Advertisement

China's Xinhua says U.S. OPM hack was not state-sponsored

Reuters
Updated

By Paul Carsten and Mark Hosenball

BEIJING/WASHINGTON (Reuters) - China's official Xinhua news agency said on Wednesday an investigation into a massive U.S. computer breach last year that compromised data on more than 22 million federal workers found that the hacking attack was criminal, not state-sponsored.

In an article about a meeting in Washington between top U.S. and Chinese officials on cyber security issues, Xinhua said the breach at the U.S. Office of Personnel Management (OPM) was among the cases discussed.

The report did not give details of who conducted the investigation or whether both U.S. and Chinese officials agreed with the conclusion.

The Cyberspace Administration of China, the country's Internet regulator, did not immediately reply to a request for comment. In Washington, OPM referred inquiries to the U.S. Department of Homeland Security, which also did not immediately respond to a request for comment.

White House spokesman Josh Earnest would not comment on the results of the U.S.-Chinese talks but called the dialogue "an important step" toward addressing longstanding U.S. concerns about Chinese cyber espionage.

U.S. intelligence chief James Clapper in June said the OPM cyber attack was carried out by Chinese hackers but did not specifically accuse China's government. Clapper told a Washington intelligence conference: "You have to kind of salute the Chinese for what they did," given the difficulty of the intrusion.

However, U.S. officials have said privately they believe Chinese government entities were behind the breach, which involved the compromise of sensitive personal data submitted to OPM by applicants for U.S. government security clearances, as well as field reports generated by security investigators.

The breach exposed the names, Social Security numbers and addresses of more than 22 million current and former U.S. federal employees and contractors, as well as 5.6 million fingerprints.

John Hultquist, a cyber espionage expert with iSight Partners, said his firm believed the intrusion was conducted by hackers working for China's government, based on digital evidence and the hackers' other targets, including health insurer Anthem.

"We can't attribute it directly to a specific intelligence organization or office building in Beijing, (but) the writing is on the wall in terms of the evidence we do have," said Hultquist, whose firm provides cyber intelligence to the U.S. government.

One reason U.S. officials are reluctant to accuse the Chinese government publicly of hacking American security clearance data, officials and private experts have said, is that this is the sort of spying done by most if not all major foreign intelligence agencies including U.S. agencies.

James Lewis, an expert with the Center for Strategic and International Studies think tank, said China's latest claims suggest authorities there likely will say they have arrested hackers behind the OPM attack and claim they are criminals.

'TRADITIONAL KABUKI'

"It's a face-saving way of saying, 'It wasn't us and we'll put them in jail,'" Lewis said. "Traditional kabuki in espionage is you write off your agents when it's politically useful to do so."

Lewis said in October that shortly before Chinese president Xi Jinping visited the United States, Chinese officials told their American counterparts that Beijing had detained at least two hackers who breached U.S. computer networks.

Reuters reported in October that Chinese officials told their U.S. counterparts that one suspect was involved in the OPM breach.

U.S. officials have said that they are unaware of any evidence demonstrating that the hacked OPM data had been used for any nefarious purposes.

Lewis said there also was no evidence the stolen OPM data had appeared for sale on black markets, another indication the hacking was carried out by individuals working with or for China's government.

The Pentagon’s chief arms buyer, Frank Kendall, said on Wednesday that while he was not aware of Xinhua's claim, he remained very concerned about Chinese hacking of U.S. weapons systems.

"China is not the only source of some of our cyber attacks, but it's certainly one of the major sources of cyber attacks," Kendall said. "This is a problem that is not going to go away."

OPM's director resigned in July in the aftermath of the agency's disclosure that it had fallen victim to two cyber attacks.

Top U.S. and Chinese officials convened this week in Washington for the first round of cyber security talks following the signing of a bilateral anti-hacking accord in September.

The two sides reached a broad agreement on the joint fight against cyber crimes, and will set up a hotline for these issues, according to Xinhua and CCTV, China's state-operated national broadcaster.

The next meeting is scheduled for June, Xinhua said.

Along with the OPM hack, officials from the two countries identified other cases to work on, reached further consensus on fighting cyber terrorism and agreed on programs to boost the fight against cyber crimes, Xinhua said, without giving further details.

(Additional reporting by Michael Martina and Shanghai Newsroom, Andrea Shalal in Washington, Joseph Menn in San Francisco and Jim Finkle in Boston.; Editing by Kazunori Takada, Ryan Woo, Kevin Drawbaugh and Jonathan Weber.)