FP Sit-Rep Spet 24, 2015
By Paul McLeary with Adam Rawnsley
You’ve got a friend in me. On the eve of Chinese President Xi Jinping’s visit to Washington, two security firms claim to have uncovered proof that a Chinese military unit involved in cyber espionage has teamed up with a grassroots hacker collective in southern China. Together, the two have managed to break into sensitive computer networks in countries competing with China for control over the South China Sea.
But the best part of the story is how the researchers made the connection. Turns out, it was partly a simple case of laziness with a username that allowed cybersecurity firms ThreatConnect and Defense Group Inc. to link the army and the Naikon hacker group. The trail led to a man named Ge Xing, a member of People’s Liberation Army Unit 78020 who apparently used the username greensky27 all over the Web, including for work, creating a virtual map for researchers to trace the hacks.
The dominoes fall. What’s one more disturbing cyber story? FP’s Elias Groll writes that the hack of the Office of Personnel Management first revealed in June was much bigger than originally reported. The OPM said Wednesday that suspected Chinese hackers made off with 5.6 million sets of fingerprints, a much higher number than the 1.1 million that had previously been estimated. While there isn’t much that anyone can do with fingerprints just yet, an OPM spokesman offered the chilling assessment that this “could change over time as technology evolves.”