The normally quiet U.S. Office of Personnel Management isn’t used to attracting as much international attention as the FBI or the CIA, but the federal agency responsible for assigning national security clearance found itself in the spotlight recently after Chinese hackers attempted to breach its secure network.
The Pentagon, FBI and other high-profile departments of the U.S. government are used to fending off attempted daily intrusions from across the globe, but sources have revealed to the New York Times that cyberspies have shifted their focus to smaller, albeit important, agencies in their attempt to steal American secrets.
The report is yet another reminder of the vulnerability of online storage and secure networks as international governments shift their operations into the Information Age. Last week the Department of Justice announced that a Chinese businessman in Canada had hacked into Boeing’s computers and stolen information about U.S. military aircraft and weapons. Details in that case -- which is unrelated to the attempted breaches of government agencies -- are still being released.
Along with the Office of Personnel Management, which stores detailed personal information on tens of thousands of prospective government employees who've applied for top secret security clearances, Chinese hackers have targeted the Government Printing Office and the Government Accountability Office in recent months. The Government Printing Office catalogs scores of information for the White House and Congress, and it prints passports for the State Department. The accountability office serves as a watchdog over federal spending and determines the efficacy of federal programs.
An official at the Department of Homeland Security who spoke anonymously told CNN that investigators haven’t yet found “any loss of personally identifiable information” at the Office of Personnel Management. If such information were compromised, it could make it possible for foreign agents to blackmail or intimidate U.S. government employees who have security clearance.
It’s not clear whether the espionage efforts originated with the Chinese government, although previous reports have indicated that Beijing has launched cyberattacks on Washington through proxy parties and military experts. Shawn Henry, a former cybersecurity official at the FBI, told the Times that the recent string of attacks have been “indicative of a state-run intelligence agency.” He explained that it’s simply hard to picture why a nongovernment entity would be interested in U.S. personnel files located in obscure departments.
“Along the way you’re going to shake a lot of doorknobs,” he said. “You may not spend a lot of time in that place, but if the door is unlocked, why not look in?”
Word of the hacks came as rhetoric between U.S. and Chinese officials intensifies. Recentlyhe Department of Justice unsealed an indictment against five hackers suspected of hacking American retail chains. Rather than increasing scrutiny on the suspects, though, the FBI’s “name and shame” strategy has lifted the hackers to a point of admiration in the Chinese media.
Jeremy Goldkorn, who analyzes the Chinese media, told NPR’s “On the Media” in May that Chinese audiences seemed to favor hearing about American intelligence-gathering plots.
“I think there probably are many people who think that China is doing it, I don’t think the outrage here is because they think it’s a lie,” he said. “I think the outrage is because they think the U.S. is just as bad, and explicitly criticizing individuals is causing outrage. A very common statement I saw on social media is that everyone is doing it, it’s just that the U.S. is a bigger thief who is crying when its stuff is stolen.”
The accountability office declined to tell reporters how many times hackers had tried to infiltrate its network, but the number almost certainly pales in comparison to the number of attempted breaches of the Pentagon's network, which officials say is targeted every day by foreign intelligence agencies and individual hackers alike.