China has finally acknowledged that this year’s cyberattack on the US Office of Personnel Management — in which more than 21.5 million citizens’ personal information was accessed — originated from within its borders. But the government asserts that it was the work of criminals and not ordered or carried out by the state.
In a news report about a meeting between Chinese and American law enforcement officials in Washington, state-run publication Xinhua reported:
Through investigation, the case turned out to be a criminal case, rather than a state-sponsored cyberattack as the US side has previously suspected.
The issue was discussed during talks between US Attorney General Loretta Lynch, U.S. Department of Homeland Security Secretary Jeh Johnson and Chinese Public Security Minister Guo Shengkun, in which they agreed on guidelines for requesting assistance in cyber crime cases.
The incident, which was first discovered in April, was one of the largest hacks in US government history. Among the spoils were more than 21 million Social Security numbers, 1.1 million fingerprint records, and 19.7 million health data records.
At that time, Director of National Intelligence James Clapper said that Chinese hackers were first on their list of suspects in the case.
So if it wasn’t the Chinese government, then who could it be? According to The New York Times, security researchers have said that some of the most sophisticated cyberattacks against US targets — including a takedown of a White House site in 2001 — have been traced to Chinese hackers under contract at universities and technology companies. But their motive for targeting US government systems as well as their relationship with the state remain unclear.
Update: The Washington Post reports that the Chinese government has arrested a handful of hackers it says were connected to the breach, shortly before President Xi Jinping visited the US in September.
However, US officials aren’t fully convinced that the actual perpetrators have been apprehended. They said that the arrests appear to have been carried out in an effort to lessen tensions with Washington.
One official said, “We don’t know that if the arrests the Chinese purported to have made are the guilty parties. There is a history [in China] of people being arrested for things they didn’t do or other ‘crimes against the state.’”
➤ China Calls Hacking of U.S. Workers’ Data a Crime, Not a State Act [The New York Times]