As President Obama gallivants about in
a Vulcan costume behind the Bamboo Curtain, his mandarin hosts
have been busy spying on the United States Postal Service (USPS).
The Washington Post
reports that the Chinese government is suspected of breaching
the computer networks of the senescent government agency charged
with delivering our snail mail. The data of more than
800,000 employees have reportedly been compromised:
The compromised data included names, dates of birth, Social
Security numbers, addresses, dates of employment and other
information, officials said. Every employee from the letter carrier
to the postmaster general was exposed. But no customer credit card
information from post offices or online purchases at usps.com was breached, they said.The Postal Service was notified of the breach by the FBI and
other federal agencies in mid-September. Planning to deal with the
hack began immediately, but the actual remediation did not take
place until the weekend.
Earlier this year, the Office of Personnel Management and a
security-clearance contracting company were also
hacked. But it was fairly clear why the Chinese
government should target both these institutions: They are staffed
by people with security clearances and access to potentially
sensitive government information.
Experts are not entirely sure why China would target the USPS,
of all places. But one potential reason for its interest in the
Newmans of
the federal workforce is that, well, China just doesn’t know any
better:
Some analysts say that targeting a federal agency such as the
post office makes sense for China as an espionage tool. For one
thing, the Chinese may be assuming that the U.S. Postal Service is
more like theirs — a state-owned entity that has vast amounts of
data on its citizens.
China might also just be vacuuming up as much data as possible
in its search for new intelligence leads of any kind. Of particular
interest, for example, could be the
photographs of addressing information stored by the USPS at the
behest of American law enforcement.
The Associated Press
reports that the postal service security breach is one among
many in recent years:
From 2009…to 2013, the number of reported breaches just on
federal computer networks…rose from 26,942 to 46,605, according
to the U.S. Computer Emergency Readiness Team or
US-CERT. Last year, US-CERT responded to a total of
228,700 cyberincidents involving federal agencies, companies that
run critical infrastructure like nuclear power plants, dams and
transit systems, and contract partners. That’s more than double the
incidents in 2009.
But the zinger is that gullible or otherwise careless federal
employees are responsible for at least half of known cyberattacks
since 2010:
They have clicked links in bogus phishing emails, opened
malware-laden websites and been tricked by scammers into sharing
information.Last year…about 21 percent of all federal breaches were traced
to government workers who violated policies; 16 percent who lost
devices or had them stolen; 12 percent who improperly handled
sensitive information printed from computers; at least 8 percent
who ran or installed malicious software; and 6 percent who were
enticed to share private information.
Given the government’s poor track record of protecting sensitive
data, it may only be
a matter of time before a serious breach threatens the
personal information of millions of Americans.
from Hit & Run http://ift.tt/1ElUY2h
via IFTTT