Chinese hackers targeting background check files

Hackers for China and other U.S. adversaries are going after files that provide information on powerful people, including those contained in background investigation databases.

Recent cyberattacks at companies like USIS and KeyPoint, as well as the Office of Personnel Management (OPM), point to hackers’ desire to gather information on specific individuals. Targeting U.S. health insurance companies can provide the same kind of data, including details on family members, experts said.


Background check provider USIS lost its contracts with OPM after a cyberattack exposed the records of thousands of federal workers. In that attack, intruders deployed malicious software that took screen shots whenever background investigations software was being used, Nextgov reported.

The cyberattackers made their way into the company’s networks through a supplier, according to a 2014 letter sent by digital forensics firm Stroz Friedberg to lawyers for USIS.

"The attacker was able to navigate from the third-party-managed environment into the USIS network in late [redacted] by successfully brute-forcing a password on an application server," Stroz Friedberg Managing Director Bret Padres wrote in the letter, obtained by Nextgov.

“Once the attacker was able to log in to that server, the attacker installed a malicious backdoor” to provide easy access, Padres wrote.

While the precise motives behind the USIS attack are unclear, experts argue that creating dossiers on government officials can pave the way for bribery, espionage recruitment or blackmail.