China Dismisses U.S. Allegations That It Was Behind Cyberattack
AUDIE CORNISH, HOST:
Millions of people may have had their personal information stolen in a computer security breach at the Office of Personnel Management. The government plans on starting the notification process of some 4 million current and former federal employees on Monday. As we're about to hear, the White House is so far avoiding the assertion others are making that China is responsible. NPR's Brian Naylor reports.
BRIAN NAYLOR, BYLINE: Citing the ongoing investigation being conducted by the FBI, White House spokesman Josh Earnest wouldn't say today who the administration believes hacked into the Office of Personnel Management's computers.
(SOUNDBITE OF ARCHIVED RECORDING)
JOSH EARNEST: It's not clear yet who exactly the perpetrators are. It's unclear whether or not this was a state actor or a group of individuals or an individual acting on behalf of a state, or if this was just a more run-of-the-mill criminal enterprise.
NAYLOR: Earnest said officials believe the attacks had begun in December. They were discovered in April. And it wasn't until last month that it was determined the hackers made off with employees' personal data. It's clear the OPM computers are an inviting target. OPM acts as the government's HR department and conducts background checks on employees who need security clearances. Their computers are subject to an estimated two and a half billion attacks every month. Randy Sabett is a former crypto engineer with the NSA, now with the Cooley law firm. Sabett says defending those attacks isn't easy.
RANDY SABETT: So at that level - two and a half billion with a B - at that level, you're dealing with just an overwhelming number of incoming attacks. So it just takes one to get through and then get that foothold and then build from there, which the attackers may have done here.
NAYLOR: The government hasn't said how the attackers gained access to the OPM's computers. OPM says it had upgraded its security and it was that new detection software that discovered the hackers, who were already lurking in the system. Sabett says the way they got in could've been relatively simple.
SABETT: The attackers are going to go after every possible way of getting in that they can. Unfortunately, in many cases, they get in through phishing attacks. So we're still dealing with some very basic cyber hygiene. People click on the wrong things.
NAYLOR: However it was done, it was the second time in a year that OPM's computers were hacked. Last month, a breach in IRS computers was detected. And the White House and State Department computers have recently been hacked, too. Congressman Adam Schiff of California is the top Democrat on the House Intelligence Committee. He concedes it's a huge challenge to protect government computers from attacks, but Schiff says agencies have to do better.
ADAM SCHIFF: We have put billions and billions of dollars into our cyber defenses. So to see that one of the federal agencies who are primarily responsible for personal information can't protect its own is very discouraging, and it just shows how much work we have left to do.
NAYLOR: Schiff says the House has passed legislation that would allow the government to exchange details of attacks on its computers with the private sector to help everyone bolster their defenses. The Senate has yet to act on the measure. Schiff says there need to be consequences, especially for countries involved in cyber warfare.
SCHIFF: Particularly if attack is state-sponsored, there have to be repercussions. There has to be a deterrent because the defenses themselves are not adequate, as we plainly see. And this is a brave new world of cyber warfare. And we have to have a measured response but nonetheless a strong enough response that we can deter future attacks.
NAYLOR: The Obama administration has taken punitive action in the past, indicting five members of a Chinese military unit suspected of hacking into U.S. companies for trade secrets. A spokesman for the Chinese government said allegations it was behind the OPM hack were irresponsible. Brian Naylor, NPR News, Washington. Transcript provided by NPR, Copyright NPR.