Is it ironic that the FBI and various government, and commercial networks have been compromised? We all know that various organisations, such as GCHQ and the NSA, have been spying on us for years but leaked documents have revealed that a hacking group has been spying on them since at least 2011. The “group of malicious cyber actors” are believed by security experts to be the government-sponsored hacking group known as APT6.
There is not much public literature about the group, other than a couple of old reports, but APT6, which stand for Advanced Persistent Threat 6, is a codename given to a group believed to be working for the Chinese government. Kurt Baumgartner, a researcher at the Russian security firm Kaspersky Lab, stated that “[if]this is one of the earlier APTs, they definitely go back further than 2011 or whatever—more like 2008 I believe”.
A security alert shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities have been going unnoticed for several years. This is unsurprising as the US government has revealed that a group of hackers, widely believed to be working for the Chinese government, had infiltrated the computer systems of the Office of Personnel Management (OPM) for more than a year. In the process, they stole highly sensitive data about several millions of government workers and even spies.
The FBI lists a long series of websites used as command and control servers to launch phishing attacks “in furtherance of computer network exploitation activities in the United States and abroad since at least 2011.” Domains controlled by the hackers were “suspended” as of late December 2015, according to the alert, but it’s unclear if the hackers have been pushed out or if they still have access to the hacked networks.
Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, and who has reviewed the alert stated that it “looks like they were in for years before they were caught, god knows where they are,” “Anybody who’s been in that network all this long, they could be anywhere and everywhere.”
Adams purported that this alert shows that the US government is still not in control of what’s going on inside its most sensitive networks. The FBI declined to comment on the alert, only saying that it was just another example of a routine notice to private partners, “provided in order to help systems administrators guard against the actions of persistent cyber criminals.”
Kyrk Storer, a spokesperson for FireEye, confirmed that the domains listed in the security alert “were associated with APT6 and one of their malware backdoors,” and that the hackers “targeted the US and UK defense industrial base.” They are ”likely a nation-state sponsored group based in China,” which ”has been dormant for the past several years.”
At this point, it’s unclear whether the FBI’s investigation will lead to any convictions. However, two years after the US government charged five Chinese military members with hacking US companies, it is clear hackers haven’t given up attacking US targets. Indeed back in February a list of 20,000 FBI agents details were stolen and published online.
A hacker promised he would dump online a list of more than 20,000 agents of the Federal Bureau of Investigation and 9,000 Department of Homeland Security officers. The hacker initially carried out part of his promise, publishing a list of 9,000 DHS employees. On the subsequent Monday, less than 24 hours later, the hacker fulfilled the remaining part of his promise.
A DHS spokesperson said the agency is looking into the reports, though “there is no indication at this time that there is any breach of sensitive or personally identifiable information.” The FBI declined to comment and directed the media to the Department of Justice who stated that the department “is looking into the unauthorized access of a system operated by one of its components containing employee contact information.”
Peter Carr, a spokesperson for the DoJ, said in a statement that “this unauthorized access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information”. The hacker responsible for this breach reached out to Motherboard through a compromised DoJ email account, claiming to have obtained the stolen data by compromising that account and then using it to access a DoJ portal.
Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, criticized the US government for its failure to protect data, especially in the aftermath of the embarrassing and damaging hack on OPM, the government agency that handles employee information.
It is not only the US who are under attack, as Malcolm Turnbull, Prime Minister of Australia, has revealed when stating that “In this spirit of openness, and the need for clear leadership to break down a culture of denial as to the scope and scale of cyber threats, I can confirm reports that the Bureau of Meteorology suffered a significant cyber intrusion, which was first discovered early last year”.
He went on to say that “the Department of Parliamentary Services suffered a similar intrusion in recent years. Those organisations have worked hard with the experts at the Australian Cybersecurity Centre to understand and fix the vulnerabilities.”
Nick Xenophon, an independent Senator, criticised the Australian government for refusing “to disclose how many breaches there have been of cybersecurity involving government agencies, what the implications of those breaches are and when it comes to Australian citizens”. “[Australians] have no idea of how many breaches there have been of their own mobile phones, of their email, of their electronic data”.
He continued, “My information is that these breaches have been widespread. We don’t know how much damage has been done to Australia’s national interest. Not only in terms of government but also Australian companies as a result of these breaches.”