On November 10, 2014 the United States Postal Service (USPS) announced they were the victim of a cyber security intrusion. The breached was discovered in September and it appears that the Chinese government may be responsible. In the document “USPS Cyber Intrusion and Employee Data Compromise November 10, 2014” released on 11/10/2014, the USPS stated the intrusion was similar to attacks being reported by many other federal government entities and corporations. Although this is a blanket statement, the release does highlight some key information.
1. Other intrusions into other U.S. government systems have been linked to China.
2. Although the USPS stated there was no compromise of cardholder data, the intrusion compromised call center data submitted by customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or email between January 1, 2014 and August 16, 2014. The compromised data consists of names, addresses, telephone numbers, e-mail addresses, and other information customers may have provided.
3. The compromised employee data includes information on over 800,000 names, DOB, SSN, addresses, dates of employment, and emergency contact information for all active employees and employees who left after May 2012.
4. Part of the precautions that have taken learned so far include equipment and system upgrades. This could indicate the compromised systems, or at least pivot points, we not patched to the appropriate level
Sophisticated attacks like this usually do not target credit card numbers or identity theft, but look at the employee base of the agency. This list can be used in counter intelligence recruitment operations. China has shown the capabilities of their cyber-warfare capabilities and this information can be used as a tool for them and their allies. Although China is not new to espionage, their typical cyber-attacks typically are based on industrial espionage that will provide strategic growth for the country. Other countries like Russia are more focused on this type of information. The indicators of compromise are not yet public, but it is not uncommon for Russians to write code in Chinese.
Initial reports point to Chinese hackers, however the information presented does not give any clear indicator how this was determined or evidence showing it was China related. Typically these types of breaches of government related systems are beneficial to foreign intelligence, not necessarily organized crime. Regardless of the motive, the breach appears to affect over 800,000 employees that work for the USPS and potentially other pieces of customer information.
Binary Defense will continue to look into this situation and will post a new blog post once more information is found.