China Suspected of U.S. Postal Service Hack

As President Obama gallivants about in a Vulcan costume behind the Bamboo Curtain, his mandarin hosts have been busy spying on the United States Postal Service (USPS).

The Washington Post reports that the Chinese government is suspected of breaching the computer networks of the senescent government agency charged with delivering our snail mail.

The data of more than 800,000 employees have reportedly been compromised:

The compromised data included names, dates of birth, Social Security numbers, addresses, dates of employment and other information, officials said. Every employee from the letter carrier to the postmaster general was exposed. But no customer credit card information from post offices or online purchases at usps.com was breached, they said.

The Postal Service was notified of the breach by the FBI and other federal agencies in mid-September. Planning to deal with the hack began immediately, but the actual remediation did not take place until the weekend.

Earlier this year, the Office of Personnel Management and a security-clearance contracting company were also hacked. But it was fairly clear why the Chinese government should target both these institutions: They are staffed by people with security clearances and access to potentially sensitive government information.

Experts are not entirely sure why China would target the USPS, of all places. But one potential reason for its interest in the Newmans of the federal workforce is that, well, China just doesn’t know any better:

Some analysts say that targeting a federal agency such as the post office makes sense for China as an espionage tool. For one thing, the Chinese may be assuming that the U.S. Postal Service is more like theirs - a state-owned entity that has vast amounts of data on its citizens.

China might also just be vacuuming up as much data as possible in its search for new intelligence leads of any kind. Of particular interest, for example, could be the photographs of addressing information stored by the USPS at the behest of American law enforcement.

The Associated Press reports that the postal service security breach is one among many in recent years:

From 2009…to 2013, the number of reported breaches just on federal computer networks…rose from 26,942 to 46,605, according to the U.S. Computer Emergency Readiness Team or US-CERT. Last year, US-CERT responded to a total of 228,700 cyberincidents involving federal agencies, companies that run critical infrastructure like nuclear power plants, dams and transit systems, and contract partners. That’s more than double the incidents in 2009.

But the zinger is that gullible or otherwise careless federal employees are responsible for at least half of known cyberattacks since 2010:

They have clicked links in bogus phishing emails, opened malware-laden websites and been tricked by scammers into sharing information.

Last year…about 21 percent of all federal breaches were traced to government workers who violated policies; 16 percent who lost devices or had them stolen; 12 percent who improperly handled sensitive information printed from computers; at least 8 percent who ran or installed malicious software; and 6 percent who were enticed to share private information.

Given the government’s poor track record of protecting sensitive data, it may only be a matter of time before a serious breach threatens the personal information of millions of Americans.

Source: reason.com