Federal Data Breach: Hack Came From China Says Former DHS Chief Michael Chertoff

Former U.S. Secretary of Homeland Security Michael Chertoff said Friday that the devastating cyberattack on a key federal agency was most likely perpetrated by hackers working for, or in concert with, the Chinese government. “What I’ve independently verified on a private basis supports that view,” Chertoff told International Business Times, in an exclusive interview.

Chertoff said the cyberattackers were probably looking for information on government employees in possession of U.S. military or industrial secrets when they broke into systems maintained by the Office of Personnel Management. The goal would be “to comb through it to identify high-value targets,” Chertoff said.

The former secretary, who served under President George W. Bush from 2005 to 2009, said the information could be used to persuade or blackmail a federal worker, say, a nuclear scientist or weapons engineer, into spying for the Chinese government. “It looks like the building blocks of an espionage or counterespionage program,” Chernoff told IBTimes.

OPM disclosed the breach Thursday, but it may have actually happened as early as December 2014. The hackers gained access to sensitive personal information on more than 4,000 government workers, including their birthdates, bank account numbers and Social Security numbers. The intruders may have achieved the breach in part by using data stolen previously through attacks on health insurers Anthem Inc. and Premera Blue Cross. That data has been available for months on various sites on the so-called Deep Web.

The Federal Bureau of Investigation is working with OPM and other agencies to investigate the attack.

Chertoff said that, even knowing that the breach originated inside China, it will be difficult for investigators to pinpoint the exact perpetrators. “There’s always a bit of a shell game with attribution,” said the former secretary, who also served as U.S. Assistant Attorney General and is now executive chairman of security consultants The Chertoff Group. China “may be hosting them; they may be tacitly allowing them to function. The Chinese are quite controlling about what goes in and out of the country on the Internet. So you couldn’t conduct large-scale activities without tacit approval.”

Last year, the U.S. indicted five Chinese military officers and charged them with hacking into U.S. corporate networks to steal industrial and nuclear secrets.

So how should the Obama Administration respond in this case? “When we catch people, we can protest, we can charge people with criminal offenses; if they’re stealing intellectual property there may be trade sanctions,” Chertoff said. The White House has yet to formally accuse China of the attack or announce any retaliatory steps. “No conclusions … have been reached at this point,” White House Spokesman Josh Earnest said Friday. China has formally denied its involvement. “China itself is also a victim of cyberattacks,” Chinese Foreign Ministry Spokesman Hong Lei said in a statement.

Some experts were not surprised by the breach. In an interview with IBTimes, U.S. Air Force Maj. Gen. (Ret.) Brett Williams, who was formerly head of operations at U.S. Cyber Command, said the security systems protecting federal agencies’ data are in many cases woefully outdated. “Most government agencies are poorly positioned to deal with even a moderately sophisticated attack,” said Williams, who is now president of Operations and Training at cybersecurity consultants IronNet.

Williams cited reports that some of the data stolen from OPM was actually stored on servers at the Department of Interior. “It looks like OPM was storing stuff over there, but they weren’t defending it over there.” Williams said bureaucracy may be the federal government’s biggest weakness when it comes to defending itself against cyberattacks. Despite measures like the National Cybersecurity Initiative, which Chertoff helped draft in 2007 and which spells out measures agencies need to take to harden their defenses, hacks against government systems are not uncommon. Indeed, Thursday’s revelation marked the second time in a year that OPM’s systems were breached. An attack on the agency last July was also traced to China.

“We’ve got a real problem unless these government agencies decide security is a number one priority and I’m not confident about that,” said Williams.

OPM spokesman Samuel Schumach, in an email to IBTimes, defended the agency’s security measures. Within the last year, the OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its various networks,” said Schumach.