Attack Gave Chinese Hackers Privileged Access to U.S. Systems

Source: New York Times

For more than five years, American intelligence agencies followed several groups of Chinese hackers who were systematically draining information from defense contractors, energy firms and electronics makers, their targets shifting to fit Beijing’s latest economic priorities.

But last summer, officials lost the trail as some of the hackers changed focus again, burrowing deep into United States government computer systems that contain vast troves of personnel data, according to American officials briefed on a federal investigation into the attack and private security experts.

<snip>

Much of the personnel data had been stored in the lightly protected systems of the Department of the Interior, because it had cheap, available space for digital data storage. The hackers’ ultimate target: the one million or so federal employees and contractors who have filled out a form known as SF-86, which is stored in a different computer bank and details personal, financial and medical histories for anyone seeking a security clearance.

<snip>

The administration is urgently working to determine what other agencies are storing similarly sensitive information with weak protections. Officials would not identify their top concerns, but an audit issued early last year, before the Chinese attacks, harshly criticized lax security at the Internal Revenue Service, the Nuclear Regulatory Commission, the Energy Department, the Securities and Exchange Commission — and the Department of Homeland Security, which has responsibility for securing the nation’s critical networks.

<snip>

Read more: http://www.nytimes.com/2015/06/21/us/attack-gave-chinese-hackers-privileged-access-to-us-systems.html