American Military University Office of Personnel Management Case Report In a minimum of 6-full pages in length with a minimum of 3-outside sources:1) This

American Military University Office of Personnel Management Case Report In a minimum of 6-full pages in length with a minimum of 3-outside sources:1) This is a culmination of the past eight weeks of work. The case is closed, and you need to turn in a final report. Please take a look at this page and read how to outline the report: https://digital-forensics.sans.org/blog/2010/08/25…2) In essence, you will be combining the information from previous six assignments. The Case Summary is a vital part of this report where you sum up all of your work. The Forensics Acquisition and Exam Preparation will need to be a mixture of some content identified already and some “imagination.” Findings and Report will be a combination of the case and its key aspects/facts. And then you got your conclusion.There are six paper required in the combination into the final case study report. The final paper is the one you are currently working on as a stand-alone paper. Running head: OPM CYBER INCIDENT
Office of Personnel Management Cyber Incident, July 2015
1
OPM CYBER INCIDENT
2
Office of Personnel Management Cyber Incident, July 2015
The report released describing the theft of personally identifiable information from the
Office of Personnel Management (OPM) systems indicated the loss of tens of millions of
citizens’ private data. The analysis sought to evaluate the usability of these findings to put in
place appropriate measures to avoid the occurrence of such happenings. The analysis sought to
explore the factors that led to the breaches and hence, prevent the resultant data losses. The
report, depicting these events, detailed the timelines as well as events in their chronology of
occurrence. The actions applied to the report thereof evaluate and lay bare the security measures
that could have been executed to enable security in the related undertakings. The report as well
provided a hashing tool that is mostly in the open-source format to enable readers of this report
to implement the security recommendations. The open-source format recommended can be
implemented by various readers of the report from within their respective organizations to
achieve the security objectives desirable.
The security breaches experienced, as depicted in these reports, can be at the very least
minimized if not eliminated if the recommendations given are adhered to with relative accuracy
by relevant federal organizations (Finklea, Christensen, Fischer, Lawrence, & Theohary, 2015).
The timelines of the report, therefore, depicted the chronology of the happenings of the breach.
The importance of the timelines was to expound on the nature of the breach through detailing the
occurrences. The evaluation of these timelines provided more accurate documentation of the
events and eased the process of similar breach detection at the earliest stages of occurrence.
Early detection of these breaches eased the recovery process as well as reduced the impacts of
the breaches, and, through these events, the security concerns are relatively mitigated.
OPM CYBER INCIDENT
3
Chinese hackers infiltrated the OPM computer systems in March 2014. The intent of the
OPM computer system infiltration by the Chinese hackers is presumed to be for purposes of
collecting information on federal workers. The information collection was majorly targeted on
the federal workers who had made earlier applications for security clearances as may be relevant
to them. After the infiltration was made, authorities made claims of having discovered the
infiltration, thanks to the systems designed to detect such intrusions systemically. The authorities
decided against not disclosing the information to the public regarding the intrusion since they
believed that no personally identifiable information was lost to the Chinese hackers.
In June 2014, an investigative authority reached a definitive agreement that personally
identifiable information of 25,000 government employees was compromised and disclosed the
findings publically. The disclosure of these findings was channeled through a memorandum to
15 large federal agencies notifying them of the occurrences. It was understood then that OPM
did not intend to renew its contract with the U.S. Investigations Services (USIS) in September
2014 (Gootman, 2016).
The attack was made public to the American population for the first time in July 2014
through an article within the New York Times. Later on, more outlets reported the intrusion.
The security contractors involved depicted the intrusion as being state-sponsored. The Federal
Bureau of Investigation (FBI) commenced its investigations into the matter, in addition to the ongoing investigation into the USIS breach.
The investigations commenced by the FBI pointed to the fact that the breach had affected
a government provider of investigative services to the U.S. Government. Department of
Homeland Security (DHS) employees numbering up to hundreds of thousands are thought to
have been targeted by the attack and their personally identifiable information compromised. The
OPM CYBER INCIDENT
4
breach was publicly announced by U.S. officials on June 4, 2015, laying bare the possibility of a
data compromise of numerous U.S. citizens. It was made clear that the possibly affected
individuals would be told of the incident through official letters from OPM and mitigations the
individuals should make to ensure the security of their financial and personal information.
The technical details of the breach were not accurately made available to the public by
elaborating on the events that led to the final act. It was widely attributed that the credentials of
KeyPoint Government Solutions – another security contracting firm, whose data was also
breached — were used to gain access to the database of OPM. The details of the attack depicted
an undesirable picture of the security practices within the agency. A number of the systems in
operation there do not have authorization depicting certification of system meeting security
requirements for operation. These operational standards laid the hurdle too low for an adversary
to gain access to the systems (Connor, 2015). Once the hackers had the valid system log
credentials as well as were met with unsecured systems, it is not hard to evaluate why their job
did not prove too demanding. These facts point out possible reasons for the success of the
intrusion.
It is essential to note the need for the Chief Information Officer (CIO) to have an accurate
impression of the data that they possess in their systems as this would resultingly lead to the
establishment of a better approach towards the securing of the data held by them. The risk of
intrusion and subsequent compromise of the data has to be reduced to an acceptable level if not
possibly eliminated. Data protection procedures have to be put in place to avoid breaches as well
as policies implemented for empirical mitigation of potential breaches at the earliest stages of the
detection. The detection systems have to be optimally operational and meet as well as possibly
surpass universal standards.
OPM CYBER INCIDENT
5
Bibliography
Connor, C. (2015). Office of Personnel Management Breach. Retrieved October 15, 2019, from
Office of Scientific and Technical Information:
https://www.osti.gov/servlets/purl/1324410
Finklea, K., Christensen, M. D., Fischer, E. A., Lawrence, S. V., & Theohary, C. A. (2015, July
17). Cyber Intrusion into U.S. Office of Personnel Management: In Brief. Retrieved
October 15, 2019, from Federation of American Scientists:
https://fas.org/sgp/crs/natsec/R44111.pdf
Gootman, S. (2016, October). OPM Hack: The Most Dangerous Threat to the Federal
Government Today. Journal of Applied Security Research, 11(4), 517-525.
doi:10.1080/19361610.2016.1211876
Thomas, D. (2016, September). An Approach to Reducing Federal Data Breaches. SANS
Institute. Retrieved October 13, 2019, from
https://edge.apus.edu/access/content/attachment/415792/Assignments/4a9bfa1b-254744ea-9758-b411b67ca7dc/week2-approach-reducing-federal-data-breaches-36990.pdf
Running head: OPM CYBER INCIDENT – PART TWO
Office of Personnel Management Cyber Incident, July 2015 – Part Two
1
OPM CYBER INCIDENT – PART TWO
2
Table of Contents
Office of Personnel Management Cyber Incident, July 2015 – Part Two ……………………… 3
Introduction …………………………………………………………………………………………………………. 3
Attribution and Connections to China …………………………………………………………………….. 3
The Arrest of Yu Pingan ………………………………………………………………………………………… 5
Utilization of the Breached OPM Data ……………………………………………………………………. 6
Bibliography ……………………………………………………………………………………………………….. 8
Footnotes …………………………………………………………………………………………………………… 10
OPM CYBER INCIDENT – PART TWO
3
Office of Personnel Management Cyber Incident, July 2015 – Part Two
Introduction
It is well known how X1 was able to access the OPM systems. However, The Office of
Personnel Management (OPM) was already facing criticism for its subpar security procedures
even before the intrusion happened. Additionally, it is not well known whether X1 and X2 were
identical intruders. However, considering that X1 stole data about the OPM system, which
turned out to be quite useful for the X2 agenda, it is assumed that they undertook the attack with
some level of collaboration. The technical management of OPM did not consider the intrusion of
X1 as a warning that could have helped them in detecting X2 (Fruhlinger, 2018).
Even though no conclusive evidence was found to link the intrusion to a particular
hacker, the overwhelming agreement is that the breach was undertaken by state-sponsored
hackers with links in China. As part of the evidence, the backdoor tool used in the OPM system
known as Plugx is linked to the Chinese language hacking teams. These teams have been known
to send cyber-attacks to civil activists in Hong Kong. They also utilize various superhero names
in their cyber-attacks. In connection with the attacks, Yu Pingan was detained by the Federal
Bureau of Investigations (FBI). He was charged with conspiracy to wield a suspicious software
called Sakula.
Attribution and Connections to China
Determining the perpetrators and their motives in any cyber-incident could offer guidance
of the response methods of the United States. If an intruder’s motives are assumed to be profits
and financial benefits, the investigation and reaction might be engaged by law enforcement
utilizing the criminal justice instruments. If the intruders are believed to have been sponsored by
a state with differing motivations, the U.S. might use consular or military options to respond.
OPM CYBER INCIDENT – PART TWO
4
Following the breach, the National Security Agency (NSA) declined to offer the specifics of the
perpetrators and their attributes, stating that they were carrying out their response through the
policy side. The Director of NSA, Admiral Michael Rogers, suggested that a wide scope of
individuals, groups, and countries were aggressively trying to breach that data. The Director of
National Intelligence, James Clapper, later suggested that China was the lead suspect. The
director grudgingly admire the alleged Chinese intrusion stating that the United States would
have hesitated given such an opportunity.
Without plainly negating involvement, the Chinese government responded to the
allegations of their involvement in the breach by stating that they were neither liable nor
scientific. In June 2015, during the yearly United States-China Strategic and Economic
Dialogue, the outcomes of the cyber discussions between these two countries were not officially
mentioned (Gootman, 2016). In July of the same year, the Chinese government mentioned that it
was imperious to halt baseless allegations, promote consultations that would help in the
formulation of a global code of conduct in the cyberspace, and mutually promote harmony,
security, honesty, and coordination of the cyberspace via greater dialogue and collaboration
while mutually respecting each other. It is important to note that the U.S. had brought up legal
charges on China for various cyber-attacks in May 2014.
The Department of Justice had charged five members of the Chinese People’s Liberation
Army (PLA) for financial cyber espionage that supposedly attacked five U.S. corporations and a
labor organization. This was the only incident that the U.S. had brought up legal charges against
identified state perpetrators for financial cyber espionage. However, in the OPM data breach
case, there is no likelihood of such charges. In accordance to policy, the U.S. has attempted to
OPM CYBER INCIDENT – PART TWO
5
differentiate between cyber-attacks for gathering information for national security goalsi, and
cyber-attacks for stealing information for commercial reasonsii.
In 2013, after some United States signals intelligence documents had been publicized, a
high-ranking official in the Obama administration stated that the federal government had been
clear about the big difference between intelligence-gathering efforts that every nation does and
the stealing of intellectual property that to favor certain businesses within the country. For the
OPM breach, it seems that its purpose was to gather intelligence instead of undertaking
commercial espionage (Zetter & Greenburg, 2015). If the U.S. decides to use other responses to
cyber-attacks from China, various professionals have made suggestions that the Chinese
government has numerous susceptibilities that the U.S. can exploit. China’s irregular industrial
advancement, disjointed cyber resistance, irregular cyber handling tradecraft, and the
marketplace domination of the western information technology (IT) companies have provided a
setting that is favorable to western cyberspace exploitation against China.
The Arrest of Yu Pingan
Criminal justice officers detained Yu Pingan after the breach. He was suspected of
providing malware that had been linked to the OPM data breach. Although the charges did not
specifically give reference to the data breach, cyber-security experts linked the malware utilized
in the cyber-attack, Sakula, to the breach. Based on an FBI document in June 2015 on this
malware, the stealing of personally identifiable data (PII), which had also been targeted in the
OPM breach, had been highly prioritized by the Sakula hackers. A Threat Connect blog of that
same year tied the Sakula malware to a cyber-attack perpetrator in China, who had also targeted
sections of the health division and a defense contractor from Virginia known as VAE Inc.
According to the blog, from about April 2011 to mid-January 2014, in the southern regions of
OPM CYBER INCIDENT – PART TWO
6
California and other regions, Yu Pingan had knowingly agreed and conspired with other known
and unknown individuals to illegally damage a secured computer system, leading to a loss of at
least five thousand dollars. The indictment added that Yu Pingan and other Chinese nationals
had acquired and utilized malicious software, some of which had not been identified by the FBI
and the cyberspace community. Sakula was among this malicious software. The indicted also
listed four unidentified victims of the cyber-attacks, which had happened over five years from
2010.
During this period when the suspicious events occurred, Sakula had been new and
unusual malware. The only recorded utilization of the malware by the FBI happened on
November 2012. In the investigations, apprehended emails tied Yu Pingan and other Chinese
nationals to this Sakula malware. Additionally, the FBI believed that the newness and scarcity of
this malicious software proved that only a trivial amount of hackers recognized it and they had to
have been working together. This evidence overwhelmingly indicated that Yu Pingan had given
Sakula to the state-sponsored actors of the OPM breach and was aware that it would be used to
attach U.S. systems.
Utilization of the Breached OPM Data
It is not yet clear how the data breached from OPM may be utilized if it is indeed being
held by the Chinese government. Governmental and nongovernmental officials suspect that the
Chinese government might be attempting to create a huge database of U.S. government
personnel, which might help identify federal officials and their jobs. According to some experts,
the Chinese might possess the biggest spy-recruitment database in the world. Based on some
suggestions, the data exposed in the breach might help in designing spear-phishing e-mails.
OPM CYBER INCIDENT – PART TWO
7
Such emails can fool people to open links that give access to hackers. Furthermore, such
information could be used for exploitation by criminal groups.
For example, breached social security details and other personal information might be
utilized to conduct identity theft and financially driven cyber-crimes like credit fraud attempts.
Nevertheless, IT specialists have not been sure if the breached OPM data will appear in the
internet black market to be sold to criminal groups. When cyber-attackers have attempted in the
black markets to overlook other breached data as that originating from the OPM case, this has
been exposed, and the breached information appeared to have originated from different sources.
The absence of breached OPM information showing up in the criminal black market has driven
some to conjecture the breaches had a high likelihood of being directed for espionage as opposed
to criminal reasons (Bachura, Valecha, Chen, & Rao, 2017). However, regardless of whether the
information was taken for non-criminal intentions, it might still end up being used by criminals.
Conclusively, while discourse about the breached fingerprint data has been constrained,
investigators have started to address how this information could be utilized. Some have
suggested that if the fingerprints are of sufficiently high quality, there might be intensely
negative long haul ramifications for people impacted and their prospective utilization of
fingerprints for verifying their identification. Contingent upon where the fingerprints end up,
they might be utilized for illegal or counterintelligence reasons. Based on the malicious tools
utilized, the motives, and their links to Yu Pingan and the Chinese government, it is impossible to
overlook the fact that the OPM breach was indeed undertaken by these suspects.
OPM CYBER INCIDENT – PART TWO
8
Bibliography
Bachura, E., Valecha, R., Chen, R., & Rao, H. R. (2017, October 12). Data Breaches and the
Individual: An Exploratory Study of the OPM Hack. Retrieved October 22, 2019, from
Association for Information Systems:
https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1168&context=icis2017
Connor, C. (2015). Office of Personnel Management Breach. Retrieved October 15, 2019, from
Office of Scientific and Technical Information:
https://www.osti.gov/servlets/purl/1324410
Finklea, K., Christensen, M. D., Fischer, E. A., Lawrence, S. V., & Theohary, C. A. (2015, July
17). Cyber Intrusion into U.S. Office of Personnel Management: In Brief. Retrieved
October 15, 2019, from Federation of American Scientists:
https://fas.org/sgp/crs/natsec/R44111.pdf
Fruhlinger, J. (2018, November 6). The OPM Hack Explained: Bad Security Practices Meet
China’s Captain America. (IDG Communications, Inc.) Retrieved October 23, 2019, from
CSO: https://www.csoonline.com/article/3318238/the-opm-hack-explained-bad-securitypractices-meet-chinas-captain-america.html
Gootman, S. (2016, October). OPM Hack: The Most Dangerous Threat to the Federal
Government Today. Journal of Applied Security Research, 11(4), 517-525.
doi:10.1080/19361610.2016.1211876
Thomas, D. (2016, September). An Approach to Reducing Federal Data Breaches. SANS
Institute. Retrieved October 13, 2019, from
https://edge.apus.edu/access/content/attachment/415792/Assignments/4a9bfa1b-254744ea-9758-b411b67ca7dc/week2-approach-reducing-federal-data-breaches-36990.pdf
OPM CYBER INCIDENT – PART TWO
Zetter, K., & Greenburg, A. (2015, June 11). Why The OPM Breach Is Such a Security and
Privacy Debacle. Retrieved October 24, 2019, from Wired:
https://www.wired.com/2015/06/opm-breach-security-privacy-debacle/
9
OPM CYBER INCIDENT – PART TWO
10
Footnotes
i
The U.S. views counterintelligence to be a suitable response to such.
ii
The U.S. views criminal justice procedures to be a suitable response.
Running head: OPM EVIDENCE AND EXTRADITION
Office of Personnel Management Evidence and Extradition Scenario
James M. Asbury
American Mi…
Purchase answer to see full
attachment

Don't use plagiarized sources. Get Your Custom Essay on
American Military University Office of Personnel Management Case Report In a minimum of 6-full pages in length with a minimum of 3-outside sources:1) This
Just from $13/Page
Order Essay
Homework On Time
Calculate the Price of your PAPER Now
Pages (550 words)
Approximate price: -

Why Choose Us

Top quality papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional academic writers

We have hired a team of professional writers experienced in academic and business writing. Most of them are native speakers and PhD holders able to take care of any assignment you need help with.

Free revisions

If you feel that we missed something, send the order for a free revision. You will have 10 days to send the order for revision after you receive the final paper. You can either do it on your own after signing in to your personal account or by contacting our support.

On-time delivery

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & confidential

We use several checkers to make sure that all papers you receive are plagiarism-free. Our editors carefully go through all in-text citations. We also promise full confidentiality in all our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

You are welcome to choose your academic level and the type of your paper. Our academic experts will gladly help you with essays, case studies, research papers and other assignments.

Admissions

Admission help & business writing

You can be positive that we will be here 24/7 to help you get accepted to the Master’s program at the TOP-universities or help you get a well-paid position.

Reviews

Editing your paper

Our academic writers and editors will help you submit a well-structured and organized paper just on time. We will ensure that your final paper is of the highest quality and absolutely free of mistakes.

Reviews

Revising your paper

Our academic writers and editors will help you with unlimited number of revisions in case you need any customization of your academic papers