What do you think? Leave a respectful comment.

Cyber thieves breach ‘gold mine’ of federal employee data

The FBI is investigating a massive cybersecurity breach at the Office of Personnel Management’s files containing personal information on millions of government employees, including those with high-level security clearances. Jeffrey Brown talks to Dmitri Alperovitch, co-founder and CTO of Crowdstrike, about what may have been stolen, who’s behind the hack and what could have been done to prevent it.

Read the Full Transcript

  • JUDY WOODRUFF:

    The FBI said today it is investigating a massive cyber-security breach at the Office of Personnel Management. Files stored there containing personal information on millions of U.S. government employees, including those with high-level security clearance, may have been compromised.

    Jeffrey Brown has the story.

  • JEFFREY BROWN:

    News reports citing unnamed U.S. government officials have said that China is suspected to be behind the attacks, though there’s been no official word from the administration.

  • A Chinese spokesman had this to say today:

  • HONG LEI, Ministry of Foreign Affairs (through interpreter):

    We have seen many similar media reports and remarks about this, but are they scientific? We know that hacker attacks are conducted anonymously, across nations, and that it is hard to track the source. It’s irresponsible and unscientific to always make trumped-up presumptions without deep investigation.

  • JEFFREY BROWN:

    At the White House this afternoon, spokesman Josh Earnest said cyber-concerns relating to China are not new.

  • JOSH EARNEST, White House Press Secretary:

    I can’t speak to who may or may not have been responsible for this particular incident. But just, as a general matter, we have raised significant concerns about the way that China and individuals acting on behalf of the state of China have acted in cyberspace.

  • JEFFREY BROWN:

    So, for more, we turn to Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, an Internet security firm.

    Welcome back to you.

  • DMITRI ALPEROVITCH, Co-Founder and CTO, CrowdStrike:

    Thank you.

  • JEFFREY BROWN:

    Start with the whodunit this time. What kind of evidence would point to China, and would that be government or some kind of criminal syndicate?

  • DMITRI ALPEROVITCH:

    Well, in this case, the FBI is the lead investigator. So, they have the evidence. They haven’t made it public, so we don’t know necessarily with certainty this was indeed China.

    But it follows a pattern of behavior that we have seen from China. You may recall earlier this year we have seen all these intrusions into major insurance companies, where they were collecting very similar information on this time tens of millions of Americans, not just government workers.

    So it’s a pattern of activity that we’re seeing that is clearly an indication that the Chinese are trying to great a massive database of personal identifiable information, employment records, financial records, medical records on literally almost the entire American population.

  • JEFFREY BROWN:

    Well, let’s get our way back into that. Let’s start this particular — the Office of Personnel Management, why would this particular agency be targeted?

  • DMITRI ALPEROVITCH:

    Well, the OPM is actually doing the background investigations on virtually every government employee. There are some agencies that do it themselves, but most of the agencies are relying on OPM.

    That includes clearance investigations. These are massive forms that people fill out with all their background information, all their financials, all their medical conditions and so forth that the OPM then investigates. So, that record is a gold mine for both criminal actors, who would want to conduct identity theft, as well as nation states.

  • JEFFREY BROWN:

    So, I have reports that officials know what kinds of data might have been exposed, but they’re still not sure, they’re not saying what was actually taken at this point.

  • DMITRI ALPEROVITCH:

    That’s right.

    I think, you know, this is still an active investigation, so they don’t want to tip their hand. They don’t want to alert the adversary of what they potentially know.

  • JEFFREY BROWN:

    What could be done with that data? What would it be used for?

  • DMITRI ALPEROVITCH:

    Well, it depends on who is behind it.

    So, if it is China, if is the nation state of China, then the concern is really a human intelligence concern, that they’re building these massive databases to target people. If they want to find an individual that is working for a sensitive government contractor or a government agency and they know that their relative has a medical condition or they’re in debt financially, that could be an approach that they can use to try to recruit this individual.

    It can also be used to identify potential spies that are working for the U.S. government that are trying to penetrate China. If it’s a criminal actor, then it’s a whole other slew of concerns like identity theft and financial fraud.

  • JEFFREY BROWN:

    And that would tie it to — as you said earlier, to some of these earlier things we saw, some of the health insurance companies, Anthem and others, that have happened this year.

  • DMITRI ALPEROVITCH:

    That’s exactly right. And those have been attributed to China.

    And we know that the Chinese are trying to collect this information as an effort for their intelligence apparatus.

  • JEFFREY BROWN:

    Now, this is a strike against the U.S. government, and the administration has after all made a big effort in this area. Does it suggest that nothing is safe, or does it suggest that the U.S. government has really not done enough with its technology?

  • DMITRI ALPEROVITCH:

    You know, almost half-a-decade ago, I said that there are only two types of organizations, either government agencies or companies, those that know they have been hacked and those that don’t yet know.

    And this case just proves that no one is invincible in cyberspace. Government agencies, we had the White House getting hacked last year, the State Department and certainly numerous companies that are coming under assault from nation states, from criminal actors, and it’s really inevitable.

  • JEFFREY BROWN:

    I did note officials were taking some solace in that they detected this. Is there better detection now, even if there’s not better prevention at this point?

  • DMITRI ALPEROVITCH:

    Well, I actually have to compliment them. Even though it took them a couple of months to detect it, which sounds like a long time, and it is, it’s actually better than the industry average.

    The industry average is about seven to eight months from the time of a compromise to when it’s being detected. They actually did it in a couple of months, which is great, but obviously not good enough. It needs to be done much faster. And you really need to prevent the attacker from actually being able to exfiltrate that data, to steal that data out of the organization. That’s when you ultimately can be successful.

  • JEFFREY BROWN:

    Now, to the extent the focus is on the Chinese government, outrage at the Chinese government, at the same time, if it is them, is this something that the U.S. government does as well?

  • DMITRI ALPEROVITCH:

    Well, this clearly has, if it is the Chinese government, an intelligence focus and an intelligence mission, so you would assume that the U.S. government is doing similar things in cyberspace and beyond.

    So it would be hard for us to confront the Chinese on this issue, because it falls into that realm of national security-related espionage that is the norm that everyone does.

  • JEFFREY BROWN:

    And very briefly, we’re focusing on some of these big thefts, when you come and others join us on this, but this is going on all the time in various forms?

  • DMITRI ALPEROVITCH:

    Exactly.

    And, oftentimes, we think of these hacks as discrete events, a company gets hacked or an organization gets hacked, they clean it up, and six months later, they announce that it is another hack. What happens in reality is that these attackers are persistent. The minute they’re kicked out of a network, they go back in that same day, or try to anyway.

    It’s oftentimes a continuous event, where you’re continuously compromised and you just discover it in six-month increments.

  • JEFFREY BROWN:

    All right, Dmitri Alperovitch, thank you so much.

  • DMITRI ALPEROVITCH:

    Thank you.

The Latest