China Says U.S. OPM Hack Not State-Sponsored

In an English-language news report about high-level cyber-talks between China and the US, Chinese state-run Xinhua news agency announced that an investigation into last year’s massive data breach at the Office of Personnel Management (OPM) has identified criminal hackers instead of state-sponsored agents as the culprits. The personal data of more than 20 million current and former federal employees were stolen in the breach, which analysts and anonymous U.S. officials have attributed to the Chinese Ministry of State Security. Over the past year and a half, the agency has reportedly taken on operations traditionally carried out by the People’s Liberation Army. At Reuters, Paul Carsten and Mark Hosenball report:

China’s official Xinhua news agency said on Wednesday an investigation into a massive U.S. computer breach last year that compromised data on more than 22 million federal workers found that the attack was criminal, not state-sponsored.

In an article about a meeting in Washington between top U.S. and Chinese officials on cyber security issues, Xinhua said the breach at the U.S. Office of Personnel Management (OPM) was among the cases discussed.

The report did not give details of who conducted the investigation or whether both U.S. and Chinese officials agreed with the conclusion. [Source]

[…] The director of the National Security Agency, Adm. Michael S. Rogers, told Congress in September that there was no evidence that the exposed Social Security numbers or other financial information had been used for fraud. Criminal hackers do not usually sit on the material they steal, because financial data can have a short life span.

Moreover, investigators have said that the sophistication and length of the attack had the hallmarks of a state-sponsored operation. So did the targets of the attack, because the security information could be used to build a database of federal employees, including many working in the White House, the State Department and the military.

For years, analysts and security researchers have said that some of the most sophisticated cyberattacks against targets in the are orchestrated outside the People’s Liberation Army, by Chinese hackers under contract at universities and technology companies. Though their targets — government agencies and Chinese activists — point to a probable intelligence goal, the exact nature of the relationship between China’s private hackers and the state are not clear. [Source]

At The Washington Post, Ellen Nakashima reports that a number of hackers have been arrested by Chinese authorities in recent days for their alleged involvement in the OPM attack. The arrests follow the detention of several hackers ahead of President Xi Jinping’s visit to the United States in October.

The Chinese government recently arrested a handful of hackers it says were connected to the breach of Office of Personnel Management’s database earlier this year, a mammoth break-in that exposed the records of more than 22 million current and former federal employees.

[…] If the individuals detained were indeed the hackers, the arrests would mark the first measure of accountability for what has been characterized as one of the most devastating breaches of U.S. government data in history.

But officials said it has been difficult so far to independently confirm whether the people rounded up were actually connected to the OPM breach.

“We don’t know that if the arrests the Chinese purported to have made are the guilty parties,” said one U.S. official, who like others interviewed spoke on condition of anonymity because of the subject’s sensitivity. “There is a history [in China] of people being arrested for things they didn’t do or other ‘crimes against the state.’ ” [Source]

Nevertheless, this week’s talks between Chinese and US officials did help the two sides find common ground on the issue of cybersecurity, Andrea Chen at South China Morning Post reports. The gains build on a non-binding accord against hacking for commercial advantage—which did not cover strategic like the OPM attack—reached during Xi Jinping’s visit to the U.S. in September.

China and the US have agreed to a framework on managing their cybersecurity disputes at the highest-level talks on the issue since the leaders of the two nations sat down in September, Beijing said on Wednesday.

The discussions in Washington had yielded “positive outcomes”, the Ministry of Public Security said, including an understanding that quick communication after perceived attacks was critical.

Ministry chief Guo Shengkun met Homeland Security Secretary Jeh Johnson and US Attorney General Loretta Lynch on Tuesday, according to a brief official statement from the Chinese side.

“[China and the US] should manage the disputes in a constructive fashion,” Guo was quoted by Xinhua as saying. “We should offer timely and effective response to each other’s concerns, taking the dialogue mechanism as our major channel for communication regarding the cybersecurity issues.” [Source]

In any case, state-sponsored Chinese hackers have reportedly been busy elsewhere. Reuter’s Clare Baldwin, James Pomfret, and Jeremy Wagstaff report that participants in last year’s pro-democracy protests in have become the targets of sophisticated cyberattacks emanating from the mainland:

Almost a year after students ended pro-democracy street protests in Hong Kong, they face an online battle against what Western security experts say are China-sponsored hackers using techniques rarely seen elsewhere.

Hackers have expanded their attacks to parking malware on popular file-sharing services including Dropbox and Google Drive (GOOGL.O) to trap victims into downloading infected files and compromising sensitive information. They also use more sophisticated tactics, honing in on specific targets through so-called ‘white lists’ that only infect certain visitors to compromised websites.

Security experts say such techniques are only used by sophisticated hackers from China and Russia, usually for surveillance and information extraction.

The level of hacking is a sign, they say, of how important China views Hong Kong, where 79 days of protests late last year brought parts of the territory, a major regional financial hub, to a standstill. The scale of the protests raised concerns in Beijing about political unrest on China’s periphery. [Source]

On Wednesday, Australia’s Bureau of Meteorology reported that its system sustained a cyberattack that has been linked to China. Reuters’ Matt Siegel reports:

The Bureau of Meteorology owns one of Australia’s largest supercomputers and the attack, which the ABC said occurred in recent days, may have allowed those responsible access to the Department of Defence through a linked network.

The ABC, citing several unidentified sources with knowledge of the “massive” breach, placed the blame on China, which has in the past been accused of hacking sensitive Australian government computer systems.

“It’s China,” the ABC quoted one source as saying.

The Bureau of Meteorology said in a statement on its website that it did not comment on security matters, but that it was working closely with security agencies and that its computer systems were fully operational. [Source]