Chinese suspected of hacking
China suspected of seeking data for blackmail
U.S. officials believe a cyberattack on federal computers was done by the Chinese government to get info for blackmail.
WASHINGTON — The investigation into the cyberattack on computers at the federal Office of Personnel Management is proceeding on the theory that the hack was directed by the Chinese government and aimed at uncovering sensitive, personal information that could have been used to blackmail or bribe government employees to obtain secrets, officials said Friday.
Social Security numbers, email addresses, job performance reviews and other personal information of roughly 4 million government workers were siphoned out of the computer servers, the officials said.
The information obtained in the attack could be useful on its own and could also be used to craft fake emails that would entice government workers to open attachments that would infect their computers with malicious software designed to bleed additional information off federal computers. Computer security experts call such attacks “spear-phishing.”
There is no indication that classified servers were breached. But the hackers were able to penetrate the personnel agency’s networks for several months before monitoring tools deployed by the Department of Homeland Security detected them. Similar infiltrations have been conducted by Chinese and Rus- sian hackers over the past year.
“This was not a hack for commercial interests,” a senior law enforcement official said, contrasting it with cyberattacks that have targeted cutting-edge technology or manufacturing specifications for popular products. The attack on the personnel agency carried the hallmarks of an intelligence operation, the officials said.
The most recent breach was the second major lapse at the personnel agency in the past two years. In March 2014, officials at the agency discovered that Chinese hackers had entered a database that tracks the files of federal employees applying for security clearances, potentially valuable information for identifying who has access to U.S. secrets.
Information collected through hacking could al- low foreign governments looking to recruit an agent to “pick the target based on financial conditions or other embarrassing private information that they would not made available to their families,” said Ken Ammon, a former official at the National Security Agency and now the chief strategy officer at cybersecurity company Xceedium.
Some experts, however, were skeptical that the Chinese were behind the attack and theorized that identity thieves may have made the hack look like the infiltrations originated in China.
“Most likely I think the motivation is criminal; it could be Chinese criminals,” said Robert Knake, a former director of cybersecurity policy at the National Security Council and now a senior fellow at the Council on Foreign Relations.
The information the
at- tack swept up is not all that valuable for launching spear-phishing attacks, he said.
Moreover, “if it is in fact true that it was the Chinese agency that went after this information, it’s a legitimate target for an intelligence community,” Knake said. “It’s not an act of war, it’s not beyond the pale, and it’s certainly not the worst incident to ever effect affect the federal government.”
The Chinese Foreign Ministry did not confirm or deny any involvement in the hack.
“China itself is also a victim of cyberattacks,” Chinese Foreign Ministry spokesman Hong Lei said Friday. The U.S. should not issue accusations against China, “but instead add more trust and cooperating in this field,” he said.
At the White House, spokesman Josh Earnest said “no conclusions about the attribution of this particular attack have been reached at this point.”
But he added, “When it comes to China, the president has frequently, including in every single meeting that he’s conducted with the current Chinese president, raised China’s activities in cyber space as a significant source of concern.”
Some lawmakers used the hack to push for legislation they say would better protect U.S. networks.
“Our top priority must be finding ways to deter our enemies from attacking in the first place and ending the ability of hackers to infiltrate, steal, and disrupt with impunity,” said Sen. John McCain, R-Ariz.
Adm. Mike Rogers, who leads both U.S. Cyber Command and the National Security Agency, told a Senate Armed Services Committee hearing in March that the nation currently defends its networks in a “reactive strategy” against foreign attack.
The government needed to think about intensifying offensive capabilities, he said. Thus far, he said, President Barack Obama had not given him the authority to deploy offensive cyber weapons.
Congress will likely consider a bill later this year designed to encourage companies to share more information with the government about cyberattacks. The bill would empower the Department of Homeland Security to receive information about attacks from businesses and would protect those companies from liability if they come forward.
But “data theft, while extremely damaging, does not represent the worstcase scenario,” Rep. Jim Langevin, D-R.I., said. “Destructive effects that once required kinetic warfare are now possible through a few keystrokes,” added Langevin, co-chair of the Congressional Cybersecurity Caucus.
Tribune Washington Bureau’s Colin Diersing and W.J. Hennigan contributed.