RENEE MONTAGNE, HOST:
New details have emerged about the massive hacking of federal government data, revealing that it was several times larger than originally thought. The Office of Personnel Management has now confirmed sensitive information was stolen from around 22 million individuals. That includes nearly everyone who applied for a government background check in the last 15 years or were married or living with someone who did. Now officials are moving to the next step - the question of whether hackers did not just steal, but also left something behind. NPR's Dina Temple-Raston reports.
DINA TEMPLE-RASTON, BYLINE: The extent of the breach is stunning. The director of OPM, Katherine Archuleta, provided an unsettling official list of what was stolen.
KATHERINE ARCHULETA: Social Security numbers, residency and educational history, employment history, information about immediate family and other personal and business acquaintances, health, criminal and financial history and other details.
TEMPLE-RASTON: Other details, like the result of background interviews and the fingerprints of some 1.1 million government employees. Officials said they discovered two breaches. Hackers were in one network for nearly a year and were active in another with sensitive information for seven months. And that's a long time, says Joel Brenner. He's a former inspector general of the National Security Agency.
JOEL BRENNER: They do have a gold mine. There's no question about that in what they stole, but nobody seems to be paying attention to what they might've left behind.
TEMPLE-RASTON: As investigators continue to gather information, they're also looking for signs that these records could have been altered or deleted and not just stolen.
BRENNER: That's a difficult thing to do, but it's not beyond thinking. Once you're in a system, you not only can steal things from it, you can change what's inside of it.
TEMPLE-RASTON: That's a concern because according to the director of national intelligence, James Clapper, China is the leading suspect in this attack. Another thing investigators are looking for -whether the attackers left malware in the system to use later.
JAMES CLAPPER: What you'd call sort of passive, go-to-sleep kind of malware that might then wake up later on after we think we've cleaned it out and begin exfiltrating data yet again.
TEMPLE-RASTON: Administration officials say they haven't found signs of that yet, but they are looking. And there's another worry beyond the stolen records. Officials say the information collected can be the basis for a very effective spear-fishing campaign, which could help the hackers get back into the system. Spear-fishing is an email that appears to be from someone you know, but is in fact from someone who is trying to get unauthorized access to your computer.
STEWART BAKER: I've been on the receiving end of that kind of spear-fishing campaign myself where the attackers actually went so far as to open a Yahoo Mail account in my name.
TEMPLE-RASTON: Stewart Baker used to work at the Department of Homeland Security and is now an attorney specializing in cyber in Washington.
BAKER: And once you know all of the relatives and can gather information on relatives of your targets, then you can send an email saying you might be interested in this particular PDF.
TEMPLE-RASTON: You open it, read it, and the hackers are in. So far, none of that has happened. In fact, one of the reasons why officials believe that a state actor like China is behind this hack is because the things you'd usually see - personal information for sale on the dark web, spear-fishing campaigns - are conspicuously absent from this cyber attack.
ARCHULETA: We have not been notified of anyone being affected by this.
TEMPLE-RASTON: Again, OPM Director Archuleta.
ARCHULETA: We have no evidence that this data has been used anywhere.
TEMPLE-RASTON: Archuleta said she'd taken a series of steps in response to the hacking, including creating a cybersecurity adviser position at OPM. There have been calls for her resignation, but she said she has no intention of quitting. Dina Temple-Raston, NPR News.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.