‘We have a lot of information about people, and that is something that our adversaries want.”
That’s how Donna Seymour, an Office of Personnel Management (OPM) official recently described the OPM hacking to a reporter for the Washington Post. As we found out yesterday, in April, Chinese hackers intruded OPM networks and potentially acquired the personal information of 4 million U.S. government employees.
So how did this happen? Well, according to an OPM press release, the agency has been upgrading its network security over the past year. That said, yesterday’s press release also notes that it was only after the April hacking that OPM focused on “restricting remote access for network administrators . . . and deploying anti-malware software” against programs that might “compromise the network.” In short, OPM hasn’t been moving fast enough to prevent hacking.
Regardless, it makes sense that China was involved in the intrusion. For a start, China has exceptionally capable, experienced, and wide-ranging cyber-hacking forces. These units are experts at both physical access and remote penetration of network-security systems. Moreover, China has a penchant for attacking the OPM. In July last year, the New York Times reported on China’s hacking of OPM information on applicants for top-secret security clearances. That the OPM didn’t urgently upgrade its security after that 2014 incident is inexcusable. We’ve paid the price in our damaged national security.
So China appears to have scored a major win here. John Schindler, a former NSA counter-intelligence official and the author of the 20 Committee strategy blog told me that OPM information can be “vital to recruiting or compromising” U.S. government officials. The agency gathers “extensive details of their personal lives, their finances, their families, their career highs and lows,” he said. “In short, everything you would never want your enemy to know about you – from a counterintelligence viewpoint, this breach represents a true nightmare scenario.”
By finding U.S. officials with personal or professional difficulties, China can target them for recruitment.
Schindler’s point is well made. After all, it’s not hard to guess why hackers are so interested in the OPM. By finding U.S. officials with personal or professional difficulties, China can target them for recruitment. And China has a record here. In recent years, China has worked hard to recruit Westerners — both in the United States and in China. It does so because it wants people who have access (or who will have access) to steal information for China’s military and industrial development.
#related#But the significance of this incident isn’t only that information has been stolen. It’s that it reveals massive flaws in the broader American policy towards China. It proves that U.S. warnings to China over hacking have so far been utterly impotent. Seeing that his aggressive cyber-operations result only in occasional, unenforceable indictments from the U.S. Justice Department, President Xi Jinping simply keeps doubling down. Today, while he challenges America across the planet, Jinping is also challenging America in cyberspace. It’s a full-spectrum Chinese effort. And it’s uncontested by America.
Oh, and one final observation: If hackers can repeatedly breach American government servers, we should certainly assume that Jinping has also read Hillary Clinton’s e-mails.
— Tom Rogan is a panelist on The McLaughlin Group and holds the Tony Blankley chair at the Steamboat Institute. He tweets @TomRtweets.