(Bloomberg) — The vast cyber-attack in Washington began with, of all things, travel reservations.
More than two years ago, troves of personal data were stolen from U.S. travel companies. Hackers subsequently made off with health records at big insurance companies and infiltrated federal computers where they stole personnel records on 21.5 million people — in what apparently is the largest such theft of U.S. government records in history.
See also: The 10 most expensive data breaches
Those individual attacks, once believed to be unconnected, now appear to be part of a coordinated campaign by Chinese hackers to collect sensitive details on key people that went on far longer — and burrowed far deeper — than initially thought.
But time and again, U.S. authorities missed clues connecting one incident to the next. Interviews with federal investigators and cybersecurity experts paint a troubling portrait of what many are calling a serious failure of U.S. intelligence agencies to spot the pattern or warn potential victims. Moreover, the problems in Washington add new urgency to calls for vigilance in the private sector.
In revealing the scope of stolen government data on Thursday, Obama administration officials declined to identify a perpetrator. Investigators say the Chinese government was almost certainly behind the effort, an allegation China has vehemently denied.
‘Facebook of intelligence’
Some investigators suspect the attacks were part of a sweeping campaign to create a database on Americans that could be used to obtain commercial and government secrets.
“China is building the Facebook of human intelligence capabilities,” said Adam Meyers, vice president of intelligence for cybersecurity company CrowdStrike Inc. “This appears to be a real maturity in the way they are using cyber to enable broader intelligence goals.”
The most serious breach of records occurred at the U.S. Office of Personnel Management (OPM), where records for every person given a government background check for the past 15 years may have been compromised. The head of the government personnel office, Katherine Archuleta, resigned Friday as lawmakers demanded to know what went wrong.
See also: Chinese hackers steal 4M federal personnel records: Here’s what the breach means for insurance
The campaign began in early 2013 with the travel records, said Laura Galante, manager of threat intelligence for FireEye Inc., a private security company that has been investigating the cyber-attacks.
Stockpiling records
By mid-2014, it became clear that the hackers were stockpiling health records, Social Security numbers and other personal information on Americans -– a departure from the country’s traditional espionage operations focusing on the theft of military and civilian technology.
“There was a clear and apparent shift,” said Jordan Berry, an analyst at FireEye.
Recognition came too late for many of the victims. Vendors of security devices say health care companies are spending tens of millions of dollars this year to upgrade their computer systems but much of the data is already gone.
U.S. intelligence agencies were collecting information on the theft of personal data but failed to understand the scope and potential damage from the aggressive Chinese operation, according to one person familiar with the government assessment of what went wrong.
In the last two years, much of the attention of U.S. national security agencies was focused on defending against cyber-attacks aimed at disrupting critical infrastructure like power grids.
‘Leading suspect’
But health care, financial and work-related data has its own espionage value. It can be used in targeted intelligence operations to further penetrate vital U.S. networks or blackmail officials, said Rep. Michael McCaul, a Texas Republican and chairman of the House Homeland Security Committee.