China joins the mass data breach party: lessons to learn from the OPM

China joins the mass data breach party: lessons to learn from the OPM

The massive data breach of federal employee information at the OPM could mark a significant moment in the evolution of the threat landscape

Related topics
Data
Data breach
Security

Related articles

Why nation-state cyber warfare should be keeping you up at night

Google to warn GMail users of state-sponsored attacks

Google to warn GMail users of state-sponsored attacks

Governments and businesses must act now on the Internet of Things, warns Accenture

Share article

 49  0  0  10 googleplus0

Short of time?

Print this pageEmail article

‘The Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible’

If the intelligence coming through is correct, and a nation state is behind the cyber attack at the US Office of Personnel Management (OPM), then IT leaders have yet another problem to worry about.

State-sponsored hackers are not just after select pieces of geopolitically advantageous intel – they’re prepared to lift millions of records at a time from organisations to get what they’re looking for.

But what are they looking for? And how do we stop them?

Even in an industry where ‘major inflection points’ seem to come along every few months, the OPM attack is a big deal. Originally thought to have compromised the personal details of only around four million US government employees, that number may now have risen to as many as 14 million.

>See also: Why nation-state cyber warfare should be keeping you up at night

More importantly, the breach is now said to have compromised highly sensitive data on staff applying for security clearance roles in military or intelligence positions. This data could include whether an individual has a criminal record, any history of alcohol or drug abuse, filed for bankruptcy and so on, according to reports.

This is information that a foreign state would find hugely valuable. It could be used for blackmail, coercion and even for possible recruitment of spies. And let’s not forget that the wealth of personal information contained in these employee records can also be used to make follow-up spear phishing attacks even more sophisticated and hard to spot.

A chequered past

This isn’t the first time something like this has happened. In fact, an intrusion into the OPM was traced to China last year but the department seems not to have heeded an Office of the Inspector General report soon after criticising “significant” deficiencies in its security. A watchdog has now said the OPM underinvested in security for a decade. This should be a warning to organisations everywhere – you get the security you pay for.

There are also signs that the recent Anthem breach of 80 million health records, the Premera Blue Cross incident exposing 11 million customers, and an attack on Carefirst Blue Cross (1.1 million) were linked to each other and China.

We’ll probably never find out if it was a government-sanctioned mission. But so far some reports seem to suggest that this data isn’t finding its way onto the darknet, which would be a typical move if it were nabbed by cybercriminal gangs.

So what can we learn from this? IT leaders should already be on high alert about the major data theft threat posed by cybercrime gangs – and the huge resulting clean-up and legal costs, regulatory fines, and damage to brand and shareholder value.

Knowing this threat has expanded to nation-state operatives should serve as a timely reminder to get security strategies in order, especially for government contractors.

On the plus side, best practice security to mitigate the effects of an attack shouldn’t change, whether the attacker is a criminal gang or an army hacking unit.

Aim to secure systems at every step of the cyber “kill chain”, starting with human resources. Invest in education and awareness training, so more staff can spot those all-important spear-phishing emails, and react quickly to an incident.

Then look at intelligence gathering to see if you’ve become a target. After that, it’s all about good security housekeeping, including keeping up-to-date with patches to ensure software vulnerabilities can’t be exploited. Guidelines like those produced by NIST and GCHQ are there for a reason, so follow them.

It’s also important to classify and label data and apply policies accordingly – segregating if necessary according to sensitivity.

>See also: Governments and businesses must act now on the Internet of Things, warns Accenture

Some highly sensitive data may need to be kept in air-gapped data stores. Delete anything that’s no longer useful or relevant. You’ll also need to authenticate access to this data strictly, along the principle of least privilege, and put a full audit trail behind it. It can also be useful to run breach ‘war games’ from time to time to check incident response plans are working.

No business is safe from a determined attacker, but what the OPM consistently failed to do was make suitable efforts to manage the risk of a serious breach. It’s a cautionary tale we would all do well to learn from. One thing’s for certain: the Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible.

Sourced from Bharat Mistry, Trend Micro

– See more at: http://www.information-age.com/technology/security/123459678/china-joins-mass-data-breach-party-lessons-learn-opm#sthash.rz3O942H.dpuf

The massive data breach of federal employee information at the OPM could mark a significant moment in the evolution of the threat landscape

‘The Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible’

If the intelligence coming through is correct, and a nation state is behind the cyber attack at the US Office of Personnel Management (OPM), then IT leaders have yet another problem to worry about.

State-sponsored hackers are not just after select pieces of geopolitically advantageous intel – they’re prepared to lift millions of records at a time from organisations to get what they’re looking for.

But what are they looking for? And how do we stop them?

Even in an industry where ‘major inflection points’ seem to come along every few months, the OPM attack is a big deal. Originally thought to have compromised the personal details of only around four million US government employees, that number may now have risen to as many as 14 million. Continue reading

Parallels of History: "the end of war is nigh"

Monday, November 26, 2012

clip_image002While Syria slaughters its own people and Cairo burns yet again, idealism reveals again, that war is to be left in the dustbins of history.  Similar predictions were made in 1909, just 4 years before the first World War, and in the 1930’s by Neville Chamberlain, on the eve of the Second World War.  In the 90’s, Clinton slashed our military with the idealism that the world would be a safer place.  It ignored the rising attacks by Islamist Terrorists and declarations of war by al-Qaeda, in hopes it would just go away.  It claimed terrorism was a law enforcement problem, and should be tried in court, rather than prosecuted by militaries.

Zero Ponsdorf of This Ain’t Hell points out the latest prediction of the impending future world of peace.  And some blame the realism of Veterans, of the fact that Sovereign Nations maintain standing Armies for self-defense, that wars continue.  Evidently, some believe that if Nations will just give up the means to defend themselves, then dictatorships will stop trying to take over their land and people.

Meanwhile, in the real world, the Communist Central Party of China has selected their new set of leaders, without ANY input from their Chinese subjects and are publishing new passports with maps of claiming the territory of several Pacific Nations, from the Philipines, to India, to Korea, to Japan, and of course Taiwan.

clip_image004Communist China has been using the profits of the lead coated toys it sells to our kids, to buy modern battleships, aircraft carriers, and troop transports.  It has taken over from the Soviets in stealing our technology, for such things as the Stealth Fighter which the Obama Administration decided was unneeded for our own military.  It has doubled its military spending in the last decade, and continues to increase it by double digits.  And now, it is making claims on the islands of the Pacifics in a manner reminiscent of 1930’s Japan.  The one thing that has contained China’s military threat for decades is being erased: its inability to project the power of its 4.5 Million man Military.

Continue reading

From Strength to Strength: Military Exercises Bolster Sino-Thai Relations

Publication: China Brief Volume: 12 Issue: 12

June 22, 2012 04:56 PM Age: 2 days  By: Ian Storey

clip_image001

Chinese and Thai Marines During the Recent Exercise

In May, as the tense face off between maritime law enforcement vessels from the Philippines and China at Scarborough Shoal entered its second month, several hundred marines from Thailand and China conducted combined military exercises in Guangdong province. The two events highlight the widening fault line within the Association of Southeast Asian Nations (ASEAN) between those members who view Chinese assertiveness as a serious national security concern—which can only be addressed with help from the United States—and member states who do not have a direct stake in the dispute and continue to prioritize strengthening economic, political and security ties with Beijing. The Philippines falls on one side of the divide, Thailand on the other. As Sino-Philippine relations deteriorate, Sino-Thai relations move from strength to strength.

Developing Sino-Thai Relations

Thailand and China developed a close relationship in the late 1970s when threat perceptions converged in the wake of Vietnam’s invasion of Cambodia in 1978. During Hanoi’s decade-long occupation, Bangkok and Beijing forged a de facto strategic alliance. China exerted military pressure on Vietnam when the Vietnamese military violated Thai sovereignty and Thailand facilitated the delivery of Chinese weaponry to anti-Vietnamese Khmer Rouge guerrillas along the Thai-Cambodian border. When Vietnam withdrew its forces from Cambodia in the late 1980s, the focus of Sino-Thai cooperation shifted quickly and seamlessly to trade and investment, and Thailand quickly established itself as China’s most important economic partner in mainland Southeast Asia.

Continue reading

Syrian Kurds Play the Russia Card in Pursuit of Autonomy

Publication: Terrorism Monitor Volume: 10 Issue: 10

By: Wladimir van Wilgenburg

clip_image001

(Source: Kurdistan National AssemblySyria)

The ongoing political and security crisis in Syria has provided unexpected opportunities for Syria’s Kurdish community to initiate diplomatic discussions with Russia, China and Iran in its pursuit of regional autonomy, a near impossibility under the Assad regime before the outbreak of political violence as part of last year’s “Arab Spring.”

The Partiya Karkeren Kurdistan (PKK – Kurdistan Workers Party) and its Syrian affiliate, the Partiya Yekitiya Demokrat (PYD – Democratic Union Party), Russia, Iran and China are opposed to  outside intervention by the Western states or Turkey and prefer to find alternatives This has resulted in the reshaping of relations in the region.

In the past, Russia has utilized the PKK as a lever against Turkey to deter possible Turkish support for Chechen insurgents. [1] After 2008, Russia emerged as Turkey’s largest trading partner and relations improved, but now Turkey and Russia have differences over Syria. [2] For Russia, Syria is a long-term ally in the Middle-East and the naval supply station in the Syrian port of Tartus is of strategic value (see Eurasia Daily Monitor, April 19). This has caused friction in Russia’s relations with Turkey, which has abandoned its ties to Syria and now supports the removal of the Assad-government while opposing any role for the PKK and the PYD in a post-Assad Syria.

Continue reading

‘Indian Army preparing for limited conflict with China’

China India eastern border depicting disputed ...

Image via Wikipedia

Thursday, February 09, 2012 Press Trust Of India

Noting that India is increasingly getting concerned about China‘s posture on its border, a top US intelligence official on Wednesday said that the Indian Army is strengthening itself for a “limited conflict” with China.
“Despite public statements intended to downplay tensions between India and China, we judge that India is increasingly concerned about China’s posture along their disputed border and Beijing’s perceived aggressive posture in the Indian Ocean and Asia-Pacific region,” Director of National Intelligence James Clapper said in his prepared testimony before the Senate Select Committee on Intelligence.

“The Indian Army believes a major Sino-Indian conflict is not imminent, but the Indian military is strengthening its forces in preparation to fight a limited conflict along the disputed border, and is working to balance Chinese power projection in the Indian Ocean,” he said.

Continue reading

Has China’s most famous police official defected to the United States?

February 9, 2012 by Ian Allen

clip_image001

By IAN ALLEN | intelNews.org |
There are rumors that China’s most famous law enforcement official may have tried to defect to the United States, after Chinese police surrounded a US consulate in Southwest China. Three years ago, Wang Lijun, the chief of police in Chongqing, a city of nearly 30 million inhabitants, launched an extensive campaign aimed at dismantling southwestern China’s criminal networks. Among his targets were the notorious Triad gangs, as well as China’s extensive drugs, human, and consumer goods smuggling networks. Since that time, he has conducted nearly 1,100 arrests, helped convict several organized syndicate bosses to death, and overseen an anti-corruption program that led to the removal or arrest of several Chongqing police officials. Media sources in China report that Wang, who has become a popular icon of anti-corruption campaigners in China, has been targeted in numerous knife and sniper attacks, one of which left him in a coma for over a week.

Continue reading