China syndromeChinese government hackers collected information on U.S. security clearance applicants

Chinese government hackers last March broke into the computer networks of the U.S. Office of Personnel Management, the agency which keeps the personal information of all federal employees. The hackers targeted the information of tens of thousands of employees who had applied for top-secret security clearances.

Officials told the New York Times that the Chinese hacking was discovered and the hacking blocked. The scope of the hacking, and the amount of information the hackers were able to gather, are yet to be determined.

DHS spokesman confirmed that the breach had occurred, but that “at this time,” neither OPM nor DHS had “identified any loss of personally identifiable information.”

The DHS official added that an emergency response team was assigned “to assess and mitigate any risks identified.”

U.S. officials say the attack on the OPM was different because it succeeded: Hackers attack U.S. government computer networks every day, but such attacks rarely succeed. The Times notes that another successful attack occurred last year against the Department of Energy, in which the attackers were able to make off with the personal data of employee and contractors.

In May, the U.S. Justice Department indicted a group of Chinese government hackers who work for the People’s Liberation Army Unit 61398, and charged them with stealing corporate secrets (see “A first: U.S. indicts Chinese military officials for cyber-theft of U.S. companies’ industrial secrets,” HSNW, 20 May 2014; and “Chinese government orchestrates cyberattacks on U.S.: experts,” HSNW, 19 February 2013). Other members of PLA Unit 61398 have also been accused of hacking U.S. government computer systems, including in the office of the secretary of defense.

All the efforts by the United States to persuade, deter Chinese government agencies from attacking U.S. government and corporate computer networks have failed. The attempt to use the legal system has also proved futile. “There’s no price to pay for the Chinese,” one senior intelligence official told the Times, “and nothing will change until that changes.”

In addition to Unit 61398, security researchers identified were able to identify a second Shanghai-based Chinese military unit, known as Unit 61486, and connect hundreds more cyberattacks at American and European space and satellite technology companies and research groups. While the indictment of members of Unit 61398 appears to have temporarily slowed down the hacking activity of that unit, it had no effect on Unit 61486.

“The same proved true for the dozen other Chinese military and naval units that American officials have been tracking as they break into an ever more concerning list of corporate targets including drone, missile and nuclear propulsion technology makers,” the Times swrites.

Experts note that the hacking of OPM files containing information about federal employees applying for security clearance is especially disturbing since federal employees applying for security clearances enter their most personal information.

Caitlin Hayden, a spokeswoman for the Obama administration, noted that the agency had intrusion-detection systems in place and notified other federal agencies, state, and local authorities about the Chinese attack on OPM, then shared relevant threat information with some in the security industry. Hayden said that the administration had no reason to believe personally identifiable information for employees was compromised.