Four million US government employees personnel records were stolen. Fingers are pointing at China. Is china denying it? Not really.  Chinese foreign ministry in Beijing representative Hong Lei saying, ”China itself is also a victim of cyberattacks”.

Why would China or any other government want American government workers info?

  • identify employees by name who have significant national security information
  • spies could use personal information to learn about fed employee’s interests to manipulate govt screts from them
  • could easily fake an email from a fellow government employee in order to trick victim into downloading malware to steal more information and monitor employee 24/7

Massive data breach just the tip of the iceberg?

How bad is it?

  • “the scale of it is just staggering” – Rep. Adam Schiff (D) Calif. who sits on house intel committee
  • “disturbing” – Sen Ron Johnson (R) Wis. who chairs Sen. Homeland Security and Government Affairs Committee
  • “all the hallmarks of a nation-state attack” – Rep. Jim Langevin (D) Rhode Island
  • hacker turned security consultant Kevin Mitnick calls stolen confidential fed employee data “a gold mine”
  • cyberespionage intelligence head at iSight security firm says “we think they are creating a database they can leverage for follow-on espionage.”
  • $376 million security detection system called “Einstein” designed to protect this type of data failed and only alerted months after the attack

What did they steal?  The Government not saying but could easily be the type of information you would collect for security clearance background checks:

  • full name
  • social security number
  • date and place of birth
  • job assignments
  • training records
  • performance reviews
  • current home address
  • previous home addresses
  • names of family members, neighbors, previous bosses, teachers, arrests, vices and foreign contacts.

How did they rip off millions of fed. Employees dangerously intimate details?

  • inspector general at Office of Personnel Management which keeps personnel data sounded alarm in November in a report that described its own computer security systems as a Chinese hacker’s dream
  • 11 of 47 computer systems certified as safe for use last year were not “operating with a valid authorization”
  • problems so severe for two systems designed to safeguard background investigations with security clearances at federal investigative services that the Inspector General recommended temporarily shutting them down because the security flaws “could potentially have national security implications”
  • Donna Seymour, Chief Information Officer at the Office of Personnel Management calls their own computers an “antiquated environment”

Opinion: Here’s what I know after reporting on technology for 19 years.  For legislative leaders to do anything other than take swift action at this point to powerfully overhaul America’s technology infrastructure would be nothing short of reckless and un-American.   Let’s do our best to get the keys back from the foreign hackers who just ripped-off at least 4 Million federal government workers and our country because the door to let them come in and steal was left wide open.