China Says OPM Breach Was Not State-Sponsored but a Criminal Act
ChinaThrough its official news agency Xinhua, China has stated that an investigation covering the substantial breach that compromised over 22 million federal employees was a cyberattack borne out of criminal intent. The news agency added the breach was not state-sponsored, contrary to the widely asserted opinion that the Chinese government was involved.
In a news report, state-run news agency Xinhua covered the meeting between U.S. and Chinese officials in the first ever bilateral ministerial dialogue exclusively focusing on cybersecurity. The publication contends the two countries “worked hard to remove one of the major stumbling blocks to the development of bilateral ties,” with the dialogue about cybercrimes and cybersecurity.
The report stated:
Among the cases discussed included the one related to the alleged theft of data of the U.S. Office of Personnel Management by Chinese hackers.
Through investigation, the case turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. side had previously suspected.
The talks were held between U.S. Attorney General Loretta Lynch, Department of Homeland Security Secretary Jeh Johnson and Chinese State Councilor and Minister of Public Security Guo Shengkun.
In what is widely seen as one of the biggest governmental breaches of all time, the Office of Personnel Management (OPM) hack had hackers make away with over 20 million social security numbers, 19.7 million records that included health, financial and personal information. Five million stolen records also included fingerprints of federal employees.
The joint session was the first in a directive agreed by Presidents Obama and Xi Jinping during a stateside visit by the Chinese President in September this year. Tensions between the two countries remained high prior to the visit with cybersecurity a chief subject of debate between the two.
Cybersecurity investigators are likely to be skeptical to China’s claims about not being involved, reports the New York Times. It cites a claim by NSA director Adm. Michael S. Rogers who told Congress in September that there was no evidence found of any breached social security numbers used for fraud or other nefarious purposes. Cybercriminals looking to profit routinely sell the stolen information, unlike a state that has interests other than monetary profit.
The question remains, however. If state-sponsored hackers weren’t behind the OPM breach, who was?
Fingers are frequently pointed at hackers unrelated to the People’s Liberation Army. More specifically, hackers who are under contract at technology companies and universities. It’s a theory, with the unclear intent of why a private hacker would breach government websites of another country.
The U.S. Director of National Intelligence, James R. Clapper Jr testified before the Senate Armed Services Committee to speak about the OPM breach. “Egregious as it was,” the OPM breach was not a cyberattack, Clapper said.
“Rather, it would be a form of theft or espionage. We, too, practice cyberespionage and…we’re not bad at it,” he added.
The United States and China, along with a raft of the most powerful nations in the world recently signed a pact that sets the ground rules for global cyber-espionage. Summed up, there is no room for commercial hacking that involves breaches of private companies and their trade secrets or business information.
Images from Shutterstock.