- Joined
- Dec 19, 2014
- Messages
- 184
- Points
- 0
Beware the 'Dancing Panda': Another hack attack on top US officials blamed on China
US government grappling with persistent security breaches after sources say hackers employed by Beijing were behind 2010 break-in
PUBLISHED : Wednesday, 12 August, 2015, 12:03am
UPDATED : Wednesday, 12 August, 2015, 12:03am
The Guardian in New York
Sources say the Pentagon's email system was hacked. Photo: AFP
The ongoing saga of successful foreign hack attacks on US government databases continued this week with news of another break-in allegedly perpetrated by China.
Just days after the reported "spear-phishing" attack on the Pentagon's Joint Staff email system, which exposed some 4,000 civilian and military employees and is believed to have been sponsored by Russia, anonymous government sources told NBC News on Monday that a separate set of Chinese hack attacks targeted the personal emails of "all top national security and trade officials".
These attacks - among the more than 600 hacks attributed by officials to hackers working for the Chinese government - sought personal email information from top administration officials and began in 2010.
A National Security Agency briefing in 2014 showed the email intrusion was detected in April 2010, but a US official, who was not identified, said it was still going on, NBC said.
Google acknowledged an intrusion into the private Gmail accounts of some American officials in 2011, and the NSA briefing made clear that email accounts from other providers also were compromised.
US officials codenamed the email intrusion "Dancing Panda" and then "Legion Amethyst", according to NBC.
The US government is dealing with several different investigations into breaches, of security, the largest of which is the hack of the Office of Personnel Management (OPM) - an intrusion that exposed the personal information of some 22 million people.
That investigation has been troubled by intramural squabbling by the agency's own admission: Patrick McFarland, the office's inspector general, wrote a strongly worded memo to acting OPM director Beth Cobert accusing the agency's Office of the Chief Information Officer (OCIO) of hampering its inquiry into the hack, citing multiple instances of uncooperative behaviour.
Notable among them was the accusation that the "OCIO failed to timely notify the OIG of the first data breach at OPM involving personnel records".
The US government is trying to put together the best way to safeguard its information but in many cases, better encryption "would not have helped", as Department of Homeland Security assistant secretary for cybersecurity testified before Congress with reference to the OPM hack.
These newly revealed hacks of private emails took place over the period when then-secretary of state Hillary Clinton was receiving work-related correspondence in her own private accounts, though no victims of the hacks have been named.
The timing of the revelations is potentially fortuitous for at least one group of people: proponents of the Cybersecurity Information Sharing Act (Cisa), the controversial bill that will likely come before the Senate again next month. Internet activists, though, aren't biting.
"The US government has proven itself incompetent when it comes to protecting its data," said Evan Greer of advocacy group Fight for the Future.
"Information sharing bills like Cisa would make us even more vulnerable by dramatically expanding the amount of private data the US government keeps in its databases and the number of government and law enforcement agencies who would house that data."
Additional reporting by Reuters
