An army of "unnamed" U.S. officials on Friday were quick to allege that Chinese hackers were responsible for a breach of the Office of Personnel Management (OPM)'s computer system in December, which compromised the data of about 4 million current and former federal employees.
China's foreign ministry spokesman Hong Lei said the accusations were "irresponsible and unscientific" at a news briefing on Friday. "We know that hacker attacks are conducted anonymously, across nations, and that it is hard to track the source. It’s irresponsible and unscientific to make conjectural, trumped-up allegations without deep investigation."
He added: "We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation."
We Interrupt This Article with an Urgent Message!
Common Dreams is a not-for-profit organization. We fund our news team by pooling together many small contributions from our readers. No advertising. No selling our readers’ information. No reliance on big donations from the 1%. This allows us to maintain the editorial independence that our readers rely on. But this media model only works if enough readers pitch in.
According to NBC News, unidentified U.S. officials "said the breach—which exploited a 'zero day' vulnerability, meaning one that was previously unknown—could be the biggest cyberattack in U.S. history, potentially affecting every agency of the U.S. government."
U.S. Sen. Susan Collins (R-Maine) was among those pointing fingers at China. "The ramifications are very serious," said Collins, a member of the Senate Intelligence Committee. "Potentially 4 million former and current federal employees have had their information compromised, and because OPM is the [agency] that holds security clearances, that's giving a potential enemy like China very valuable information."
Unnamed intelligence officials told CNN that "hackers working for the Chinese military are believed to be compiling a massive database of Americans," though it was unclear what the purpose of such a database would be—and doubly unclear why CNN would report the unsubstantiated claims of unnamed "intelligence officials."
The hack comes just one day after the New York Times and ProPublica revealed that the Obama administration has expanded the NSA's warrantless surveillance of Americans' international Internet traffic to search for evidence of malicious computer hacking.
And as The Hill notes, "Within minutes of the story breaking, lawmakers were using the OPM breach to renew calls for the Senate to move on a stalled cybersecurity bill that would enhance the public-private exchange of information on hackers."
Agence France-Press reports:
The United States has struck an increasingly strident tone about cyber-attacks in recent months.
Admiral Michael Rogers, who heads the National Security Agency and US Cyber Command, has said that future attacks could prompt a response with conventional weapons.
In February, US Director of National Intelligence James Clapper said a steady stream of low-level cyber-attacks posed the most likely danger to the United States, rather than a potential digital "armageddon."
As for how the breach occurred and was detected in the first place, the Associated Press reports:
[The Department of Homeland Security] said its intrusion detection system, known as EINSTEIN, which screens federal Internet traffic to identify potential cyberthreats, identified the hack of OPM's systems and the Interior Department's data center, which is shared by other federal agencies.
It was unclear why the EINSTEIN system didn't detect the breach until after so many records had been copied and removed.