|
 The breach of computer systems of the Office of Personnel
Management was disclosed on Thursday by the Obama administration,
which said records of up to 4 million current and former federal
employees may have been compromised.
A total of 2.1 million current U.S. government workers were
affected, according to a source familiar with the FBI-led
investigation into the incident.
Accusations by U.S. government sources of a Chinese role in the
cyber attack, including possible state sponsorship, could further
strain ties between Washington and Beijing. Tensions are already
heightened over Chinese assertiveness in pursuit of territorial
claims in the South China Sea.
The hacking also raises questions about how the United States would
respond if it confirmed that the Chinese government was behind it.
Several U.S. officials, who requested anonymity, said the hackers
were believed to have been based in China but that it was not yet
known if the Chinese government or criminal elements were involved.
Another U.S. official said the breach was being investigated as a
matter of national security, meaning it may have originated from a
foreign government.
 The cyber attack was among the most extensive thefts of information
on the federal work force, and one U.S. defense official said it was
clearly aimed at gaining valuable information for intelligence
purposes.
"This is deep. The data goes back to 1985," a U.S. official said.
"This means that they potentially have information about retirees,
and they could know what they did after leaving government."
Access to data from OPM's computers, such as birth dates, Social
Security numbers and bank information, could help hackers test
potential passwords to other sites, including those with information
about weapons systems, the official said.
"That could give them a huge advantage," the official said.
According to a U.S. House of Representatives memo seen by Reuters,
OPM knows what types of data were exposed to the hackers but not
what data was taken. The memo was sent to House staff by Chief
Administrative Officer Ed Cassidy, whose office provides support
services to the House, including cyber security services.
In addition, the State Department said in a memo to its employees
that most of them had not been exposed to the breach because their
data was not housed on the hacked OPM systems. Only those who had
previously been employed by another federal agency may have been
exposed, it said.
Investigators have linked the OPM breach to earlier thefts of
personal data from millions of records at Anthem Inc <ANTM.N>, the
second largest U.S. health insurer, and Premera Blue Cross, a
healthcare services provider.
It was the second computer break-in in less than a year at OPM, the
federal government's personnel office, and the latest in a string of
cyber attacks on U.S. agencies, some of which have been blamed on
Chinese hackers.
A Chinese Foreign Ministry spokesman said such accusations had been
frequent of late and were irresponsible. Hacking attacks were often
cross-border and hard to trace, he said.
White House spokesman Josh Earnest said, "It's not clear who the
perpetrators are," but he noted that President Barack Obama and his
aides regularly raise with their Chinese counterparts concerns about
Chinese behavior in cyberspace.
Disclosure of the latest computer breach comes ahead of the annual
U.S.-China Strategic and Economic Dialogue scheduled for June 22-24
in Washington, D.C. Cyber security was already expected to be high
on the agenda.
[to top of second column] |
U.S. officials said the talks would proceed as scheduled, as would
Obama's plans to host Chinese President Xi Jinping on a state visit
to Washington in the fall.
U.S. LIKELY TO MOVE CAUTIOUSLY
At Friday's White House briefing, Earnest dodged the question of
whether Washington might retaliate if it was determined that a state
had been involved in the hacking.
In December, U.S. officials moved swiftly to accuse North Korea of
being behind a high-profile attack on Sony <6758.T> over a movie
depicting the assassination of North Korea's leader, and Obama vowed
that the United States would respond.
Some lawmakers and defense officials want a more aggressive U.S.
stance against cyber breaches, including legislation to strengthen
U.S. cyber defenses. But the administration is likely to move
cautiously in response to any Chinese role, mindful of the potential
harm from escalating cyber warfare between the world's two biggest
economies.
The Federal Bureau of Investigation has launched a probe of the OPM
attack, and vowed that it would bring to account those responsible
for the hacking.
OPM detected new malicious activity affecting its information
systems in April and the Department of Homeland Security (DHS) said
it concluded early in May that OPM's data had been compromised and
about 4 million workers may have been affected.
Hackers hit OPM's IT systems and its data stored at the Department
of the Interior's data center, a shared service center for federal
agencies, a DHS official said on condition of anonymity.
Chinese hackers were also blamed for penetrating OPM's computer
networks last year, The New York Times reported last July, citing
unidentified U.S. officials.
James Lewis, a cyber security expert at the Center for Strategic and
International Studies think tank, said the U.S. disclosure of the
hacking could signal Washington's plan to push hard on cyber issues
at this month's talks.
“The Chinese have been saying privately, and somewhat in public,
that we want the summit to go really well. 'Let’s not talk about
espionage. Let’s talk about how we can work together'," said Lewis,
a former State Department official.
"This might be a U.S. response to that: 'No, we are going to talk
about espionage.'"
(Additional reporting by Phil Stewart, David Brunnstrom, Julia
Edwards, Roberta Rampton, David Lawder and Susan Cornwell; Editing
by Jason Szep, Doina Chiacu, Toni Reinhold)
[© 2015 Thomson Reuters. All rights
reserved.]
Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
