According to a report from the Washington Post, the Chinese government says it has identified and arrested the hackers who breached the security of the Office of Personnel Management (OPM) and stole highly sensitive data about millions of U.S. government employees -- though doubts remain over the credibility of those arrests.
In June, it was revealed that hackers spent 18 months lurking inside the unsophisticated computer networks at the OPM exposing the data of 21.5 million federal employees and their families, and while the Obama administration denied any data on American intelligence officials was at risk, the huge loss of data was both embarrassing and a potential national security risk. Officially the White House has not pointed the finger at Beijing, but officials have been privately assigning blame to hackers working for the Chinese government. Chinese President Xi Jinping's officials have steadfastly denied any involvement.
Earlier this week, China's Xinhua News Agency reported that a government investigation in China found that criminal hackers were to blame for the attack and not state-sponsored hackers. Based on reports from anonymous sources, the Post says that officials have managed to identify and arrest the alleged perpetrators. But, beyond this fact, there are no details available. "The identities of the suspects -- and whether they have any connection to the Chinese government -- remain unclear," the Post reported.
One U.S. official speaking anonymously to the newspaper cast some doubt on the validity of the identities of those arrested: “We don’t know that if the arrests the Chinese purported to have made are the guilty parties. There is a history [in China] of people being arrested for things they didn’t do or other ‘crimes against the state.’”
If the Chinese government has in fact identified the hackers and gone as far as arresting them, then it would mark one of the most significant actions in the continuing cyberespionage war between the U.S. and China.
The arrests allegedly took place before Xi's recent state visit to the U.S. in September where he met with U.S. President Barack Obama to address America's concerns about the level of cyberespionage being carried out by Chinese hackers -- allegedly at the behest of the Chinese government. Following a declaration by Xi in September that his country would no longer conduct economic espionage in cyberspace, last week China's president reiterated his pledge not to do so, at the G20 summit, which was attended by 19 other world leaders.
This week a summit took place in Washington to try and establish guidelines between the two countries in order to allow both sides to investigate cyberattacks. The meetings were attended by Attorney General Loretta Lynch and Homeland Security Secretary Jeh Johnson along with senior Chinese officials including Chinese Minister of Public Security Guo Shengkun.