China Claims OPM Hack was "Criminal"; Arrests Hackers It Says were Responsible

By Cody M. Poplin
Wednesday, December 2, 2015, 7:59 PM

Buried in this morning's article covering the ongoing U.S.-China cybersecurity talks, Chinese state-owned media outlet Xinhua News said that an investigation had determined that the hack of the Office of Personnel Management was not a state-sponsored cyber attack, but instead the work of criminal hackers. The otherwise throwaway line in an article about diplomatic negotiations is significant as Xinhua is the official press agency of the People's Republic of China.

From Xinhua:

Among the cases discussed included the one related to the alleged theft of data of the U.S. Office of Personnel Management by Chinese hackers. Through investigation, the case turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. side has previously suspected.

This afternoon, Ellen Nakashima of the Washington Post reported that the Chinese government has arrested "a handful of hackers it says were connected" to the OPM breach. According the Beijing, the arrests occurred shortly before Chinese President Xi Jinping visited Washington in late September, during which the U.S and China signed a landmark cyber espionage agreement.

Nakashima explains:

If the individuals detained were indeed the hackers, the arrests would mark the first measure of accountability for what has been characterized as one of the most devastating breaches of U.S. government data in history.

But officials said it has been difficult so far to independently confirm whether the people rounded up were actually connected to the OPM breach.

“We don’t know that if the arrests the Chinese purported to have made are the guilty parties,” said one U.S. official, who like others interviewed spoke on condition of anonymity because of the subject’s sensitivity. “There is a history [in China] of people being arrested for things they didn’t do or other ‘crimes against the state.’"

Since the intrusions were first disclosed in June, U.S. government officials said they have suspected the Chinese government’s involvement, in particular the civilian Ministry of State Security.

Some officials say the hackers may have been MSS contractors who possibly acted on their own but knew the agency would be interested in the data.

So, was the OPM hack a case of traditional state-sanctioned, if not state-executed, espionage? Or did a state contractor get out in front of the Chinese government?

The twists just keep on coming.