China has admitted for the first time that a massive hacking attack on U.S. government databases was carried out by Chinese hackers, but denies it was a state-backed operation. Chinese state media say the incident was among several others discussed during high-level cyber security talks in Washington this week.
The revelation was mentioned almost in passing in a Xinhua state media report this week on the talks. The report did not provide any other details about the hackers or if they have been arrested.
“Through investigation, the case turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. side has previously suspected,” the report says.
According to a report in The Washington Post Tuesday, China says a handful of hackers were arrested in connection with the case, shortly before President Xi Jinping visited Washington in September.
The identities of those arrested and whether they are connected to the Chinese government remains unclear, the report adds.
The hacking attack on the Office of Personnel Management’s computer systems led to a massive breach of the personal information of nearly 22 million current and former U.S. federal employees, job applicants and their families.
U.S. officials have said they were unaware that any of the information from the personnel records of individuals holding security clearances has been used for criminal purposes.
Cyber attacks from China
Bob Fonow, founder of the consultancy group RGI, says it is convenient for China to say the breach was criminal, but adds that ultimately it is very hard to know who was behind the attack. What is clear, he says, is that the Chinese government is becoming more sensitive to U.S. concerns.
Confirmation that the attack was carried out by Chinese attackers “is an attempt to show the United States that China is trying to get a handle on this, to make sure they understand who is doing the hacking and why.”
Fonow says that like other states in the world, China has hacking that targets military and diplomatic targets for information.
“And then there’s another type of hacking that is out of control and I think that out of control hacking is what government’s are trying to understand better and prevent,” he says.
During meetings this week in Washington, U.S. and Chinese representatives reached an agreement on guidelines for seeking assistance on cyber crime and other malicious cyber activities.
According to a statement from the U.S. Department of Justice, the agreements were reached during a meeting between U.S. Attorney General Loretta Lynch, Department of Homeland Security Secretary Jeh Johnson and Chinese Public Security Minister Guo Shengkun.
The two sides also agreed to hold so-called “tabletop exercises” in the spring. The exercises involve scenarios that would help the two sides understand how they respond to attacks.
China and the United States also agreed to hold another round of talks next June in Beijing.
China’s Public Security Ministry says the agreements would have a “major impact” on joint efforts to enforce Internet security. A statement on the talks released Wednesday also says the two sides will continue to hold frank discussions, and constructively manage disputes to develop more cooperation in combating cyber crime.
In their statements, both governments mentioned that the progress of investigations into individual cases was discussed during the talks, but no details were given.
Joyce Huang also contributed to this report.