iPhone | iPad
Android
Huawei
It reiterated that pilgrims require a Haj visa and it can be obtained through recognised official channels
KT APPDOWNLOAD
US data breach intelligence coup
Hacking of millions of files likely part of efforts by China for long-term profiling.
Washington — The hacking of millions of US government employees is likely part of an effort by Chinese intelligence for long-term profiling — and possibly more nefarious things.
Security analysts say considerable evidence points to China, and that the cyber-intrusion shows the long and patient efforts in Beijing to collect and compile data which may be useful in the future.
“It’s normal for big intelligence agencies to create large biographic databases on their opponents,” said James Lewis, a senior fellow at the Centre for Strategic and International Studies, a Washington think tank.
Lewis said that while data on individuals may not seem significant on the surface, analysis of huge amounts of information can provide a strategic advantage.
“They get the same kinds of big data insights that companies use for targeted advertising,” he said.
Reports last week indicated some four million current or former government employees were hit, but a union letter said many more — every federal employee, every federal retiree, and up to one million former federal employees — could also have had personal data compromised.
These types of cyberattacks are troublesome because they involve stealth access that allows intruders to remain on computer networks for long periods of time, analysts say.
“It’s the difference between a ‘smash-and-grab’ and a long-term persistent” operation, said Ryan Kazanciyan, chief security architect at Tanium, a California-based security firm. “If you think about what you can do from the perspective of espionage instead of fraud, that data is incredibly valuable,” Kazanciyan said.
“If you want to target someone, this data can be used to conduct spearphishing, it can be used for blackmail.”
Potentially, Kazanciyan said the database can be used to help determine the identities and locations of US undercover agents.
John Dickson, a former air force intelligence officer who is now a partner with the security firm Denim Group, said the database contains a trove of important information for a foreign intelligence service, including background checks from people with security clearances. “This is valuable for an intelligence agency if they want to recruit someone” to spy, he said.
“It has to be a nation-state. Nobody else would be interested in this information.”
An analysis of the incident by the Virginia-based security firm ThreatConnect backs the theory that China was behind the breach. “The primary motivation we see is for espionage,” ThreatConnect’s Rich Barger said.
“This isn’t a criminal act in which they would sell the information or steal identities. This helps understand the inner workings of the US government.”
John Schindler, a former National Security Agency officer who is now a consultant, said the data is “the Holy Grail” from an intelligence perspective.
The hack “is unprecedented in its scope, offers our adversaries the opportunity to penetrate our government and use that information to deceive it at a strategic level,” he said in a blog post.
The attack targeting the US Office of Personnel Management could be connected to other data breaches even though they may not seem similar on the surface, say analysts. In recent months, breaches affecting tens of millions of Americans have been reported at health insurance firms such as Anthem and CareFirst, members of the Blue Cross Blue Shield Association — which cover many federal government employees.
ThreatConnect said its analysis shows similar software and signatures in both the OPM incident and the health care breaches, suggesting these could be part of the same effort to compile intelligence data.
“We believe there is enough technical evidence to say there is an overlap” between the health care and government workforce data breaches, Barger said.
Anup Ghosh, founder and chief executive of the security firm Invincea, said the incidents suggest a long-term plan “building dossiers on targets of interest”.
Combining the data in personnel records with detailed health information provides “very personal and private information,” Ghosh said. — AFP
More news from
The 18-year-old was taken to hospital in a serious condition
The brothers, who say they are innocent, are accused of having formed an organised criminal network in early 2021 in Romania, as well as in the US and Britain
The left-handed batter scored 3369 runs in 136 one-day internationals and 2893 in 140 Twenty20 internationals — both Pakistan records
Food supplies were distributed to 80 households
On January 31, a heart was airlifted from Delhi to Chennai, paving the way for Ayesha Rashid's life-saving surgery
The online retailer, which is headquartered in Singapore, has said it has around 108 million monthly active users in the 27-nation EU
The baby girl named Rouh, meaning Soul, suffered respiratory problems and a weak immune system, a doctor at the Emirati Hospital in Rafah said
