Professor outlines technical details of US OPM Data Breach in theConversion.com

08/06/2015

News image

In theconversation.com, Prof Bill Buchanan has outlined the details of the recent US Data Breach of more than four million personal records of US government workers are thought to have been hacked and stolen, it has been.

With US investigators blaming the Chinese government (although the Chinese deny involvement), this incident shows how data could be the new frontier for those in cyberspace with a political agenda.

In April 2015, the US Office of Personnel Management (OPM) – the body that provides the human resources function for the federal government and is responsible for background checks for security clearances – realised its records had been hacked.

Along with the direct personnel details, there are a whole range of references and contacts contained in the OPM records. The sensitive data could be used to identify people with security clearances, and could be used for the impersonation or blackmail of federal employees. Someone with security clearance could be exposed to identity fraud, where an intruder could gain access to sensitive information using the stolen identifies.

The data could also be used to hack into other government sites. For example, intruders recently attempted to breach the Inland Revenue Service’s systems (this time it was blamed on Russia) using personal information taken from tax returns stolen during other commercial breaches.

Such attacks create a certain amount of national humiliation. The hacking of confidential data from Sony highlighted how embarrassing it can be for information to leak. The contents of its sensitive emails are now searchable on Wikileaks, and we have probably only seen the tip of the iceberg in terms of the data that was taken.

Details here.

 
[Read More]

Associated people

William Buchanan
Director of CDCS
w.buchanan@napier.ac.uk
+44 131 455 2759
Dynamic Forensics Evaluation and Training (DFET)
Dynamic Forensics Evaluation and Training (DFET) will create new training methods/techniques to support judicial authorities, law enforcement agencies and associated stakeholders in the fight against cybercrime through the development of a virtual (cloud-based) cybercrime training environment to...
Cyber-Security
Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Resources