ROBERT SIEGEL, HOST:
The White House and the FBI aren't saying much as the massive hack on the Office of Personnel Management is investigated. Starting Monday, those who may have had personal data stolen will be notified. In the meantime, there is plenty of speculation about what happened. NPR's Aarti Shahani has been talking to private security companies.
AARTI SHAHANI, BYLINE: Security researchers say the attack against OPM was not random. It wasn't hackers indiscriminately jumping around government servers in search of any old hole they could crack open. In fact, according to iSIGHT Partners and ThreatConnect, two firms that focus on studying organized hacker groups, this latest breach is directly connected to the high-profile attacks against health insurers.
JOHN HULTQUIST: We have been tracking, for instance, the hackers that we believe are responsible for the Anthem and Premera breaches.
SHAHANI: John Hultquist is with iSIGHT Partners.
HULTQUIST: They've been active for quite a while, carrying a lot of intrusion attempts against organizations that have a lot of personally identifiable information. We believe that's very likely the same reason why they went after OPM.
SHAHANI: Hackers build something called a command and control server to direct their malicious software, malware, to hit targets. iSIGHT examined the servers used against Anthem health care, Premera Blue Cross and OPM and found similarities so extensive that the security firm concludes the same hacker group is behind all three mega breaches. ThreatConnect agrees and goes a step further.
ADAM VINCENT: So we believe it's China.
SHAHANI: Adam Vincent is CEO.
VINCENT: It would not be a run-of-the-mill hacker group. It would be an organization affiliated with the Chinese government, whether it's internal government or whether it's simply funded by them.
SHAHANI: The Federal Bureau of Investigation is not confirming this assertion about China or issuing any comments because they're still investigating. And China denies it, calling the claims irresponsible. Both security companies say the stolen records can help the attackers break into their next government targets. John Hultquist.
HULTQUIST: Having that ability to impersonate federal employees could be a really great way to make inroads against those targets.
SHAHANI: Several researchers say they have not seen the stolen data from OPM or Anthem or Premera show up in black market sites. That suggests hackers aren't selling the data for quick cash. They're holding on for a longer game that could include espionage or extortion. John Prisco is CEO of Triumfant, a company that tries to identify attacks early on. He says these breaches that grab Social Security numbers, dates of birth, addresses, they're very different from a credit card hack.
JOHN PRISCO: Well, a credit card breach has a limited shelf life, so they have to be sold very quickly. But with personally identifiable information, that can be used for years.
SHAHANI: OPM is offering victims 18 months of free credit monitoring and cyber-insurance. Jason Lewis, with the security firm Lookingglass, criticizes this offer, calls it knee-jerk.
JASON LEWIS: They offer that creditor monitoring like that is somehow going to protect people. There's no protection from anything.
SHAHANI: He says in this new era where our digital lives are being stolen, credit monitoring doesn't hurt, but it also doesn't help. Aarti Shahani, NPR News.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.