China joins the mass data breach party: lessons to learn from the OPM

China joins the mass data breach party: lessons to learn from the OPM

The massive data breach of federal employee information at the OPM could mark a significant moment in the evolution of the threat landscape

Related topics
Data
Data breach
Security

Related articles

Why nation-state cyber warfare should be keeping you up at night

Google to warn GMail users of state-sponsored attacks

Google to warn GMail users of state-sponsored attacks

Governments and businesses must act now on the Internet of Things, warns Accenture

Share article

 49  0  0  10 googleplus0

Short of time?

Print this pageEmail article

‘The Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible’

If the intelligence coming through is correct, and a nation state is behind the cyber attack at the US Office of Personnel Management (OPM), then IT leaders have yet another problem to worry about.

State-sponsored hackers are not just after select pieces of geopolitically advantageous intel – they’re prepared to lift millions of records at a time from organisations to get what they’re looking for.

But what are they looking for? And how do we stop them?

Even in an industry where ‘major inflection points’ seem to come along every few months, the OPM attack is a big deal. Originally thought to have compromised the personal details of only around four million US government employees, that number may now have risen to as many as 14 million.

>See also: Why nation-state cyber warfare should be keeping you up at night

More importantly, the breach is now said to have compromised highly sensitive data on staff applying for security clearance roles in military or intelligence positions. This data could include whether an individual has a criminal record, any history of alcohol or drug abuse, filed for bankruptcy and so on, according to reports.

This is information that a foreign state would find hugely valuable. It could be used for blackmail, coercion and even for possible recruitment of spies. And let’s not forget that the wealth of personal information contained in these employee records can also be used to make follow-up spear phishing attacks even more sophisticated and hard to spot.

A chequered past

This isn’t the first time something like this has happened. In fact, an intrusion into the OPM was traced to China last year but the department seems not to have heeded an Office of the Inspector General report soon after criticising “significant” deficiencies in its security. A watchdog has now said the OPM underinvested in security for a decade. This should be a warning to organisations everywhere – you get the security you pay for.

There are also signs that the recent Anthem breach of 80 million health records, the Premera Blue Cross incident exposing 11 million customers, and an attack on Carefirst Blue Cross (1.1 million) were linked to each other and China.

We’ll probably never find out if it was a government-sanctioned mission. But so far some reports seem to suggest that this data isn’t finding its way onto the darknet, which would be a typical move if it were nabbed by cybercriminal gangs.

So what can we learn from this? IT leaders should already be on high alert about the major data theft threat posed by cybercrime gangs – and the huge resulting clean-up and legal costs, regulatory fines, and damage to brand and shareholder value.

Knowing this threat has expanded to nation-state operatives should serve as a timely reminder to get security strategies in order, especially for government contractors.

On the plus side, best practice security to mitigate the effects of an attack shouldn’t change, whether the attacker is a criminal gang or an army hacking unit.

Aim to secure systems at every step of the cyber “kill chain”, starting with human resources. Invest in education and awareness training, so more staff can spot those all-important spear-phishing emails, and react quickly to an incident.

Then look at intelligence gathering to see if you’ve become a target. After that, it’s all about good security housekeeping, including keeping up-to-date with patches to ensure software vulnerabilities can’t be exploited. Guidelines like those produced by NIST and GCHQ are there for a reason, so follow them.

It’s also important to classify and label data and apply policies accordingly – segregating if necessary according to sensitivity.

>See also: Governments and businesses must act now on the Internet of Things, warns Accenture

Some highly sensitive data may need to be kept in air-gapped data stores. Delete anything that’s no longer useful or relevant. You’ll also need to authenticate access to this data strictly, along the principle of least privilege, and put a full audit trail behind it. It can also be useful to run breach ‘war games’ from time to time to check incident response plans are working.

No business is safe from a determined attacker, but what the OPM consistently failed to do was make suitable efforts to manage the risk of a serious breach. It’s a cautionary tale we would all do well to learn from. One thing’s for certain: the Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible.

Sourced from Bharat Mistry, Trend Micro

– See more at: http://www.information-age.com/technology/security/123459678/china-joins-mass-data-breach-party-lessons-learn-opm#sthash.rz3O942H.dpuf

The massive data breach of federal employee information at the OPM could mark a significant moment in the evolution of the threat landscape

‘The Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible’

If the intelligence coming through is correct, and a nation state is behind the cyber attack at the US Office of Personnel Management (OPM), then IT leaders have yet another problem to worry about.

State-sponsored hackers are not just after select pieces of geopolitically advantageous intel – they’re prepared to lift millions of records at a time from organisations to get what they’re looking for.

But what are they looking for? And how do we stop them?

Even in an industry where ‘major inflection points’ seem to come along every few months, the OPM attack is a big deal. Originally thought to have compromised the personal details of only around four million US government employees, that number may now have risen to as many as 14 million. Continue reading

NSA chief has regrets on ISIS intelligence collection

September 18, 2014, 4:41 PM

National Security Agency (NSA) Director Adm. Mike Rogers said Thursday that his agency’s collection of intelligence on the Islamic State of Iraq and Syria (ISIS, also known as ISIL) could have been “stronger.”

“If I’m honest with myself, I wish the transition of ISIL from an insurgency to an organization that was now focused on holding ground, territory, the mechanism of governance….in hindsight I wish we had been a little bit – I’ll only speak for me and the NSA – I wish we’d been a little stronger about,” he said.

Rogers, who is also the head of U.S. Cyber Command, spoke at an intelligence summit alongside Central Intelligence Agency Director John Brennan and Letitia Long, the director of the National Geospatial-Intelligence Agency.

ISIS’ quick rise appeared to take the U.S. by surprise as it swept through northern Iraq, taking hold of vast amounts of territory and virtually erasing the border with Syria. Although U.S. airstrikes in Iraq helped to stem the group’s expansion, the U.S. still struggles to collect enough intelligence on the group’s activities.

Matt Olsen, who directs the National Counter Terrorism Center, told a House committee Wednesday that intelligence agencies have very little idea where foreign fighters go and what they do once they reach Syria, so they can’t estimate how many have joined ISIS or other extremists.

US intelligence under fire over Ukraine

Intelligence official calls reports ‘highly inaccurate’

Author: By John Crawley CNN

image

Published On: Mar 05 2014 09:38:19 PM EST Updated On: Mar 05 2014 10:25:05 PM EST

REUTERS/Mikhail Maslovsky   WASHINGTON (CNN) –

The nation’s top intelligence office denies suggestions the United States was caught off guard by Russia’s military intervention in Ukraine, calling reports to that effect “highly inaccurate.”

Shawn Turner, a spokesman for Director of National Intelligence James Clapper, said in a statement Wednesday that the intelligence community has “frequently warned of worrisome trends with respect to Russia’s foreign policy” since Vladimir Putin returned to the presidency in 2012.

Continue reading

Egypt to try Mossad officers for ‘spying’

English: Smuggling Tunnel, Rafah, Gaza Strip

English: Smuggling Tunnel, Rafah, Gaza Strip (Photo credit: Wikipedia)

(Globalpost/GlobalPost)

February 2, 2014 4:31pm

Five officers from Israel’s Mossad spy agency and three Egyptians will stand trial on Wednesday on charges of spying for the Jewish state, judicial sources said.

Egyptian prosecutors have accused the eight of espionage and supplying Israel with information impacting Egypt’s national security, the sources said on Sunday.

The trial is expected to open with none of the defendants present, the sources said, because the Mossad officers are “on the run” while it is not clear if the three Egyptians had been arrested.

The Egyptian suspects hail from Rafah, on the border with the Palestinian Gaza Strip, they said, adding that the trial will be held in the Suez canal city of Ismailiya.

The trial of a Jordanian engineer accused of having spied for Israel is also underway in Egypt.

Continue reading

Israeli Army dismantles spy device on border with Lebanon

January 21, 2014 12:34 AM By Mohammed Zaatari

The Daily Star

image

UNIFIL soldiers stand guard as Israeli soldiers foot patrol the border area with Lebanon as seen from Adaisseh, Monday, Jan. 20, 2014. (The Daily Star/Mohammed Zaatari)

ADAISSEH, Lebanon: Calm was restored to the border Monday following a tense standoff between the Lebanese and Israeli armies, as the latter removed an apparent spy device from a disputed area. An Israeli technical specialist unit, accompanied by some 40 soldiers, entered the disputed border territory near the southern village of Adaisseh at around 11 a.m. Monday to dismantle a device found under an olive tree the day before.

Continue reading

NSA gives Israel raw intercepts containing US citizens’data

image september 12, 2013 by Joseph Fitsanakis

By JOSEPH FITSANAKIS | intelNews.org |
The United States National Security Agency (NSA) shares raw intercepted data with Israeli intelligence without first deleting information pertaining to American citizens, according to a leaked document. British newspaper The Guardian published on Wednesday an informal memorandum of understanding between the NSA and the Israel SIGINT National Unit (ISNU). The five-page document was supplied to the newspaper by Edward Snowden, a technical contractor for the NSA who defected to Russia this past summer. It outlines an agreement reached in 2009 between the NSA and the ISNU, under which the American side provides the Israelis with raw intercepts, which often contain telephone and email data belonging to American citizens. The memorandum describes this type intelligence sharing as a “routine” aspect of a broader “SIGINT relationship between the two organizations”.

Continue reading

New Abu Yahya al-Libi Videos:Dead or What?

Posted on 2012/06/25 |by Florian Flade

clip_image001

Abu Yahya al-Libi in new video message released June 22

Three weeks have passed since a US drone strike in North Waziristan allegedly killed Al-Qaida´s Top commander Abu Yahya al-Libi. Since then Al-Qaida has neither officially confirmed nor denied the death of al-Libi. Question still remains: Is the White House´s claim true or not?

Instead of celebrating the martyrdom of yet another of its leaders Al-Qaida is releasing videos of al-Libi. Last week the terrorist network´s media wing “As-Sahab” released a 17-minute video statement titled “The American Military and Ethics of Wars” in which al-Libi talks about civilian deaths in Afghanistan.

The more interesting details regarding the second new Abu Yahya al-Libi tape within two weeks is: Al-Qaida does not seem to regard him as dead. The organization labels him “Al-Sheikh Al-Mujahid Abu Yahya al-Libi (may Allah protect him)” – the latter phrase indicating the person is still alive. Otherwise the phrase “may Allah have mercy upon him” would be used.

Continue reading