Relations between the United States and China are cooling once again after the U.S. suffered one of the most devastating cyber-attacks in history. Although the Obama administration has yet to officially accuse China for Thursday’s hack on the Office of Personnel Management (OPM), security and law enforcement officials believe it was conducted by the same Chinese hackers who stole millions of customers’ information from insurance provider, Anthem, earlier in the year. Information regarding an estimated 4 million current and former federal employees was stolen in the OPM attack, containing a plethora of classified information, including Social Security numbers, job descriptions, payment information, and other private details. Although U.S. cybersecurity experts cannot yet confirm the attack was state-sponsored, they do believe that China is building a vast database on U.S. employees that the country can use in order to carry out future “insider” attacks, as well as using the information as parameters to possibly blackmail U.S. officials. Chinese officials have angrily denied the attack, calling the accusations as being “frequent and irresponsible.” The two nations are set to convene for the annual US-China Strategic and Economic Dialogue in Washington later in the month, with cybersecurity a major topic of the agenda.
Even if China is responsible for the attack, however, some blame must also fall back on the U.S. itself. Chinese hackers were blamed for a similar attempt last year, and the OPM hack follows an April attempt on securing State Department information. The OPM attack exposed information for employees working in nearly every governmental department, with information dating back as far as 1985. Despite the sensitivity of the information and the prior hack attempt, many departments are using outdated operating systems and did not encrypt much of the stolen information. Last November, the OPM’s inspector general prepared a report that cited U.S. systems to be ripe for attack. The report noted that most federal systems did not regularly scan their systems for abnormalities and the authentication systems were no more advanced than most online banking websites. The inspector general also recommended temporarily shutting down two databases from the division that conducts security-clearance background checks, a recommendation that OPM Chief Information Officer, Donna Seymour refused. Officials began upgrading their systems beginning last December with increased security scanning programs, but they believe that the hack, which was discovered in April, began shortly after the upgrade began. Seymour defended her decision, saying that the upgrades have been very time consuming given the “antiquated” systems that the department has used, but that the department has begun installing a two-step authentication process moving forward.
While officially denying the off-the-record blame directed at China, Obama spokesman, Josh Ernest hinted that the intrusion would have serious consequences to the offender. Ernest cited an executive order that the president signed in April that give the “Treasury Department additional authority to use economic sanctions to punish or hold accountable those who are either responsible for a cyber intrusion or are benefiting from one.” China’s foreign ministry spokesman Hong Li said that the US should “stop making any unverified allegations, but show more trust and participate more in cooperation,” and that “It’s irresponsible and unscientific to make conjectural, trumped-up allegations without deep investigation.” Hong also noted that “China itself is also a victim of cyberattacks. China resolutely tackles cyberattack activities in all forms.” It would appear that there is little doubt among experts familiar with the Anthem attack and other hacks on government data, although refusing to go on record due to the sensitivity of their positions. The Northern Virginia cybersecurity firm ThreatConnect discovered a link between the OPM hack as well as attacks on Premera Blue Cross and Empire BlueCross around the same time, all pointing to the Chinese Ministry of State Security. In the wake of other issues, including increasing hostility with neighbors in the South China Sea, growing animosity with Japan, and China’s exclusion from the Trans-Pacific Partnership (TPP), this recent hack is not helping to thaw relations between China and its most important regional counterparts. While the rhetoric coming from China neither officially confirms or denies the accusations, it appears that China has built the infrastructure suitable for a long-term cyberwar.
CNN – Kevin Liptak, Theodore Schleifer, and Jim Sciutto
New York Times – David E. Sanger, Julie Hirschfeld Davis, and Nichole Perlroth
The Guardian – Dan Roberts