Skip to content
Link copied to clipboard

Security-clearance breach went unnoticed

The FBI is trying to find the attackers, the scale of data stolen, and why the contractor's alarm failed.

WASHINGTON - A cyberattack similar to previous hacker intrusions from China penetrated computer networks for months at USIS, the government's leading security-clearance contractor, before the company noticed, officials and others familiar with an FBI investigation and related official inquiries said.

The breach compromised the private records of at least 25,000 employees at the Homeland Security Department and cost the company hundreds of millions of dollars in lost government contracts.

In addition to trying to identify the perpetrators and evaluate the scale of the stolen material, the government inquiries have prompted concerns about why computer detection alarms inside the company failed to quickly notice the hackers and whether federal agencies that hired the company should have monitored its practices more closely.

Former employees of the firm, U.S. Investigations Services L.L.C., also have raised questions about why the company and the government failed to ensure that outdated background reports containing personal data weren't regularly purged from the company's computers.

Details about the investigation and related inquiries were described by federal officials and others familiar with the case. The officials spoke only on condition of anonymity because they were not authorized to comment publicly on the continuing criminal investigation, the others because of concerns about possible litigation.

A computer forensics analysis by consultants hired by the company's attorneys defended USIS' handling of the breach, noting it was the firm that reported the incident.

The analysis said government agencies regularly reviewed and approved the firm's early-warning system. In the analysis, submitted to federal officials in September and obtained by the AP, the consultants criticized the government's decision in August to indefinitely halt the firm's background investigations.

USIS reported the cyberattack to federal authorities June 5, more than two months before acknowledging it publicly. The attack had hallmarks similar to past intrusions by Chinese hackers, said people familiar with the investigation. In March, hackers traced to China were reported to have penetrated computers at the Office of Personnel Management, the federal agency that oversees most background investigations of government workers and has contracted extensively with USIS.

In a brief interview, Joseph Demarest, assistant director of the FBI's cyber division, described the hack against USIS as "sophisticated," but said "we're still working through that as well."

For many people, the impact of the USIS break-in is dwarfed by recent intrusions that exposed credit and private records of millions of customers at JPMorgan Chase & Co. Inc., Target Corp., and Home Depot Inc. But it's significant because the government relies heavily on contractors to vet U.S. workers in sensitive jobs.

"The information gathered in the security-clearance process is a treasure chest for cyber hackers. If the contractors and the agencies that hire them can't safeguard their material," said Alan Paller, head of SANS, a cybersecurity training school, and former cochair of DHS' task force on cyber skills, "the whole system becomes unreliable."