Cybercom: Big Data Theft at OPM, Private Networks is New Trend in Cyber Attacks

Cyber theft no longer restricted to economic spying

Adm. Michael Rogers testifies on Capitol Hill / AP
July 27, 2015

The commander of U.S. Cyber Command said last week that the Office of Personnel Management hack of millions of records of federal workers shows a new trend toward using Big Data analytics for both nation-state and criminal cyber attacks.

"One of the lessons from OPM for me is we need to recognize that increasingly data has a value all its own and that there are people actively out there interested in acquiring data in volumes and numbers that we didn’t see before," said Adm. Mike Rogers, the Cyber Command commander and also director of the National Security Agency.

The theft of 22.1 million federal records, including sensitive background information on millions of security clearance holders, will assist foreign nations in conducting future cyber attacks through so-called "spear-phishing," Rogers said, declining to name China as the nation state behind the OPM hacks.

Additionally, China is suspected in the hack uncovered in February of 80 million medical records of the health care provider Anthem, which would have given it access to valuable personal intelligence that can be used to identify foreign spies and conduct additional cyber attacks.

Rogers said the massive data thefts in recent months appears to coincide with massive spear-phishing hacking campaign around the world. Spear-phishing is the use of emails to gain unauthorized access to computers.

The vast amounts of data that have been stolen also will assist counterintelligence operations by countries like China that seek to identify foreign intelligence officers posted abroad, he added.

"No. 1, from an intelligence perspective, [personal data] gives you great insight to potentially use for counterintelligence purposes," Rogers said during remarks to the Aspen Security Forum July 23.

"So for example if I’m interested in trying to identify U.S. persons who may be in my country and I’m trying to figure out why are they there … are they just tourists, are they there for some other alternative … there are some interesting insights you can draw from the kind of data you were able to take from OPM," he said.

Additionally, nation states and criminal groups are gathering up vast amounts of data and analyzing it to identify "insights about people as individuals," Rogers said.

The goal is "to tailor products in the form of emails, that seem to you as a user so appropriate that you would receive it, [and suspect] it’s from somebody I know. It’s a topic that I really care about. It’s an issue that I’ve been really focused on for a long time," the four-star admiral said.

Those custom-tailored emails are designed "as a vehicle to actually get you to open an email, click on an attachment, click on a video link."

"Perhaps [it’s] unrelated that in the last nine months I am watching huge spear phishing campaigns coming out of several nations around the world directed against U.S. targets," Rogers said, adding that the big data cyber attacks and the increase in spear phishing attacks are "not unrelated to me."

Only a few years ago, intelligence and cyber security officials tended to focus on the potential theft of intellectual property, as well as research and development information, that could provide market advantages.

"And we really hadn’t come to a conclusion that perhaps not only is that of concern, but you combine the power of Big Data analytics, and the fact that today, the ability to bore through huge amounts of data and find seemingly disconnected and unrelated data points and bring coherent meaning and insight, [is] something that wasn’t there in the past," Rogers said.

As a result of the trend in cyber attacks over the past two years involving large-scale downloads of personal data and personnel information, the Pentagon has shifted the focus of its cyber defenses and now regards Big Data as a major new target.

"It’s not just about this idea, ‘Hey I want the plans for the F-35; Hey, I want to see what you’re doing in acoustic technology; Hey I want to see what you’re doing in the development of advanced dye products, for example," he said.

The new trend means the target set for foreign states and criminals is becoming bigger and "from a defensive standpoint, makes the job even more difficult."

Rogers was asked why the Obama administration has not named China as the state hackers behind the OPM attack when in the case of the Sony Pictures Entertainment cyber attack last year, North Korea was blamed publicly by the president.

The commander declined to discuss specifics of internal administration discussions on the OPM cyber attacks.

"But I would acknowledge that to date, the response to OPM, there’s a thought process, and I’m the first to acknowledge to date, we have take a different approach."

He acknowledged that foreign intelligence operations to steal U.S. government data in one sense could be viewed as a clandestine activity that many states use such as the National Security Agency’s large-scale electronic operations around the world.

As a result, the administration may have decided against exposing what it knows about China’s role in the OPM hack.

"I think its clearly part of the discussion," said Rogers who is the military’s most senior commander for cyber defensive and offensive operations.

"I’m not going to argue that that’s the factor that has brought us to where we are today," he said. "But I won’t deny it for one minute that it’s a factor that you do think about in any regard."

Publicly exposing the perpetrator of the OPM hack was balanced against the possible consequences of doing so for U.S. friends and allies, Rogers said.

"We thought about that when we were responding to Sony. We think about that in the OPM scenario. It’s a factor we think about in every situation," Rogers said.

Asked what concerns him most, Rogers said there has been a steady ratcheting up of cyber attacks and one of the trends is the increasingly destructive nature of the hacks.

In the Sony cyber attack, the company lost 70 percent of its hardware from North Korea-origin malware that damaged the company’s networks, including its digital telephone systems.

"I don’t think the destructive piece we saw in Sony is a one-off. We’re going to see more of that," Rogers said.

Additionally, large data thefts like the OPM hack will also continue to be a problem.

On the threat front, Rogers said nation states are seeking partnerships with hacker groups in order to prevent foreign intelligence and security services from accurately identifying the origin of cyber attacks.

The collaboration will make it "harder for us to tell policymakers ‘here’s who it was, it was this nation, this particular actor,’" Rogers said.

"Because remember, a policy response in broad terms always starts with the first question I always get: Who did it? Always starts with who did it. Then, it’s how did they do it, why did they do it.’"

"So you’re going to see nation states attempt to obscure our ability to say who did it," he said.

Published under: China , Cyber Security