Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

Top U.S. security contractor hacked

USIS breach went undetected for months

Stephen Braun Associated Press

WASHINGTON – A cyberattack similar to previous hacker intrusions from China penetrated computer networks for months at USIS, the government’s leading security clearance contractor, before the company noticed, officials and others familiar with an FBI investigation and related official inquiries told the Associated Press.

The breach, first revealed by the company and government agencies in August, compromised the private records of at least 25,000 employees at the Homeland Security Department and cost the company hundreds of millions of dollars in lost government contracts.

In addition to trying to identify the perpetrators and evaluate the scale of the stolen material, the government inquiries have prompted concerns about why computer detection alarms inside the company failed to quickly notice the hackers and whether federal agencies that hired the company should have monitored its practices more closely.

Former employees of the firm, U.S. Investigations Services LLC, also have raised questions about why the company and the government failed to ensure that outdated background reports containing personal data weren’t regularly purged from the company’s computers.

Details about the investigation and related inquiries were described by federal officials and others familiar with the case. The officials spoke only on condition of anonymity because they were not authorized to comment publicly on the continuing criminal investigation, the others because of concerns about possible litigation.

A computer forensics analysis by consultants hired by the company’s lawyers defended USIS’ handling of the breach, noting it was the firm that reported the incident. The analysis said government agencies regularly reviewed and approved the firm’s early warning system.

USIS reported the cyberattack to federal authorities on June 5, more than two months before acknowledging it publicly. The attack had hallmarks similar to past intrusions by Chinese hackers, according to people familiar with the investigation. Last March, hackers traced to China were reported to have penetrated computers at the Office of Personnel Management, the federal agency that oversees most background investigations of government workers and has contracted extensively with USIS.

In a brief interview, Joseph Demarest, assistant director of the FBI’s cyber division, described the hack against USIS as “sophisticated” but said “we’re still working through that as well.” He added: “There is some attribution” as to who was responsible, but he declined to comment further.

Last month, the federal Government Accounting Office ruled that Homeland Security should re-evaluate a $200 million support contract award to USIS. The GAO advised the department to consider shifting the contract to FCi Federal, a rival firm, prompting protests from USIS.

In the private analysis prepared for USIS by Stroz Friedberg, a digital risk management firm, managing director Bret A. Padres said the company’s computers had government-approved “perimeter protection, antivirus, user authentication and intrusion-detection technologies.” But Padres said his firm did not evaluate the strength of USIS’ cybersecurity measures before the intrusion.

Former USIS employees who worked with the federal personnel office said the system they used directed users to purge old reports. But the workers said USIS and OPM rarely followed up with spot checks. Employees who worked on systems with the Homeland Security Department said these had no similar automatic warning function and spot checks were rare. The company insisted spot checks were regularly performed.

Several former USIS workers said they were told nothing by the company about the cyberattack for two months after the breach was exposed.

In emails obtained by AP, company workers were ordered to change their passwords without explanation.