December 3, 2015 -
China’s news agency Xinhua said an investigation into last year’s U.S. federal system breach that compromised the private information of more than 22 million employees, found that the online attack was criminal and not state-sponsored as some U.S. security experts have claimed, according to a report by Reuters.
Top U.S. and Chinese officials met earlier this week in Washington D.C. to discuss cyber security issues, including the breach at the U.S. Office of Personnel Management (OPM) earlier this year, which included the compromise of 5.6 million fingerprints.
The Xinhua report did not provide any details about who performed the investigation or whether both U.S. and Chinese officials agreed with the conclusion.
Neither side has yet to respond to Reuters’ requests for comment, however, White House spokesman Josh Earnest called the meeting “an important step” toward addressing U.S. concerns regarding Chinese cyber espionage.
In June, U.S. intelligence chief James Clapper said that Chinese hackers was responsible for the OPM cyber attack but did not explicitly point the finger at China’s government.
Despite this, several U.S. officials have said privately that they believe that Chinese government agencies were responsible for the hacking.
John Hultquist of iSight Partners, which provides cyber intelligence to the U.S. government, said the breach was unequivocally conducted by hackers working for China’s government based on digital evidence and the hackers’ other targets, which included health insurer Anthem.
Hultquist added that while China was definitely responsible for the hackings, iSight Partners cannot attribute the breach “directly to a specific intelligence organization or office building in Beijing.”
U.S. officials are reluctant to accuse the Chinese government publicly of hacking American security information since this kind of espionage is conducted by nearly all major foreign intelligence agencies including U.S. agencies, according to officials and security experts.
As a result of the meeting, the two countries have signed a broad agreement on the joint initiative against combating cyber crimes, and have established a hotline to address these issues.
The meeting is the first round of cybersecurity talks following the two countries signing a bilateral anti-hacking agreement in September. The next meeting is set for June.