China-based hackers are suspected of breaking into the computer networks of the U.S. government personnel office and stealing identifying information of at least 4 million federal workers, American officials said Thursday. But Beijing blasted the allegation as "irresponsible.”
The Department of Homeland Security said in a statement that data from the Office of Personnel Management (OPM), which handles employee records and security clearances, and the Interior Department had been compromised.
“The FBI is conducting an investigation to identify how and why this occurred,” the statement said.
The intruders used a “zero-day” — a previously unknown cyber tool — to take advantage of a vulnerability in the system, according to the Washington Post.
Cyber investigators linked the breach to earlier thefts this year of health care records from the second-largest U.S. health insurer Anthem Inc. and health care service provider Premera Blue Cross. Chinese hackers were suspected in the attack.
The hackers involved in Thursday’s attack are believed to be based in China, said Sen. Susan Collins, a Maine Republican. Collins, who is also a member of the Senate intelligence committee, called the breach “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”
At a regular news briefing, Chinese Foreign Ministry spokesman Hong Lei on Friday denied the allegations and said that China hoped the United States would have more trust in Beijing. “Without first thoroughly investigating, always saying that ‘it's possible,’ this is irresponsible and unscientific,” Hong said.
A spokesman for the Chinese Embassy in Washington, Zhu Haiquan, said Thursday that China had made great efforts to combat cyberattacks, and that tracking such events conducted across borders was difficult.
There was no comment from the White House.
In April, a Pentagon report said hackers associated with the Chinese government repeatedly targeted U.S. military networks last year in an attempt to gather intelligence.
China was reportedly behind a previous OPM attack, and has a drawn other such allegations as well: In 2013, the Obama administration called on China to stop stealing trade secrets from corporate computers. Last year, the U.S. made cyber espionage charges against five Chinese military officials, accusing them of hacking into U.S. companies to gain trade secrets.
But China is not the only nation targeting the U.S. government. Russian hackers who penetrated sensitive parts of the White House computer system last year reportedly read President Barack Obama's unclassified emails.
And though U.S. officials seem convinced the hackers did originate in China, they have not presented evidence that suggests the Chinese government itself was involved.
The OPM is the human resources department for the federal government. It conducts background checks for security clearances, including more than 90 percent of federal background investigations, according to its website.
In a statement issued Thursday, the OPM advised affected staff to monitor their account statements, and to report any suspicious activity to the financial institutions involved. It said it would send notifications to approximately 4 million current and former government employees whose personally identifiable information "may have been compromised."
The OPM discovered the breach in April, according to officials at the agency, the Post reported. The hackers accessed Social Security numbers, job assignments, performance ratings and training information, agency officials told the Post, adding that they did not know if data was taken. A U.S. official who declined to be identified said the data breach could potentially affect every federal agency.
The largest federal employee union said it was working with the administration to ensure measures were taken to secure the personal information of affected employees. "AFGE will demand accountability," American Federation of Government Employees President J. David Cox Sr. said in a statement.
Ken Ammon, chief strategy officer of Xceedium, a government security contractor, said the attack fit the pattern of those conducted by “nation states.” In the world of data-stealing cyber attacks, that phrase typically refers to either Russia or China.
“This is an attack against the nation,” Ammon said, because the information could be used to impersonate or blackmail federal employees with access to sensitive information.
In November, a former Department of Homeland Security contractor disclosed another cyber breach that compromised the private files of more than 25,000 DHS workers and thousands of other federal employees.
DHS said its intrusion detection system, which is known as EINSTEIN and screens federal Internet traffic to identify potential cyber threats, identified the hack of OPM's systems and the Interior Department's data center, which is shared by other federal agencies.
“DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion,” the statement said.
Al Jazeera and wire services