OPM Data Breach: China Hits Back at U.S. Over Federal Cyberattack
Source: NBC News
BEIJING — China accused the United States of making "groundless accusations" and being "irresponsible" Friday in blaming Chinese hackers for a vast data breach that could be the biggest cyberattack in U.S. history.
Four million federal workers may have had their personal information compromised in the attack, which officials said could affect every agency of the U.S. government.
U.S. officials and lawmakers identified the likely culprit as China, which has been suspected of involvement in previous government hacks.
Sen. Susan Collins (R-Maine), a member of the Senate Intelligence Committee, said the hack was "extremely sophisticated," and "that points to a nation state" as the responsible party, likely China.
Read more: http://www.nbcnews.com/news/us-news/opm-data-breach-china-hits-back-u-s-over-federal-n370351
To Susan Collins
Today's Hackers Are Way More Sophisticated Than You Think
Defining Today’s Hacker
Today’s breed of hacker did not just appear. Instead, the skilled professionals behind the latest security threats are the result of long-term evolution. When most people think about hackers and security, they are clinging to an outdated vision.
Hackers are now part of a highly specialized and distributed criminal ecology. The most basic layer is filled with individuals focused on finding exploits in software. Instead of using the exploits, these professionals often sell discoveries to groups specializing in packaging exploits and running them through botnets. Those individuals, in turn, rent their botnets to anyone who aims to gain unauthorized access to other computer systems.
<snip>
It’s hard to tie an accurate dollar amount to the costs associated with hacking. However, the sophistication of today’s hacker is quite clear in the Ponemon Cost of Cyber Crime Study, which shows a 20 percent increase in successful attack rates year over year, even as organizations continue to invest in security tools.
How Do They Do It?
Part of hackers' growing sophistication is a direct result of the vast number of attack methodologies at their disposal. They can pick and choose among denial of service attacks, viruses, worms, trojans, malicious code, phishing, malware, botnets and ransomware, any of which could play a key role in opening business data centers to intrusion.
<snip>
Many attacks are also precisely targeted against particular individuals with access to sensitive information—proprietary corporate secrets, for instance, details of negotiations or other information that could be valuable to competitors or investors willing to base trades on it. These hackers are like snipers with carefully crafted attack plans.
The danger here is that their attacks are highly unlikely to turn up in your typical malware or antivirus detection system. That's because such threats are often tailored specifically for particular targets and rely on innovative techniques and zero-day vulnerabilities. As a result most detection systems won't have a clue what to look for.
Finally, modern hacker attacks are persistent. Once a hacker gets into one person’s corporate email, they can gather enough information to social engineer everyone else in the company. Patience is a real factor in these attacks. Attackers do not just come in, poke around and leave. In most breaches, it turns out that the hacker has been inside the network for months.
http://readwrite.com/2015/02/04/sophisticated-hackers-defense-in-depth
I know, of course, is lying -- all I ask for is proof China did the hack -- something that would convict them in court than this gut feeling knowing who does every hack as soon as it happens but unable to know that it is happening.
