Chinese hackers hit federal employee database

OPM, which manages security clearance investigations for federal workers and the military, was attacked in March.

Chinese hackers infiltrated the U.S. agency that manages the federal workforce in March, possibly targeting employees that are applying for top-secret security clearances.

Reported by the New York Times late last night, the hackers were able to gain access to some of the databases of the Office of Personnel Management before being discovered and blocked by federal authorities. Monitoring systems at the Homeland Security Department allowed the agency to detect the intrusion, but it is currently unclear how far the intruders were able to penetrate the agency’s systems.

What makes these attacks particularly worrisome is that OPM is responsible for overseeing the security clearance process for many federal employees, using a system called e-QIP. The e-QIP is a Web-based, automated system designed to process standard investigative forms for conducting background investigations, according to OPM.

The system is used by the agency and contractors to receive personal investigative data. The form can include highly personal information about an applicant’s life throughout varying time periods; the extent depends on the type of security clearance being applied for. For instance, potential employees undergoing a Single Scope Background Investigation can be required to truthfully provide information on past drug use, financial problems and foreign travels for the past 10 years.

For Defense Department employees, security clearance investigations are performed by OPM, which then sends the results to the DOD Central Clearance Facility (DODCAF) at Fort Meade, Md. About 87 percent of all Personnel Security Investigations are conducted on DOD personnel -- which includes civilian employees, military emebers and contractors.

Officials have noted that neither the DHS nor OPM have identified any loss of personally identifiable information. The attack was traced to China, but there has not been definitive proof that that attack was related to the Chinese government.

Cyberattacks remain an important national security issue as private security experts continue to release information alleging Chinese government sponsorship of hacking.

At least two Chinese military units—Unit 61398 and Unit 61486—have been implicated in attacks on defense, aerospace and energy companies in private industry reports. The U.S. government in May filed criminal charges against five members of Unit 61398 for alleged acts of cyber espionage, marking the first time that those types charges had been filed against a state actor.

The revelations about the OPM attack come as high-level talks were underway between U.S. and Chinese officials at the U.S.-China Strategic and Economic Dialogue, part of which covered cyber issues.

"Apparently this story relates to an attempted intrusion that is still being investigated by the appropriate U.S. authorities," Secretary of State John Kerry said, as reported by USA Today. "It does not appear to have compromised any sensitive material. And I'm not going to get into any of the specifics of that ongoing investigation, but we've been very clear for some time with our counterparts here that this is in larger terms an issue of concern."