Lindsey (00:00):
A troubling security story out of Washington. The US Treasury Department says it was hacked by cyber criminals backed by the Chinese state government in what it's calling a major breach. CBS News, Homeland Security, and Justice Reporter Nicole Sganga is in Washington following this story for us. Nicole, what do we know about the scope of the breach? What were hackers able to access?
Nicole Sganga (00:21):
Yeah. Lindsey, a Treasury official actually said cyber criminals breached federal workstations remotely accessing unclassified documents and in a letter to lawmakers sent Monday, that Treasury official explained that cyber criminals gained access by using a key stolen from a third-party vendor called Beyond Trust, overriding the security of their cloud-based system. That official called the attack a major incident. As you pointed out, the vendor notified the Treasury back on December 8th. Now, while we know that none of the information accessed was classified, still a number of questions remaining for the Treasury, including how many documents were stolen and did they contain any crucial information, any taxpayer information for instance.
Lindsey (01:07):
What is the Treasury Department doing in the aftermath of this hack and is the Chinese government responding?
Nicole Sganga (01:12):
Yeah, well, a Treasury department spokesperson said it's taken that service offline and it added in a statement that there's no evidence indicating the threat actor has continued access to Treasury information. So they're now working with the FBI and the nation's top cyber security agency called CISA to determine really what was the exact impact here. As for any reaction, a Chinese embassy spokesperson has called the disclosure here a smear attack. Beijing's foreign ministry is also responding, saying that the PRC has quote, always opposed all forms of hacker attacks.
Lindsey (01:48):
Nicole, this breach, it comes on the heels of several other Chinese-link cyber attacks. I mean, there was one from October that we reported on by a hacking group known Salt Typhoon. It hit telecom companies like Verizon and AT&T, and at that time a US senator said this should be a wake-up call for the government. Are we doing enough and what more can you tell us about the timing of all this?
Nicole Sganga (02:08):
Yeah, Lindsey, you're exactly right. This breach really follows a string of Chinese-link cyber attacks, including that massive hacking campaign by the group nicknamed Salt Typhoon, that Chinese-link group and cyber criminals backed by the Chinese state targeted at least eight US telecommunications companies. You mentioned a few big ones there. According to US officials, that compromised the metadata of hundreds of thousands, possibly millions of Americans. That's the who, what, where and when of our phone communications. That notorious group also zeroing in on more than a hundred senior government officials eavesdropping on phone conversations and spying on text messages.
(02:49)
To your point, the incident served as a major wake-up call with the US government now encouraging victims there, and really all Americans, use encrypted messaging platforms, WhatsApp, Signal, those blue iMessage text bubbles. Another really important note here, Lindsey, the holidays are often called the season of giving, but for cyber criminals it's also really the season of hacking with organizations frequently understaffed, short on resources. This latest incident is one of many to hit over the holidays in recent years, and it's a good reminder to both government agencies and corporations that attackers don't take holiday days off.
Lindsey (03:26):
The season of hacking. Yikes. All right, Nicole Sganga, thank you.