While the terrestrial fears of terrorism and Ebola have dominated headlines, American leaders are fretting about what may be even more serious virtual threats to the nation’s security.
This year, hundreds of millions of private records have been exposed in an unprecedented number of cyberattacks on both US businesses and the federal government.
On Monday, just as President Obama arrived in Beijing to being a week-long summit with regional leaders, Chinese hackers are suspected to have breached the computer networks of the US Postal Service, leaving the personal data of more than 800,00 employees and customers compromised, The Washington Post reports.
The data breach, which began as far back as January and lasted through mid-August, potentially exposed 500,000 postal employees’ most sensitive personal information, including names, dates of birth, and Social Security numbers, the Postal Service said in a statement Monday. The data of customers who used the Postal Service’s call center from January to August may have also been exposed.
"The FBI is working with the United States Postal Service to determine the nature and scope of this incident," the federal law enforcement agency said in a statement Monday. Neither the FBI nor the Postal Service, however, confirmed it was the work of Chinese hackers.
The breach did not expose customer payment or credit card information, the Postal Service said, but hackers did gain access to its computer networks at least as far back as January. The FBI informed the Postal Service of the hack in mid-September.
“It is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity,” said Postmaster General Patrick Donahoe in a statement. “The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data.”
But the reported breach comes as both intelligence officials and cybersecurity experts say computer hackers now pose a greater threat to national security than terrorists.
Since 2006, cyber-intruders have gained access to the private data of nearly 90 million people in federal networks, the Associated Press reported in a major investigation published Monday.
Hackers have also accessed 255 million customer records in retail networks during this time, 212 million customer records in financial and insurance industry servers, as well as 13 million records of those in educational institutions, the AP reported.
“The increasing number of cyber-attacks in both the public and private sectors is unprecedented and poses a clear and present danger to our nation’s security,” wrote Rep. Elijah Cummings (D) of Maryland, ranking member of the House Committee on Oversight and Government Reform, in a letter to Postmaster General Donahoe on Monday.
Still, unlike the well-publicized hacks of businesses like Home Depot and Target, in which the payment information of nearly 100 million customers was exposed this year, recent data breaches have puzzled experts.
In October, JPMorgan Chase, the largest US bank, reported that hackers had compromised the personal contact information of more than 83 million customers. But even though the hackers, suspected to be from Russia, had access to numerous servers in JPMorgan’s systems, they accessed only personal information lists – not accounts or financial data.
Russian hackers were also suspected of being behind a breach of unclassified White House computers, reported in October as well.
The limited scope of the information that such hackers gained access to this year may indicate that they are simply exploring system security in the never-ending chess matches of international espionage and spying, experts say.
But the battle against highly sophisticated hackers, cybersecurity experts say, is a 24/7, 365-days-a-year arms race. It’s a cat-and-mouse game as hackers constantly probe a network’s defenses, finding inevitable flaws and weaknesses that system administrators must “patch” on a regular, ongoing basis.
This means hackers are usually one step ahead.
"No matter what we do with the technology ... we'll always be vulnerable to the phishing attack and ... human-factor attacks unless we educate the overall workforce," Eric Rosenbach, assistant secretary of Defense for Homeland Defense and Global Security, told the AP.