How Hackers Stole 21 Million People’s Records From the Government

November 21, 2016 5:00 am
One of a group of hackers at work (Olympus Digital Camera/Getty Images)


Hackers aren’t picky about whom they attack, and the U.S. Office of Personnel Management was one of those targets. Indeed, the government agency reportedly fends off 10 million attempted digital intrusions each month (generally, phishing attacks and similar assaults). But on April 15, 2015, what they discovered was unexpectedly horrifying. Malware had been operational for nearly an entire year, and it was linked to a group of hackers who had previously taken part in incredibly successful thefts. (For instance, they were responsible for hacking insurance provider Anthem, exposing the data of millions of patients.)

Thus began the search for the malware in the largely out-of-date network of 15,000 computers. The security team searched day and night, discovering 2,000 unrelated pieces of malware in the process. They concluded that employee credentials had been stolen, but determining which ones was an agonizingly slow process. (One method: determining whether or not an employee was genuinely on vacation, even though they were still “active.”)

It became clear that the hackers had struck a goldmine, accessing the data from millions of background checks, complete personnel files, and even digital images of government employee fingerprints.

Needless to say, the discovery of the extent of the breach caused a panic. Members of the Office of Personnel Management leadership were replaced and new security measures were implemented. But Brendan A. Koerner writes for Wired that all the changes ignore the crucial lesson hackers have repeatedly taught us:

“We’re overly focused on prevention at the expense of mitigation. One reason these attackers can do so much damage is that the average time between a malware infection and discovery of the attack is more than 200 days, a gap that has barely narrowed in recent years.”

To read the full article and learn about a new approach to combatting hackers, click here. To hear from a cyber security expert about the cyberattack that occurred just last month, click here.

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.