For more than five years, U.S. intelligence agencies followed several groups of Chinese hackers who were systematically draining information from defense contractors, energy firms and electronics makers, their targets shifting to fit Beijing's economic priorities. Last summer, says the New York Times, officials lost the trail as some hackers changed focus again, burrowing deep into U.S. government computer systems that contain vast troves of personnel data. Undetected for nearly a year, Chinese intruders executed an attack that gave them “administrator privileges” into the computer networks at the Office of Personnel Management, mimicking the credentials of people who run the agency's systems.
Much of the data had been stored in lightly protected systems of the Interior Department because it had cheap, available space for digital data storage. The hackers' target: one million federal employees and contractors who filled out a form known as SF-86, with personal, financial and medical histories for anyone seeking a security clearance. “This was classic espionage, just on a scale we've never seen before from a traditional adversary,” one official said. The administration is urgently working to determine what other agencies store sensitive information with weak protections. Te Internal Revenue Service allowed employees to use weak passwords like “password.” One report detailed 7,329 “potential vulnerabilities” because software patches had not been installed. “We are not where we need to be in terms of federal cybersecurity,” said Lisa Monaco, President Obama's homeland security adviser.