The U.S. Central Intelligence Agency (CIA) pulled a number of officers from the American Embassy in Beijing as a precautionary measure after a massive cyberattack in June compromised the personal data of over 22 million federal employees, according to a report Tuesday.
U.S. officials reportedly said the data breach was conducted by a hostile party to identify spies and other American officials who could be blackmailed to provide information. The records, stolen from the Office of Personnel Management (OPM), contain the background checks of State Department employees.
U.S. officials told the Washington Post that China could have compared those records with the list of embassy personnel, and anybody not on that list could be a CIA official. Unnamed officials said that the CIA’s withdrawal was meant to protect its officers whose agency affiliation might put them at risk.
The report comes as senior intelligence officials explained America’s cybertheft deterrence measures to lawmakers. Director of National Intelligence James Clapper Jr. testified Tuesday before the Senate Armed Services Committee, explaining the difference between the OPM hacks and the theft of U.S. companies’ secrets to benefit another nation. The OPM hacks, “as egregious as it was,” Clapper reportedly said, was not a cyberattack. “Rather, it would be a form of theft or espionage.”
"We, too, practice cyberespionage and ... we’re not bad at it,” he added, warning lawmakers that it would not be prudent to seek to punish other countries for practices the U.S. itself engages in. “I think it’s a good idea to at least think about the old saw about people who live in glass houses shouldn’t throw rocks.”
Several lawmakers in attendance expressed their displeasure with the situation. "So it’s okay for them to steal our secrets that are most important because we live in a glass house? That is astounding,” Sen. John McCain, R-Ariz., reportedly said. “I’m just saying that both nations engage in this,” Clapper responded.
U.S. President Barack Obama had warned Beijing last month that it could face sanctions for the alleged cybertheft. He also said that further state-sponsored espionage could be considered an “act of aggression” that Washington would not tolerate.
"We have repeatedly said to the Chinese government that we understand how traditional intelligence gathering functions and that all states engage in it including us," he said earlier this month. "What is fundamentally different is your government or its proxies engaging in industrial espionage and stealing trade secrets from a company. We consider that an act of aggression and it must stop.”
Clapper reportedly said the implications of the OPM theft were significant, adding that it “has very serious implications ... from the standpoint of the intelligence community and the potential for identifying [undercover] people.”
“Unfortunately,” he said, “this is a gift that’s going to keep on giving for years.”