Chinese media is saying that the government has arrested several individuals responsible for hacking 20 million records of US government employees and contractors. But they also claim that the hack was part of a criminal enterprise and not sponsored by the Chinese government.
The hack first came to light last March when the Office of Personnel Management was told that an attempt to hack a government contractor’s computer system had been foiled. At that point, the full extent of the breach was unknown, and the assurances of OPM led the Obama administration to take no action.
But in June, it became apparent that there had been a catastrophic breach involving many millions of current and former government employees. Eventually, the government admitted up to 20 million citizens had their personal information hacked. At that time, it was believed that only the resources of a government could achieve such a spectacular success. The FBI and Obama administration both became convinced that it was the Chinese government who was responsible.
But this week, Chinese and American officials are meeting to discuss cybersecurity and other issues. The timing of the news story on state run media is interesting considering that US officials were going to confront the Chinese about their responsibility for the OPM hack.
Contrary to the claims of U.S. officials, Xinhua claimed the high-profile hack was conducted not by government-hired cyberwarriors, but ordinary civilians.
“Through investigation, the case turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. side has previously suspected,” Xinhua reported.
The Obama administration has all but directly attributed the hack to Beijing and reportedly had considered imposing new sanctions on China until President Xi Jinping visited the White House in September, when both leaders agreed to roll back cyberattacks against one another. American security firms claim China has continued to attack U.S. networks in the months since, however, and experts remain skeptical of China’s latest claims.
“Any assertion by Chinese media that the OPM cyber attack was the work of criminals, not government agents, is in all likelihood bunk,” Brian Finch, a partner at technology law firm Pillsbury Winthrop Shaw Pittman LLP, told The Wall Street Journal. “Those criminal groups typically operate with the knowledge and consent of Chinese officials.”
James Lewis, an expert with the Center for Strategic and International Studies think tank, said those arrested were fall guys for the government.
“It’s a face-saving way of saying, ‘It wasn’t us and we’ll put them in jail,’” he told Reuters. “Traditional kabuki in espionage is you write off your agents when it’s politically useful to do so.”
U.S. officials speaking on condition of anonymity said this week China had made a handful of arrests in connection with the breach before Mr. Xi’s September visit, The Washington Post reported Wednesday.
“We don’t know that if the arrests the Chinese purported to have made are the guilty parties,” one of the sources told the newspaper. “There is a history [in China] of people being arrested for things they didn’t do or other ‘crimes against the state.’”
The White House said previously that China had arrested five hackers ahead of Mr. Xi’s trip to D.C. upon the urging of American law enforcement, but their alleged crimes have not been disclosed.
I would like to make a simple observation that we’re dealing with a Communist government that routinely and continuously lies to its own people, its enemies, its allies, and the rest of the world. The idea of believing anything they tell us about the OPM hack is ludicrous.
But the Obama administration is playing the pretend game; we pretend they didn’t hack us and they pretend to apologize. In this manner, our relationship with the Chinese remains on a speaking basis.
Meanwhile, the Chinese continue to hack away, breaching businesses and government records with impunity. The problem for the US is, for the moment, the hackers appear to be able to stay one step ahead of our cybersecurity efforts. When you have the resources of a government to draw on, the possibilities for penetrating even some of the most sophisticated networks is high.
Needless to say, we can’t trust the Chinese to stop just because we make some sort of deal.