A Look at Some Key Federal Cybersecurity Breaches
A $10 billion-a-year federal effort to protect critical data is struggling against an onslaught of cyberattacks by thieves, hostile states and hackers.
An Associated Press report this week finds that federal cybersecurity officials also face another challenge: Too often, government employees and contractors are undermining cyberdefenses by clicking malicious links, losing devices and data, or sharing information and passwords.
Last year, security officials responded to a total of 228,700 cyberincidents involving federal agencies and contract partners.
Here's a look at some key breaches in past years:
———
October 2014: White House press secretary Josh Earnest confirmed detection of "activity of concern" on the White House network after news reports that a cyberattack, possibly from Russia, had breached unclassified computers. Officials said there was no evidence that hackers breached classified files, and steps were taken to mitigate the suspicious activity.
———
October 2014: The FBI announced the arrest of National Weather Service employee Xiafen "Sherry" Chen. A federal indictment accuses Chen of illegally downloading restricted files from the National Inventory of Dams, which contains sensitive information about vulnerabilities in the nation's 85,000 dams. The May 2012 breach was not made public for a year.
———
September 2014: Senate investigators said China's military hacked into computer networks of civilian transportation companies hired by the Pentagon at least nine times, breaking into computers aboard a commercial ship, targeting logistics companies and uploading malicious software onto an airline's computers. A yearlong investigation identified at least 20 break-ins or other unspecified cyberevents targeting companies, and investigators blamed China for all the most sophisticated intrusions. Investigators alleged China's military was able to steal emails, documents, user accounts and computer codes. They also said China compromised systems aboard a commercial ship contracted for logistics routes, and hacked into an airline the U.S. military used.
———
July 2014: British hacker Lauri Love was indicted for breaking into computers at the U.S. Energy and Health and Human Services departments, the FBI's Regional Computer Forensics Laboratory and others and stealing massive amounts of sensitive and confidential information. Love, who also faces other U.S. indictments, has not been extradited. He lives in the United Kingdom.
———
June 2014: USIS, the government's leading security clearance contractor, reported to federal authorities a cyberattack that compromised the records of at least 25,000 Homeland Security employees. The attack, similar to other intrusions from China, penetrated computer networks for months before it was revealed, officials told the AP. The hack wasn't made public until August; almost a quarter of a million federal employees were urged to monitor financial accounts.