Hacked: Hacking Finance

China Says OPM Breach Was Not State-Sponsored but a Criminal Act


Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.


Alleged FBI Hacker Lauri Love Ordered to US Extradition by UK Home Secretary 15th November, 2016

The Largest Breach of 2016: 412 Million FriendFinder Accounts Exposed 14th November, 2016


China Says OPM Breach Was Not State-Sponsored but a Criminal Act

Posted on .

ChinaThrough its official news agency Xinhua, China has stated that an investigation covering the substantial breach that compromised over 22 million federal employees was a cyberattack borne out of criminal intent. The news agency added the breach was not state-sponsored, contrary to the widely asserted opinion that the Chinese government was involved.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

In a news report, state-run news agency Xinhua covered the meeting between U.S. and Chinese officials in the first ever bilateral ministerial dialogue exclusively focusing on cybersecurity. The publication contends the two countries “worked hard to remove one of the major stumbling blocks to the development of bilateral ties,” with the dialogue about cybercrimes and cybersecurity.

The report stated:

Among the cases discussed included the one related to the alleged theft of data of the U.S. Office of Personnel Management by Chinese hackers.

Through investigation, the case turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. side had previously suspected.

The talks were held between U.S. Attorney General Loretta Lynch, Department of Homeland Security Secretary Jeh Johnson and Chinese State Councilor and Minister of Public Security Guo Shengkun.

In what is widely seen as one of the biggest governmental breaches of all time, the Office of Personnel Management (OPM) hack had hackers make away with over 20 million social security numbers, 19.7 million records that included health, financial and personal information. Five million stolen records also included fingerprints of federal employees.

Also read: 21 Million More US Personnel Exposed in Second Attack

The joint session was the first in a directive agreed by Presidents Obama and Xi Jinping during a stateside visit by the Chinese President in September this year. Tensions between the two countries remained high prior to the visit with cybersecurity a chief subject of debate between the two.

While there were rumors of the United States putting forth sanctions against China, the former held back, with a U.S. official citing the decision not to impose sanctions was for better diplomacy.

Cybersecurity investigators are likely to be skeptical to China’s claims about not being involved, reports the New York Times. It cites a claim by NSA director Adm. Michael S. Rogers who told Congress in September that there was no evidence found of any breached social security numbers used for fraud or other nefarious purposes. Cybercriminals looking to profit routinely sell the stolen information, unlike a state that has interests other than monetary profit.

The question remains, however. If state-sponsored hackers weren’t behind the OPM breach, who was?

Fingers are frequently pointed at hackers unrelated to the People’s Liberation Army. More specifically, hackers who are under contract at technology companies and universities. It’s a theory, with the unclear intent of why a private hacker would breach government websites of another country.

The U.S. Director of National Intelligence, James R. Clapper Jr testified before the Senate Armed Services Committee to speak about the OPM breach. “Egregious as it was,” the OPM breach was not a cyberattack, Clapper said.

“Rather, it would be a form of theft or espionage. We, too, practice cyberespionage and…we’re not bad at it,” he added.

The United States and China, along with a raft of the most powerful nations in the world recently signed a pact that sets the ground rules for global cyber-espionage. Summed up, there is no room for commercial hacking that involves breaches of private companies and their trade secrets or business information.

Images from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?


Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

  • user

    AUTHOR Tom Kelting

    Posted on 1:37 pm December 4, 2015.

    Chinese Official spokespersons can *say* anything — and regularly do so.My reaction, until I see corroborative evidence to the contrary, is that they’re finally learning to play the game.
    The petulant, acrimonious rhetoric used by, for example, the Chinese navy (“go away, we don’t need you here”) gets them nowhere, and makes them appear like characters from ‘The Simpsons’ (“you GO now!”, barked by the aisian neighbors.)
    Better to “BS” and buy some time, like Iran used to do.
    Also, this tac doesn’t make them sound like such social Yahoos on the world stage.

  • View Comments (1) ...
    A new series of drive-by campaigns that are equipped to…