[semenko]

They buried the lede a bit -- since I doubt organized attackers are after the personal information of postal service employees:

"It is also possible that the Chinese were after other types of data, analysts said. For instance, the U.S. Postal Service, at the request of law enforcement officials, takes pictures of all addressing information from envelopes and parcels.​"

http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mai...

[dmix]

IMO the real goal is HUMINT, getting access to a list of people with security clearance (including all of their personal information) meaning China can now easily target them individually. Blackmail or pay them off, convert them to informants/spies within the postal system. A postal system now flush with tons of data about every American citizen.

It's much easier to have people embedded in the system, long term, extracting data... than it is to exfiltrate data remotely from China via hacking.

The data these people have access to is quite an important intelligence asset:

> the Chinese may be assuming that the U.S. Postal Service is more like theirs — a state-owned entity that has vast amounts of data on its citizens, said James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies. Second, he said, the trend in intelligence is the same as in the commercial sector: amass big sets of data that can be analyzed for previously unknown links or insights.

[at-fates-hands]

>>>>> The data these people have access to is quite an important intelligence asset:

My question would be why it took them so long to go after the postal service if they've thought it was such a high value target??

[dwild]

Everything is relative, including time. Nothing tell us how long they were trying to attack USPS or even how they were trying. This is just a case were they tried to do it one way, they succeeded and they got caught. There's probably multiple incident that public doesn't know or even that intelligence services doesn't know.

[higherpurpose]

So the US spying made Chinese spying easier (as expected). Wonderful.

[diydsp]

That's an effect of certain poorly-made security decisions.

For example, if a small organization such as a gym or school makes copies of all customer/user driver's licenses: They end up creating a small pile of gold that they can't afford to protect.

[higherpurpose]

Don't ask for data you can't securely store. I think that's just common sense. If you keep the data on paper, you wouldn't leave it out in the open for anyone to take it would you?

[Sven7]

My Grandmom's letters are pretty entertaining and I am happy they are getting wider distribution.

[legohead]

I worked for USPS. When I saw this title I immediately assumed that China was after the main database which contains information on basically every US citizen. As a developer I had access to some databases and was told that USPS had the third largest database in the world. This was before Facebook, but still, there is a lot to be had other than employee information.

[delbel]

Is there anyway to opt-out of that database?

[hammock]

Not really- while the USPS does take pictures of all mail, there is no specific evidence that the hackers were after or accessed that data- making it speculation and not news.

[shitehawk]

That is not the lede, it is an offhand comment by a unnamed analyst, but don't worry it will show up as the lede on the TechDirt blogspam version.