Gongol.com Archives: May 2023

Brian Gongol

May 15, 2023

Threats and Hazards US DOT data heisted

Some events are newsworthy, even when they are reasonably predictable. Nobody's going to be surprised if and when at least one hurricane makes landfall somewhere on the East Coast or along the Gulf of Mexico sometime this year; 2015 was the last year without a landfall. It will be newsworthy the next time the event occurs: The actual locations affected, the magnitude of the storm, and the cost of the damage are all utterly unknowable right now, even if the event itself is a near-certainty. (If not this season, there will definitely be another landfall in a subsequent season.) ■ Unfortunately, news that the US Department of Transportation was targeted in a cyberattack that exposed the personal information of 237,000 current and former employees is no surprise. The particular magnitude and timing of the attack may not have been known, but the fact that a tranche of personnel data at a Federal government agency was targeted comes as no shock at all. ■ Who was behind the attack? What methods did they use? Were adequate defensive measures in place? How sensitive was the compromised data? All are valid questions. But the big picture to bear in mind is this: Attacking a really big data set generally requires sophistication, which in turn requires tools, training, and funding. Plenty of criminal groups have the means to get returns on their cyber-theft activities without making a big stir. ■ But when someone is going after government employees -- particularly when it's a quarter-million at a time -- the first place to look for suspects is among rival state actors. 237,000 people seems like a lot to most people inside the United States; after all, that's the population of Boise, Idaho, a top-100 American city. But the authorities governing China collect data on everyone in the country. That's 1.4 billion people, or more than four times the entire population of the United States. ■ In other words, the scale of a quarter-million-employee breach sounds huge to us, but it's not even rounding error within the scale of what is likely being done to watch the people of China by a government that is known to track the locations of millions of people in real time. Stealing data related to American government employees, even a little of which might turn out to be useful for data-mining, pressure campaigns, or even kompromat, is well within reach for systems already built to that scale. ■ Americans need to realize just how much more we could easily become targets for ongoing data breaches and cyber attacks. Every day that passes means new programs being coded, new cyber-agents being trained, and more chips being fabricated. 237,000 is a big number. But it's nowhere close to what's ahead.

Comments Subscribe Podcasts Twitter