A number of U.S. intelligence assets are to return home after a cyber attack in which hackers gained access to information on millions of federal employees.
According to U.S. officials the data breach involved the personal data on 21.5 million government workers, and spies will be withdrawn from China due to a potential risk to their safety, writes Evan Perez for CNN.
U.S. suspects China was behind OPM hack
Although the U.S. has not formally implicated China in the attack, it is thought that hackers working for Beijing were behind the attack on the U.S. Office of Personnel Management. The fingerprints of 5.6 million government employees were compromised, along with other pieces of sensitive personal data.
The records of State Department employees were included on the database, and as a result the hackers could determine which embassy personnel were in fact intelligence assets. Agents of the Central Intelligence Agency, National Security Agency and Defense Intelligence Agency currently working in China are at risk of having their cover blown.
Consequently the CIA has removed a number of officers from the U.S. Embassy in Beijing, according to a report in The Washington Post. The hack is expected to have a wide-ranging effect on U.S. national security.
Potential long-term effects of information breach
One further reason that U.S. officials are concerned is the fact that information from forms used for security clearances, known as SF86 questionnaires, was also compromised. The forms contain data on current, former and prospective federal employees, their families and associates.
There is a concern that China may try to identify future U.S. intelligence assets using the data stolen from OPM. Chinese officials are known to investigate visa applications from people connected with the U.S. using travel patterns and other information.
Due to advancements in biometric technology, it has been getting harder for the CIA to plant operatives in foreign countries pretending to be someone else. To make up for this loss the CIA is working on improving its technological spying capabilities.
Obama administration criticized for reaction to hack
Figures from the Republican party have criticized the Obama administration over its handling of the hack. This Tuesday Republican senators questioned Director of National Intelligence James Clapper about why the Obama administration has not reacted more decisively.
“This is a pretty significant issue that is going to impact millions of Americans,” said Sen. Kelly Ayotte (R-N.H.). “But it seems to me they are not seeing a response right now from us, and therefore we’re going to continue to see bad behavior from the Chinese.”
Clapper admitted that the U.S. response was restricted by the fact that its intelligence agencies also use similar spying tactics. “We’re not bad at it,” he said.
He then reminded senators of an old saying. “I think it’s a good idea to at least think about the old saw about people who live in glass houses shouldn’t throw rocks,” said Clapper.
Cyber espionage a huge point of contention between U.S. and China
Despite suspicions that it maintains and uses powerful teams of hackers, Beijing has long denied that it engages in any hacking. Chinese officials consistently deny their involvement and sometimes claim to be a victim of hacking.
Hong Lei, a spokesman for the Chinese Ministry of Foreign Affairs, underlined that official position this Wednesday. “The Chinese government firmly opposes any forms of hacking,” he said.
Lei also mentioned the recent agreement between the U.S. and China related to cyber theft. A few days ago both nations agreed not to steal trade secrets or intellectual property for commercial gain, hopefully reducing the amount of U.S. companies which lose sensitive data to hackers.
Cyber crime was a huge part of talks between U.S. President Barack Obama and Chinese President Xi Jinping during the latter’s state visit to the United States last week. After warnings from Obama that China had overstepped the line when it came to cyber espionage and the theft of trade secrets, there were signs of apparent progress on the issue.
Both leaders announced that they had reached a “common understanding” and would work on a set of international rules for cyberspace. It would seem wise for the U.S. to strengthen its own defenses rather than trust China, given the amount of information lost in recent years.
Even if China scales back its cyber espionage program, U.S. public and private sector information needs to be better protected in case of attempted hacks from other countries. Russia has a strong cyber espionage program, and North Korea has threatened cyber war on more than one occasion.
China may be the main suspect in the biggest hacks, but U.S. cyber defense needs to be improved across the board.