All US government personnel records may have been compromised by Chinese hackers
Chinese hackers have gained access to the computer system belonging to the US agency which holds all government personnel records, it has been reported.
If the report is true, it signifies a worrying escalation of cybersecurity tensions between China and the United States.
The New York Times reported that in March this year, Chinese hackers broke into the computer system belonging to the US Office of Personnel Management, the government agency that keeps the personal information of all federal employees.
The newspaper cited senior US officials as its source, and said the hacker appeared to be targeting files on tens of thousands of employees who have applied for top-secret security clearances.
It seems that the hackers were able to gain access to some of the agency’s databases, before the federal authorities detected the threat and blocked them from the network. The NYT said it was unclear at this stage how far the hackers penetrated the agency’s systems.
It quoted a senior Department of Homeland Security official who confirmed that the attack had occurred but said that “at this time,” neither the personnel agency nor Homeland Security had “identified any loss of personally identifiable information.” The official reportedly said an emergency response team was assigned “to assess and mitigate any risks identified.”
And it seems that the attack was traced to China, although a senior American official said it was not clear if the hackers had any links to the Chinese government.
The disclosure of the hack comes at a time when Secretary of State John Kerry is in Beijing for the annual Strategic and Economic Dialogue, a forum for the United States and Chine to discuss their commercial relationships, among other issues.
Secretary of State John Kerry was asked about the hack and he reportedly said that the “alleged incident” did not appear to have impacted sensitive information. “What we have heard is that it relates to an attempted intrusion. It is still being investigated by US authorities,” he reportedly said. “At this point in time it does not appear to have compromised any sensitive material.”
If this latest alleged attack is confirmed as stemming from mainland China, it risks further inflaming already heightened tensions between the two countries over cyber security.
Last month, a US official confirmed that attempts by the United States and China to tackle the scourge of cyber crime together had stalled.
The collapse in co-operation was blamed on the fact that the US had filed hacking charges against Chinese army personnel. In late May, the US filed indictments against members of Unit 61398 of the Chinese People’s Liberation Army (PLA).
The move apparently soured relations between the two countries and effectively ended any co-operation over tackling cyber crime together.
All of this has added to the difficulties of Western companies doing business in China, and has led to Chinese businesses and banks replacing Western computers or software in favour of local offerings.
China also said recently that it would vet Western technology companies operating in the country. Meanwhile the China Central Government Procurement Centre has already excluded Windows 8 from a government purchase of energy-efficient computers, in order to “ensure computer security”.
Are you a security pro? Try our quiz!