The U.S. federal government recently suffered a data breach of top national security agencies, which entailed software from Microsoft, SolarWinds, and VMware (it’s been referred to as “the SolarWinds hack,” for that reason.)
The hack is known to have affected the U.S. Department of Treasury and the National Telecommunications and Information Administration, and the government has stated that the attack was “likely Russian in origin.”
That hack “is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. At this time, we believe this was, and continues to be, an intelligence-gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly,” according to a joint statement by the FBI, NSA, CISA, and ODNI.
This has brought back memories of another hack of the federal government, back in the summer of 2015, which struck the United States Office of Personnel Management (OPM) and is thought to have affected more than 20 million records. That hack was believed to be carried out by state-sponsored hackers working on behalf of the Chinese government.
According to an analysis of the hack by CSO Online last year, the data that was taken included SF-86 forms, which contain “ extremely personal information gathered in background checks for people seeking government security clearances, along with records of millions of people’s fingerprints.”
The hack actually took place over the course of more than two years, with the hackers entering the system as early as November of 2013, with crucial malware being installed in 2014. The breach wasn’t revealed until 2015 although, per CSO, the OPM realized during 2014 that they had been breached, and “chose to allow the attackers to remain so they could monitor them and gain counterintelligence.”
The hacking incident led to the resignations of the agency’s director, Katherine Archuleta, and its chief information officer, Donna Seymour.
How it known that it was Chinese hackers?
“While no “smoking gun” was found linking the attack to a specific perpetrator, the overwhelming consensus is that OPM was hacked by state-sponsored attackers working for the Chinese government,” CSO said. “Among the evidence is the fact that PlugX, the backdoor tool installed on OPM’s network, is associated with Chinese-language hacking groups that have attacked political activists in Hong Kong and Tibet; the use of superhero names is also associated with groups tied to China.”
In 2017, a Chinese national named Yu Pingan was arrested on charges that he provided the malware that was used in the hack; he later pled guilty. Pingan was taken into custody when he landed in the U.S, and he eventually pled guilty to charges of conspiracy to commit computer hacking. Pingan was later deported to China.
Stephen Silver the co-founder of the Philadelphia Film Critics Circle, Stephen lives in suburban Philadelphia with his wife and two sons. Follow him on Twitter at @StephenSilver.