- The first professional U.S. transgender boxer just won his first fight Today 2:18 PM
- Twitch streamer apparently hits partner on video Today 1:45 PM
- There’s now rehab for Fortnite addiction Today 12:07 PM
- How to watch América vs. Pumas online for free Today 11:25 AM
- ‘Target Tammy’ is the latest white woman to complain about Black people minding their own business Today 11:08 AM
- Jason Momoa reprises ‘Game of Thrones’ character on ‘SNL’ Today 10:06 AM
- How to watch the epic Copa Libertadores final online for free Today 9:35 AM
- The top fandoms of 2018 Today 8:00 AM
- How to watch Real Madrid vs. Huesca online for free Today 6:40 AM
- What is Sling TV? Today 6:15 AM
- A year of apologizing to the internet Today 6:15 AM
- How to stream NFL’s Week 14 games for free Today 6:00 AM
- John Kelly will be leaving the White House, and Twitter reacted exactly as expected Saturday 6:12 PM
- Shonen Jump manga is going (mostly) free to combat piracy Saturday 5:14 PM
- ‘Death Grips is online’ is trending, so what does it mean? Saturday 4:33 PM
NSA director: Don’t be so quick to blame China for OPM cyberattack
Meanwhile, anonymous officials attribute the attack to China.
Asked about China’s involvement in the OPM attack, Adm. Mike Rogers, director of the National Security Agency and commander of U.S. Cyber Command, responded, “You’ve put an assumption in your question. I’m not going to get into the specifics of attribution. It’s a process that’s ongoing.”
Rogers’ statement appears to be at odds with unnamed senior administration officials who have told the New York Times and the Washington Post that China was responsible for the attack, which remained undetected for a year.
The breach at OPM, the federal government’s human-resources office, may have affected as many as 18 million current and former government employees. OPM Director Katherine Archuleta, testifying on Capitol Hill this week, downplayed that number, saying it referred only to the approximate number of unique Social Security numbers held in the agency’s security databases.
Archuleta called the 18-million-victims figure “preliminary and unverified.”
Rep. Jason Chaffetz (R-Utah), the chairman of the House Oversight Committee, speculated at a Wednesday hearing that as many as 32 million records may be affected, citing a figure from the agency’s 2016 fiscal budget. That includes “banking information for more than 2 million annuitants and background investigations for more than 30 million people.”
After the attack was disclosed, White House press secretary Josh Earnest told reporters that the government may never be “in a position at any point in the future to make a grand pronouncement about who may have been responsible for this particular intrusion.”
Cybersecurity analyst Jeffrey Carr told the Daily Dot on Thursday that there are “multiple problems with attempts at attribution based upon analysis of technical indicators associated with the attack.”
First, “all technical indicators can be faked.” Second, “we see only what the attacker wants us to see, such as hints in the code, DNS registration, keyboard language selection, working hours, et cetera.”
Attributing a cyberattack is difficult under the best of circumstances, Carr said. During last year’s attack on Sony Picture Entertainment, the U.S. government confidently pinned the blame on North Korea, going as far as to impose retaliatory economic sanctions. But Carr’s security firm, Taia Global, subsequently uncovered proof that Russian hackers had also breached Sony’s network and exfiltrated files.
“In fact, the FBI interviewed me about how that could have happened and by whom,” Carr said. “If the FBI and the NSA cannot differentiate among attackers in the same network at the same time, how reliable can attribution truly be?”
Senior U.S. officials openly scolded China on Wednesday for sponsoring attacks against U.S. business, but they refrained from publicly laying blame for the OPM attack.
During remarks at the U.S.-China Strategic and Economic Dialogue, Vice President Biden said that nations that use “cybertechnology as an economic weapon, or profits from the theft of intellectual property are sacrificing tomorrow’s gains for short-term gains today.”
In a closed-door meeting at the White House this week, President Obama also “raised ongoing U.S. concerns” regarding cyberattacks with Chinese officials, according to a White House statement.
“The kinds of conversations that take place behind closed doors in the context of a summit as significant as the Strategic and Economic Dialogue are different than the kinds of public discussions that take place,” Earnest told reporters.
Illustration by Max Fleishman
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.