The Chinese government claims it has identified and arrested the hackers who breached the U.S. Office of Personnel Management, stealing information on over 20 million federal employees and contractors in history’s largest data raid.
“The identities of the suspects – and whether they have any connection to the Chinese government – remain unclear,” reports the Washington Post.
“We don’t know that if the arrests the Chinese purported to have made are the guilty parties. There is a history of people being arrested for things they didn’t do or other ‘crimes against the state,'” an anonymous U.S. official explained.
It has long been suspected that hackers connected to, or hired by, Chinese intelligence were behind the OPM hack, an allegation the government in Beijing vigorously denies. The Post details how the possibility of sanctions over this and other examples of Chinese cyber-espionage appeared to “distress” Chinese officials, perhaps inspiring them to Round Up the Usual Suspects.
Or maybe they really did arrest the actual perpetrators of the OPM attack, a possibility Jason Healey of the Columbia University School of International Public Affairs described as “the most important arrest that we’ve perhaps seen in cybercrime.” While there is some skepticism that China has truly changed its ways, Healey thought the combination of threatened sanctions and U.S. indictment of People’s Liberation Army officials linked to cyber-espionage might have produced a real diplomatic breakthrough.
Ars Technica notes that one reason skeptics have a hard time with China’s narrative about criminal hackers working outside their control is that it “runs counter to the usual pattern of such data thefts,” because “none of the data stolen has yet been detected in use as part of financial fraud or other efforts criminals usually undertake to turn that data into cash.”
However, it is also worth noting that the OPM hack did not use any super-sophisticated hacking tools or resources that could only have come from a state sponsor; there was not really all that much “hacking” involved at all, as the term is traditionally understood.
The White House did not officially comment on China’s claim of arresting the OPM criminals, preferring instead to focus on the importance of Chinese cooperation in cyber-security, looking forward to another meeting between U.S. and Chinese security and law-enforcement officials next June.