Saturday, December 26, 2015
China Calls Hacking of U.S. Workers’ Data a Crime, Not a State Act
................[pull the other one it has bells on]
HONG KONG — China has acknowledged for the first time that the breach of the United States Office of Personnel Management’s computer systems, which the Obama administration said exposed the personal information of more than 21.5 million people, was the work of Chinese hackers. But China insisted that the breach was the result of criminal activity, not a state-sponsored cyberattack.
The assertion came in one paragraph midway through an article published Tuesday by Xinhua, the state-run news agency, about a meeting in Washington between top Chinese and American law enforcement officials, and it raised more questions than it answered.
The session was the first since President Obama and President Xi Jinping of China announced a set of vague rules of the road about what kind of hacking is impermissible. The two countries have promised to work toward a more comprehensive understanding.
The report did not say whether the Chinese authorities had identified anyone suspected of carrying out the immense breach of security, which was revealed this year.
The theft, which was extraordinarily sophisticated and continued for more than a year before it was detected, involved the security-clearance forms of millions of federal employees, veterans, contractors and others. The forms include information about health, finances and other personal matters for 19.7 million people who underwent government background checks in the past 15 years, as well as 1.8 million other people, including spouses and friends, according to the Obama administration. Five million of the stolen records included fingerprints.
“Through investigation, the case turned out to be a criminal case, rather than a state-sponsored cyberattack as the U.S. side has previously suspected,” Xinhua reported.
It said the issue was discussed in a meeting between Guo Shengkun, China’s minister of public security, and United States officials, including Jeh Johnson, the secretary of Homeland Security, and Loretta E. Lynch, the attorney general.
American officials are likely to be dubious about the Chinese contention. The director of the National Security Agency, Adm. Michael S. Rogers, told Congress in September that there was no evidence that the exposed Social Securitynumbers or other financial information had been used for fraud. Criminal hackers do not usually sit on the material they steal, because financial data can have a short life span.
Moreover, investigators have said that the sophistication and length of the attack had the hallmarks of a state-sponsored operation. So did the targets of the attack, because the security information could be used to build a database of federal employees, including many working in the White House, the State Department and the military.
For years, analysts and security researchers have said that some of the most sophisticated cyberattacks against targets in the United States are orchestrated outside the People’s Liberation Army, by Chinese hackers under contract at universities and technology companies. Though their targets — government agencies and Chinese activists — point to an intelligence goal, the exact nature of the relationship between private hackers and the state is not clear.
In 2009, computer security experts traced several attacks on American companies back to a university, which receives funding from a high-level Chinese state science and technology program called the 863 Program. Several Jiaotong University researchers have also been tied to a Chinese hacking group that brought down a White House website in 2001.
In 2010, a different group of contracted hackers was blamed for a sophisticated attack on Google and dozens of other American technology companies. That year, Chinese hackers broke into the Gmail accounts of Chinese activists and stole intellectual property from Google. The group was never tied to a faction of the Chinese military, but rather to a private group of Chinese hackers, according to intelligence analysts who investigated the case but were not authorized to speak about the findings.
The same group was later blamed for a 2011 attack at RSA Security, an American company that makes security products for government agencies and military contractors. The group’s hackers used the information they gleaned from RSA to break into the computer systems of Lockheed Martin, the aerospace contractor.
And in 2012, security researchers traced widespread attacks on companies in Asia and Tibetan activists to a former graduate student at Sichuan University who later took a job at Tencent, the Chinese Internet company.