charges, tax filings and other instances of identity theft that could credibly trace back to the OPM breaches.<ref>Eric Katz, [https://www.govexec.com/pay-benefits/2019/06/feds-suing-opm-score-early-win-lawsuit-over-data-hacks/157970/ “Federal Employees Suing OPM Score Win in Lawsuit Over Data Hacks”] (June 24, 2019), Government Executive.</ref>
! scope="row"|Result
|Sensitive information of 21.5 million individuals - applicants for security clearances and their relatives - was stolen from the background investigation databases, including approximately 5.6 million fingerprints. Moreover, OPM discovered that personnel data such as the name, birth date, home address and Social Security Numbers of 4.2 million current and former Federal government employees had been stolen.<ref>[https://www.opm.gov/cybersecurity/cybersecurity-incidents/ “CYBERSECURITY INCIDENTS“], Office of Personnel Management. </ref>
! scope="row"|Aftermath
|OPM Director Katherine Archuleta as well as OPM chief information officer Donna Seymour resigned.<ref>[https://archive.org/stream/ReportFromTheCommitteeOnOversightAndGovernmentReformOnTheOPMBreach/Report%20from%20the%20Committee%20on%20Oversight%20and%20Government%20Reform%20on%20the%20OPM%20Breach_djvu.txt “Report from the Committee on Oversight and Government Reform on the OPM Breach”] (September 7, 2016), Committee on Oversight and Government Reform, U.S. House of Representatives.</ref> Furthermore, two federal employee unions and several individuals sued OPM and KeyPoint for a violation of a constitutional right to informational privacy. The trial is still ongoing but so far the courts have found that this constitutional right had not been violated.<ref>Amelia Brust, David Thornton, [https://federalnewsnetwork.com/opm-cyber-breach/2019/06/appeals-court-rules-opm-data-breach-left-people-vulnerable-to-harm/ “Appeals court rules OPM data breach left people vulnerable to harm”] (June 27, 2019), Federal News Network.</ref>
Even though the Obama administration decided not to blame China for the massive breach in 2015,<ref>Ellen Nakashima, [https://www.washingtonpost.com/world/national-security/us-avoids-blaming-china-in-data-theft-seen-as-fair-game-in-espionage/2015/07/21/03779096-2eee-11e5-8353-1215475949f4_story.html “U.S. decides against publicly blaming China for data hack”] (July 21, 2015), The Washington Post. </ref> there was a strong belief that China was responsible for the attack. Chinese officials denied all the accusations, calling them irresponsible and unscientific.<ref>Dominic Rushe, [https://www.theguardian.com/technology/2015/jun/04/us-government-massive-data-breach-employee-records-security-clearances “OPM hack: China blamed for massive breach of US government data”] (June 5, 2015), The Guardian.</ref> Later in 2017, President-elect Donald Trump said China was behind the massive breach.<ref>Michael D. Shear, David E. Sanger, [https://www.nytimes.com/2017/01/06/us/politics/donald-trump-wall-hack-russia.html?_r=0 “Putin Led a Complex Cyberattack Scheme to Aid Trump, Report Finds”] (January 6, 2017), The New York Times</ref> The same statement came also from John Bolton, White House National Security Adviser.<ref>Ian Smith, [https://www.fedsmith.com/2018/09/21/bolton-confirms-china-behind-opm-data-breaches/ “Bolton Confirms China was Behind OPM Data Breaches”] (September 21, 2018), FedSmith.com. </ref> Finally, it is worth noting that a Chinese national was arrested by FBI after being accused of conspiring with others to use Sakuta, a malware deployed in the OPM breach. <ref>Joseph Menn, [https://www.reuters.com/article/us-usa-cyber-opm/chinese-national-arrested-in-los-angeles-on-u-s-hacking-charge-idUSKCN1B42RM “Chinese national arrested in Los Angeles on U.S. hacking charge”] (August 25, 2017), Reuters.</ref>
! scope="row"|Analysed in
|[[Scenario 02: Cyber espionage against government departments]]
Collected by: [[People|Adam Botek]]
Please note that all contributions to International cyber law: interactive toolkit are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) (see International cyber law: interactive toolkit:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!
Cancel Editing help (opens in new window)