China Using OPM Records for Spying

23 million records stolen in OPM hack exploited for intelligence gathering

Chinese President Xi Jinping

Chinese President Xi Jinping / Getty Images

BY:

China is mining intelligence from an estimated 23 million records of American federal workers, including intelligence and security personnel, stolen in cyberattacks against the Office of Personnel Management, according to a member of Congress.

Rep. Chris Stewart (R., Utah) said the Chinese are easily gaining information from the stolen records.

"They can run through those 23 million names in a heartbeat and connect dots in a heartbeat," Stewart said during remarks to a meeting of the Committee on the Present Danger: China.

"Have we seen evidence that they've done that? Absolutely," said Stewart, a former Air Force B-1 bomber pilot who is currently a member of the House Permanent Select Committee on Intelligence.

He declined to provide further details.

The OPM hack was considered one of the most damaging breaches of personnel security for the U.S. government ever. The operation by China took place in 2014 and was discovered in June 2015. China's role was kept secret during the Barack Obama administration.

The first official confirmation that China's government carried out the cyberattacks was made by White House National Security Adviser John Bolton in September.

The office is the repository of federal government personnel records, including social security numbers and documents known as SF-86s that contain personal information about people who apply for security clearances.

Counterintelligence officials for the past two years have reviewed the entire federal records archive, totaling 5 million gigabytes of data, and have begun assessing the damage to the breach. In April 2018, a senior counterintelligence official, Bill Evanina, refused to name China as the state behind the OPM hack.

But Evanina said of the damage assessment: "This is not a two-year issue; this is going to be 20 years in the making. This data is your most sensitive secrets that potentially an adversary is going to have in 20 years."

The federal government sent notices to the millions of security clearance holders notifying them of the compromise of their personal data. The loss of the sensitive clearance records also includes information on the relatives of security clearance applicants because details about an applicant's offspring are part of the application process.

The breach involved the extraction from OPM networks of an estimated 23 million records of federal workers, including those who were being evaluated for access to classified information. About 20 million records related to SF-86s were stolen.

According to a congressional report the cyberattacks were carried out in two tranches. The first attack was discovered on March 20, 2014, and the second attack was carried out on May 7, 2014, when the hackers were disguised as an employees of KeyPoint Government Solutions, a subcontractor.

A Chinese national, Yu Pingan, pleaded guilty in February to conspiracy in the hacking of several American companies and was ordered to pay more than $1 million in restitution to Qualcomm, Pacific Scientific, and Riot Games, for his use of a hacking tool called Sakula.

Sakula was the same malware used by the Chinese in carrying out the OPM hack, although Yu was not linked to the OPM operation.

Ed Timperlake, a former Pentagon official, said the OPM breach was the result of poor computer security. But he also said because China stole sensitive information contained in the SF-86 documents, there should be U.S. retaliation.

"China picked a fight with over 20 million Americans by going at them personally," Timperlake said. "They came after our most personal information."

Timperlake said the U.S. government—intelligence agencies or the military, which now has a Cyber Command—should go on the offensive and retaliate for the OPM theft as well as other technology theft.

One option could be to conduct clandestine hacking or other electronic operations to destroy the stolen OPM records inside China's networks used by security and intelligence services.

The Chinese military's Third Department of the General Staff, known as 3PLA, is believed to have been the agency that carried out the attacks. Other reports have said the Ministry of State Security, the civilian intelligence service, carried out the cyber operation.

Another option would be to take asymmetric action and conduct destructive cyberattacks on the Chinese intelligence agencies behind the OPM breach, with the goal of damaging the infrastructure and systems used for China's cyberattacks.

Third, the United States could conduct personal cyberattacks on Chinese government and Communist Party officials that were linked to the attacks.

"We need to go right back at them," Timperlake said.

Stewart, the Intelligence Committee member, said he met recently with Chinese supreme leader Xi Jinping and asked him whether the United States and China were headed for a conflict. The idea of a coming conflict with China has been outlined by some academics who argue that the rise of a new power in China combined with the decline of the United States is an historical formula for war.

Xi told the congressmen he did not believe the two states are headed for war.

During a more recent meeting with the Chinese leader, Stewart said Xi's answer to whether a conflict was inevitable was "we will see."

"That's a different response. His confidence level is the not the same right now as it was five years ago and he views an open lane for him and we have to close that lane as best we can," Stewart said.

"Look, I don't want to go to war with China. I have no quarrel with the Chinese people," he added. "But at the same time I recognize that our governments have a very different view of human rights and the potential for life, liberty and the pursuit of happiness and we have to be willing to defend that."

Stewart said China is not seeking to be a peer competitor. Instead, Beijing wants to dominate the United States.

"That is their intention to be the dominant power politically, militarily, diplomatically, economically, and other areas as well," he said. "And they are moving methodically toward that goal."

Regarding reports that Samir Jain, White House cyber security director during the Obama administration, has registered as a lobbyist for China's Huawei Technologies, Stewart said, "it's difficult for me to understand that there's not a conflict there."

"You can't say that Huawei is just another technology company because they are not," he said.

Huawei has been linked by the FBI to economic espionage operations.

Bill Gertz   Email Bill | Full Bio | RSS
Bill Gertz is senior editor of the Washington Free Beacon. Prior to joining the Beacon he was a national security reporter, editor, and columnist for 27 years at the Washington Times. Bill is the author of seven books, four of which were national bestsellers. His most recent book was iWar: War and Peace in the Information Age, a look at information warfare in its many forms and the enemies that are waging it. Bill has an international reputation. Vyachaslav Trubnikov, head of the Russian Foreign Intelligence Service, once called him a “tool of the CIA” after he wrote an article exposing Russian intelligence operations in the Balkans. A senior CIA official once threatened to have a cruise missile fired at his desk after he wrote a column critical of the CIA’s analysis of China. And China’s communist government has criticized him for news reports exposing China’s weapons and missile sales to rogue states. The state-run Xinhua news agency in 2006 identified Bill as the No. 1 “anti-China expert” in the world. Bill insists he is very much pro-China—pro-Chinese people and opposed to the communist system. Former Defense Secretary Donald H. Rumsfeld once told him: “You are drilling holes in the Pentagon and sucking out information.” His Twitter handle is @BillGertz.

×
THE MORNING BEACON DAILY NEWSLETTER
MAKES IT EASIER TO STAY INFORMED
Get the news that matters most to you, delivered straight to your inbox daily.

Register today!
  • Grow your email list exponentially
  • Dramatically increase your conversion rates
  • Engage more with your audience
  • Boost your current and future profits