Cyber Commander: OPM Hack Highlights Data Theft Danger

Rogers declines to comment on links to China

Katherine Archuleta
Former OPM Director Katherine Archuleta / AP
June 25, 2015

The massive data breach at the Office of Personnel Management that compromised personal records of tens of millions of federal workers highlights the danger of cyber attacks, the commander of the U.S. Cyber Command said Wednesday.

Adm. Mike Rogers, who is also director of the National Security Agency, declined to name China as the main culprit in the attacks but would not reveal who the intelligence agencies believe conducted the intelligence-gathering operation.

Asked after a speech on what basis Cyber Command is linking the OPM hack to China, Rogers said: "I’m not going to accept the assumption" that China played a role in the cyber attacks.

"First of all I’m not going to get into the specifics of attribution," the four-star admiral said at a conference in Washington called GEOINT 2015. "That’s a process that we’re working through on the policy side. That’s ongoing."

Other U.S. intelligence officials have said intelligence agencies have moderate confidence that China carried out the attacks. The evidence is said to include technical forensic information based on the malicious software used by the hackers, the sophistication of the data exfiltration operations, and the Internet domains that were used to store information taken from OPM networks.

However, Rogers said the OPM hack is typical of the growing danger of cyber attacks data theft in the current global environment.

"I think the important thing for us to take away from OPM is that it is another reminder to us—and I don’t care if it’s the government or the private sector—we are in a world in which increasingly data has value as a commodity to a wide range of people," Rogers said.

"And there’s a wide range of people and groups and nations states out there aggressively attempting to gin access to that data, whether it resides in the U.S. government, whether it resides the private sector, whether it resides in our own homes as private citizens and individuals."

Rogers said he believes "we’re in for a period of time, much like we’re seeing now, we’re in a constant fight to safeguard our networks, to safeguard our data."

Damage from the OPM attack appears to be increasing.

On Capitol Hill Wednesday, OPM Director Karen Archuleta revealed that as many as 18 million Social Security numbers contained in a database on federal security clearance holders appear to have been compromised. She declined to comment when asked if the total number of federal workers who were victimized in the OPM hack could be as many as 32 million.

OPM’s official estimate of the total number is that 4.2 million current and former federal workers were victims of the cyber attacks that was discovered in April and appears to have been carried out since at least December.

So far, two OPM databases were breached, a central personal network and a separate security clearance database used to check the backgrounds of federal employees involved in classified work. That database involves millions of people who are questioned about security clearance renewals or new clearances.

Rogers also was asked what he will recommend to the president in terms of a response to the OPM hacking. He declined to discuss internal deliberations on the matter.

Rogers suggested the current U.S. policy of taking mainly defensive steps to block computer attacks may not be working to solve the problem.

A long-term approach to the problem of cyber attacks will require changing the current approach of solely responding to individual attacks, he said.

"Quite frankly just continually responding to individual incidents, I don’t think in the long run is going to get us to where we need to be," Rogers said.

Rogers did not say what approach he favors. However, in congressional testimony earlier this year he urged a more proactive strategy of conducting some offensive counter attacks as a way to deter cyber attackers.

On the general question of identifying the origin or cyber attacks, called attribution, Rogers said "attribution has sure come a long way and is not the challenge it was 10 years ago."

The cyber attack against Sony Pictures Entertainment in November was quickly identified as coming from North Korean government hackers, he said.

The solid intelligence from NSA, FBI, and DHS allowed senior U.S. political leaders to have "high confidence" that Pyongyang conducted the attacks that stole sensitive company information and damaged the companies computers. The administration responded with imposing sanctions on North Korea.

"Every incident is different," he said, noting that tracking down hackers is "a bit of a cat and mouse game."

"As you generate and gain more insights on what actors are doing, you watch them try to change what they do in a way to obfuscate how they do it," he said.

For example, hackers have formed new partnerships with other hackers in an effort to thwart intelligence agencies from identifying them, sometimes with success, he said.

"But in general, I remain pretty confident in our ability to generate insights into who’s doing what," Rogers said.

President Obama met with Chinese Vice Premier Liu Yandong and other Chinese officials at the White House and raised U.S. concerns about cyber issues, according to a White House statement.

Earlier this week, State Department officials would not say whether China’s role in the OPM hacking was raised during this week’s meetings of the Strategic and Economic Dialogue with the Chinese.

The president and his advisers are keeping secret the intelligence linking China to the cyber attacks to avoid upsetting relations with Beijing, according to a U.S. intelligence official.

Forensic technical details of the OPM hacking, including an access malware called Sakula, have been linked to Chinese state-run hackers in the past. The malware gives remote users broad access to closed computer networks.

A second U.S. official with access to details of the investigation of the OPM hack said there is clear technical evidence linking the cyber attacks to China’s military.

China’s military has a special unit for foreign cyber attacks that is under the Third Department of the People’s Liberation Army General Staff known as 3PLA.

Lisa Monaco, the White House homeland security director, said on Friday that among the options being considered for a future response to the OPM hack are sanctions and unspecified legal, diplomatic, and intelligence actions.

Published under: China , Cyber Security