A U.S. official, who spoke to the paper on the condition of anonymity, said that the Central Intelligence Agency recalled its officers as a precautionary measure after hackers gained access in April to two different OPM databases containing federal employees’ names, addresses, Social Security numbers, and background-check forms, among other confidential information.
The Obama administration privately blames China for the attack and has characterized it as an act of political espionage. The White House has yet to publicly blame anyone for the intrusion.
The cybertheft affected roughly 21.5 million federal workers, or about seven percent of the U.S. population. In addition to personal information, hackers took an estimated 5.6 million fingerprint records.
According to the Post, the CIA became concerned that that the OPM database—specifically the background checks of State Department employees—could be used to identify its covert officers, who pose as diplomatic personnel in foreign embassies as cover for their intelligence missions.
The administration became worried that China would cross-reference the stolen personnel records with a list of Beijing embassy staff and spot embassy employees who didn’t appear in the stolen records, which largely excluded CIA personnel.
Officials have said that they fear the repercussions of the OPM data leaving Chinese hands. The records could be used to identify and blackmail undercover U.S. operatives or to coerce private citizens into spying for a foreign government. Beijing is known to use biometric data and other high-tech methods to scrutinize the identities of American travelers applying for visas.
At a hearing on Tuesday, Director of National Intelligence James Clapper offered Republican lawmakers a simple explanation for why the White House hadn’t yet retaliated for the attacks: the U.S. engages in the same type of espionage and does not want to legally stigmatize it.
“We’re not bad at it,” said Clapper, who oversees the 17-member U.S. intelligence community.
President Barack Obama and Chinese President Xi Jinping announced a new cybercrime-prevention agreement last Friday designed to resolve disputes between the two countries over China’s reticence to assist in U.S. investigations. The two countries will form a working group to monitor their cooperative efforts, and they will also consult with experts to develop norms for cyberspace in keeping with the broader work of the United Nations.
Beijing continues to deny any involvement in the OPM hack, with Chinese officials repeatedly saying that their country opposes malicious hacking.
Photo via LeRoy N. Sanchez, Records Management/Media Services and Operations/U.S. Department of Energy/Wikimedia Commons (PD)