China’s official Xinhua news agency said on Wednesday anINVESTIGATION into a massive U.S. computer breach last year that compromised data on more than 22 million federal workers found that the hacking attack was criminal, not state-sponsored.
In an article about a meeting in Washington between top U.S. and Chinese officials on cyberSECURITY issues, Xinhua said the breach at the U.S. Office of Personnel Management (OPM) was among the cases discussed.
The report did not give details of who conducted the investigation or whether both U.S. and Chinese officials agreed with the conclusion.
The Cyberspace Administration of China, the country’s Internet regulator, did not immediately reply to a request for comment. In Washington, OPM referred inquiries to the U.S. Department of HomelandSECURITY, which also did not immediately respond to a request for comment.
White House spokesman Josh Earnest would not comment on the results of the U.S.-Chinese talks but called the dialogue “an importantSTEP” toward addressing longstanding U.S. concerns about Chinese cyber espionage.
U.S. intelligence chief James Clapper in June said the OPM cyber attack was carried out by Chinese hackers but did not specifically accuse China’s government. Clapper told a Washington intelligence conference: “You have to kind of salute the Chinese for what they did,” given the difficulty of the intrusion.
However, U.S. officials have said privately they believe Chinese government entities were behind the breach, which involved the compromise of sensitive personal data submitted to OPM by applicants for U.S. governmentSECURITY clearances, as well as field reports generated bySECURITYINVESTIGATORS.
The breach exposed the names, Social Security numbers and addresses of more than 22 million current and former U.S. federal employees and contractors, as well as 5.6 million fingerprints.
John Hultquist, a cyber espionage expert with iSight Partners, said his firm believed the intrusion was conducted by hackers working for China’s government, based on digital evidence and the hackers’ other targets, includingHEALTH INSURER Anthem.
“We can’t attribute itDIRECTLY to a specific intelligence organization or office building in Beijing, (but) the writing is on the wall in terms of the evidence we do have,” said Hultquist, whose firm provides cyber intelligence to the U.S. government.
One reason U.S. officials are reluctant to accuse the Chinese government publicly of hacking AmericanSECURITY clearance data, officials and private experts have said, is that this is the sort of spying done by most if not all major foreign intelligence agencies including U.S. agencies.
James Lewis, an expert with the Center for Strategic and International Studies think tank, said China’s latest claims suggest authorities there likely will say they have arrested hackers behind the OPM attack and claim they are criminals.