SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
7 Dec 2015

Chinese government has arrested hackers it says breached OPM database

The Chinese government recently arrested a handful of hackers it says were connected to the breach of Office of Personnel Management’s database this year, a mammoth break-in that exposed the records of more than 22 million current and former federal employees.

The arrests took place shortly before a state visit in September by President Xi Jinping, and U.S. officials say they appear to have been carried out in an effort to lessen tensions with Washington.

The identities of the suspects — and whether they have any connection to the Chinese government — remain unclear. Hacks of government and corporate data emanating from China have been a constant source of tension between the United States and China. On Tuesday and Wednesday, Attorney General Loretta Lynch and Homeland Security Secretary Jeh Johnson met with senior Chinese officials to establish guidelines for working together on law enforcement requests to investigate malicious cyberactivities. The OPM hack — which came in two waves — was also on the agenda.

If the individuals detained were indeed the hackers, the arrests would mark the first measure of accountability for what has been characterized as one of the most devastating breaches of U.S. government data in history. But officials said it has been difficult to confirm whether the people rounded up were connected to the OPM breach. “We don’t know that if the arrests the Chinese purported to have made are the guilty parties,” said one U.S. official who — like others interviewed — spoke on the condition of anonymity because of the subject’s sensitivity. “There is a history [in China] of people being arrested for things they didn’t do or other ‘crimes against the state.’ ”

Since the intrusions were disclosed in June, U.S. government officials have said they suspected the involvement of the Chinese government, in particular the civilian Ministry of State Security. Some officials say the hackers may have been MSS contractors, possibly acting on their own but aware the agency would be interested in the data. Chinese officials have characterized the arrests as a criminal matter, rather than state-sponsored, and told their American counterparts that the individuals will be prosecuted, said U.S. officials, who spoke on the condition of anonymity.

Beijing has repeatedly insisted that the government played no role in the intrusions, which compromised sensitive personal, financial and biometric data of the employees, and data on their families. The arrests were linked to thefts of data from U.S. companies to be sold or passed to Chinese state-run firms. Rather, they were linked to the OPM breach. In the weeks before the summit with Xi, Chinese officials learned from media reports that the Obama administration was preparing a package of economic sanctions against Chinese firms that benefited from the hacking of U.S. companies.

Xi’s special envoy, Meng Jianzhu, a member of the political bureau of the Communist Party Central Committee, soon arrived in Washington to meet with U.S. officials who said he appeared distressed by the possibility of sanctions. The officials said Meng seemed to think the Americans were primarily concerned about the OPM hack, rather than cyberattacks on U.S. firms. He asserted that the Chinese government had not directed the breach and pledged to round up the hackers behind the OPM attack.

U.S. officials have characterized the OPM breaches as traditional espionage — spying to help a foreign government, in this case, build databases on U.S. government employees and officials. Experts say that such information can help foreign governments recruit spies or blackmail employees for information. Or it might help them craft more effective “spearphish” emails purporting to be from colleagues or family members that contain malicious software that when activated can compromise a computer.

If China caught the real perpetrators, “it would be the most important arrest that we’ve perhaps seen in cybercrime,” said Jason Healey, senior research scholar at Columbia University School of International Public Affairs. The news comes on the heels of other breakthroughs. At the summit, Xi made a historic pledge that China would not conduct economic espionage in cyberspace. Up to that point, the Chinese government had never acknowledged conducting such espionage, which is focused on targeting companies rather than governments.

Then, two weeks ago, Xi repeated that commitment to 19 heads of state at the Group of 20 conference in Antalya, Turkey. At the G-20, all the leaders pledged for the first time their states would not engage in cyber-industrial espionage. “The last two months have been nothing but shocks,” Healey said. “Who would have thought that we would have gone from no norm on commercial espionage and no movement on the OPM hack to a new G20 norm and today’s news of criminal arrests on OPM? This is a string of incredible diplomatic successes.”Officials and analysts say that a combination of factors have led to China’s change in behavior. The threat of economic sanctions was key. And so were last year’s indictments of five People’s Liberation Army officers on charges of cyber-economic spying.

Following the indictments, the PLA ratcheted down its hacking of U.S. companies, although MSS activity continued or picked up, officials and analysts said. The Chinese were smarting from the indictments, officials said, and brought them up in every meeting. When asked Wednesday whether the Chinese government had in fact arrested suspects connected to the OPM breach, White House press secretary Josh Earnest declined to comment on the issue, but said that Obama met with Xi in Paris and raised the issue of cybersecurity. “This continues to be a top priority of President Obama in terms our relationship with China,” Earnest said.

Tags:
China information leaks hackers
Source:
The Washington Post
2214
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015