China Says OPM Hack Was Not State-Sponsored

Beijing says U.S. agrees theft of 22.1 million federal records was ‘criminal’ cyber theft

December 2, 2015

China has told U.S. officials during cyber security talks that the massive theft of millions of sensitive records on federal workers was not a state-sponsored Chinese cyber attack but criminal hacking, according to Beijing’s official media.

The state-run Xinhua news agency reported Wednesday that the Obama administration agreed during high-level talks on cyber security held in Washington that the Office of Personnel Management hacking was a criminal activity.

During the talks, the two sides discussed the OPM hack. "Through investigation, the case turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. side has previously suspected," Xinhua said.

Justice Department spokesman Marc Raimondi and Department of Homeland Security spokesman S.Y. Lee declined to comment.
The Justice Department in a statement issued late Wednesday said both sides discussed enhancing security cooperation "within the bounds of each nation’s legal framework." The officials also discussed "cases" identified in earlier talks.

The statement said a document was drawn up for guidelines on seeking assistance on cybercrime and malicious cyber activities and responding to the requests. A cyber crime exercise also was scheduled for the spring on terrorists’ use of technology and communications. A hotline communications link is also being considered. The next U.S.-China cyber security meeting will be held in Beijing in June.

Beijing authorities reportedly arrested a small number of hackers suspected of conducting the OPM hacking, although the identities of the hackers and any links to the Chinese government have not been made public, the Washington Post reported.

The disclosure that the OPM hack is being labeled criminal activity came during the first round of U.S.-China talks involving Chinese State Councilor and Minister of Public Security Guo Shengkun, Attorney General Loretta Lynch, and Homeland Security Secretary Jeh Johnson.

Guo is a senior security official who in the early part of the last decade headed the state-run aluminum company Chinalco. That company was the recipient of trade secrets stolen by Chinese military hackers who were indicted last year for breaking into networks of the U.S. company Alcoa.

U.S. officials have said technical forensic analysis of the OPM hacking uncovered clear links to Chinese military and civilian intelligence units known in the past for conducting cyber attacks.

Records for 22.1 million federal workers, including very sensitive security clearance background questionnaires, were compromised in the breach.

Security researchers have identified one Chinese government hacking entity as "Deep Panda" and blamed the group for very sophisticated cyber attacks focused on a range of targets.

James Clapper, the director of national intelligence, stated recently that China was the leading suspect in the OPM attacks.

China’s communist government has sought to differentiate cyber incidents into two categories: state-sponsored and criminal.

Security analysts, however, say the Chinese hacking frequently involves both theft of private or government data and the implantation of malicious software that permits secret remote access—a tool that can be used in future cyber conflicts to sabotage or damage vital computer networks.

China vehemently objected to the May 1, 2014, indictment of five People’s Liberation Army hackers for their role in conducting cyber attacks on U.S. companies in Pennsylvania. Beijing denied the official hacking and demanded that the indictment be dropped.

It could not be learned what steps the administration is taking as a result of this week’s talks.

The closed-door discussions were held following an informal agreement reached during the September summit meeting between President Obama and Chinese leader Xi Jinping that neither country would conduct state-sponsored cyber espionage attacks.

According to Xinhua, the talks took place at the Justice Department headquarters and resulted in an agreement to set up guidelines for joint investigations into cyber crimes and "related matters." The two nations also will establish a dedicated communications link for cyber issues.

Chinese intelligence, security, and information technology officials took part in the talks.

Guo was quoted as saying the United States and China have shared interests in protecting cyber security and that law enforcement cooperation would enter a new phase.

The news agency quoted U.S. officials as saying during the talks that American law enforcement officials would increase information sharing and joint efforts to protect cyber security and counter cyber crime, including "cyber terrorism and theft of commercial secrets."

China’s government has refused to acknowledge its military and civilian intelligence agencies are engaged in cyber attacks that have been widely uncovered over the past decade.

The Chinese have sought to deflect criticism of its cyber attacks, which have included penetrations of government networks and private sector companies, by calling U.S. charges "groundless."

Evidence disclosed by NSA contractor Edward Snowden revealed that China’s military and intelligence agencies use a combination of official hackers and private sector contractors to conduct widespread cyber attacks.

A classified NSA document published by Germany’s Der Spiegel last summer revealed that Chinese cyber attacks against the United States included nearly 700 intrusions in private-sector and government networks.

The document was part of a briefing held by the NSA Threat Operations Center in February 2014 revealing China’s focus on breaking into networks operated by search engine firm Google and defense contractor Lockheed Martin. The hackers also targeted U.S. air traffic control systems, which are considered likely targets of China in a future cyber war.

Among the secrets obtained by China through cyber espionage are data on the radar design and detailed engine schematics for the front-line F-35 jet fighter. Chinese hackers also stole sensitive data on U.S. aerial refueling schedules for military tankers.

China’s main hacking unit was identified in the document as the Technical Department 3PLA, formally known as the 3rd Department of the People’s Liberation Army General Staff Department.

More than 19 3PLA units have been linked by NSA to cyber attacks.

For the civilian Ministry of State Security, the main intelligence agency, the NSA identified six cyber spying units.

The Obama administration has refused to acknowledge the Chinese government’s role in cyber attacks against the United States.

Obama was ready to impose sanctions on China in September for the OPM hack but backed down after Xi promised to curtail state-sponsored cyber spying.’

The cyber security agency CrowdStrike revealed in October that Chinese hacking continued unabated after the summit agreement.

Published under: China , Cyber Security