Chinese hackers pry open federal sites

  • Article by: Michael S. Schmidt
  • New York Times
  • July 15, 2014 - 8:29 PM

– After years of cyberattacks on the networks of high-profile government targets like the Pentagon, Chinese hackers seem to have turned their attention to more obscure federal agencies.

Law enforcement and cybersecurity analysts in March detected intrusions on the computer networks of the Government Printing Office and the Government Accountability Office, senior U.S. officials said this week.

The printing office catalogs and publishes information for the White House, Congress and many federal departments. It also prints passports for the State Department. The GAO is known as the congressional watchdog, conducting investigations into federal government programs.

The attacks occurred around the same time Chinese hackers breached the networks of the Office of Personnel Management, which houses the personal information of all federal employees and more detailed information on employees who have applied for top-secret security clearances.

Some of those networks were so out of date that the hackers seemed confused about how to navigate them, officials said. But intrusions puzzled U.S. officials because hackers have traditionally targeted offices that have far more classified information.

In May, the Justice Department unsealed an indictment that charged five hackers who worked for the People’s Liberation Army with stealing corporate secrets, in an attempt to deter the Chinese from attacks on U.S. corporations.

The Chinese have countered by saying that the Obama administration was hypocritical. Citing disclosures from Edward Snowden, the former National Security Agency contractor, Beijing said the NSA had gone into the computer systems of a Chinese company that manufactures computer network equipment, and had spied on Chinese military and political leaders.

It is not clear whether the hackers were operating on behalf of the Chinese government. But the sophisticated nature of the attacks has led some U.S. officials to believe that the government, which often conducts cyberattacks through the military or proxies, played a role.

Shawn Henry, an executive at the cybersecurity company CrowdStrike and a former top FBI cybersecurity official, said the attacks were “indicative of a state-run intelligence agency” because they are one of the few groups that would want such information.

Henry said that foreign intelligence agencies were going to spend a fair amount of time attempting to break into heavily protected networks with troves of sensitive information. Hackers also open doors of obscure agencies just to see what they may have.

“If the door is unlocked why not look in?” he said.

The breaches in March were significant enough that FBI agents have opened an investigation into the attacks, which the agents say they believe are connected.

© 2018 Star Tribune