- Polar Peak in Fortnite is cracking, and players think a dragon may be beneath the ice 4 Years Ago
- ‘Rise of Skywalker’ first look reveals mysterious new characters 4 Years Ago
- Meet the anti-choice, pro-NRA Trump supporter challenging Rep. Justin Amash 4 Years Ago
- Moby attempts to prove he dated Natalie Portman with a shirtless photo 4 Years Ago
- After feuding with James Charles, Tati Westbrook angers the YouTube community Today 11:06 AM
- Does Keri Russell’s ‘Rise of Skywalker’ character have an offensive name in Spanish? Today 10:59 AM
- It’s not clear if Ralph Northam is in racist yearbook photo, investigators say Today 10:48 AM
- The atonement of an alt-right troll Today 9:25 AM
- #StopTheBans protests draw thousands across the country in support of abortion rights Today 9:24 AM
- North Korea is using Trump’s low IQ attack on Joe Biden Today 9:14 AM
- How to watch ‘Kidding’ for free Today 8:00 AM
- What’s the deal with Bran Stark at the end of ‘Game of Thrones’? Today 6:30 AM
- How to watch TruTV online for free Today 6:00 AM
- Fans call out Madonna for edited Eurovision video Tuesday 9:36 PM
- Partnered Twitch streamer temporarily banned for airing troll’s racist message Tuesday 8:45 PM
NSA director: Don’t be so quick to blame China for OPM cyberattack
Meanwhile, anonymous officials attribute the attack to China.
Asked about China’s involvement in the OPM attack, Adm. Mike Rogers, director of the National Security Agency and commander of U.S. Cyber Command, responded, “You’ve put an assumption in your question. I’m not going to get into the specifics of attribution. It’s a process that’s ongoing.”
Rogers’ statement appears to be at odds with unnamed senior administration officials who have told the New York Times and the Washington Post that China was responsible for the attack, which remained undetected for a year.
The breach at OPM, the federal government’s human-resources office, may have affected as many as 18 million current and former government employees. OPM Director Katherine Archuleta, testifying on Capitol Hill this week, downplayed that number, saying it referred only to the approximate number of unique Social Security numbers held in the agency’s security databases.
Archuleta called the 18-million-victims figure “preliminary and unverified.”
Rep. Jason Chaffetz (R-Utah), the chairman of the House Oversight Committee, speculated at a Wednesday hearing that as many as 32 million records may be affected, citing a figure from the agency’s 2016 fiscal budget. That includes “banking information for more than 2 million annuitants and background investigations for more than 30 million people.”
After the attack was disclosed, White House press secretary Josh Earnest told reporters that the government may never be “in a position at any point in the future to make a grand pronouncement about who may have been responsible for this particular intrusion.”
Cybersecurity analyst Jeffrey Carr told the Daily Dot on Thursday that there are “multiple problems with attempts at attribution based upon analysis of technical indicators associated with the attack.”
First, “all technical indicators can be faked.” Second, “we see only what the attacker wants us to see, such as hints in the code, DNS registration, keyboard language selection, working hours, et cetera.”
Attributing a cyberattack is difficult under the best of circumstances, Carr said. During last year’s attack on Sony Picture Entertainment, the U.S. government confidently pinned the blame on North Korea, going as far as to impose retaliatory economic sanctions. But Carr’s security firm, Taia Global, subsequently uncovered proof that Russian hackers had also breached Sony’s network and exfiltrated files.
“In fact, the FBI interviewed me about how that could have happened and by whom,” Carr said. “If the FBI and the NSA cannot differentiate among attackers in the same network at the same time, how reliable can attribution truly be?”
Senior U.S. officials openly scolded China on Wednesday for sponsoring attacks against U.S. business, but they refrained from publicly laying blame for the OPM attack.
During remarks at the U.S.-China Strategic and Economic Dialogue, Vice President Biden said that nations that use “cybertechnology as an economic weapon, or profits from the theft of intellectual property are sacrificing tomorrow’s gains for short-term gains today.”
In a closed-door meeting at the White House this week, President Obama also “raised ongoing U.S. concerns” regarding cyberattacks with Chinese officials, according to a White House statement.
“The kinds of conversations that take place behind closed doors in the context of a summit as significant as the Strategic and Economic Dialogue are different than the kinds of public discussions that take place,” Earnest told reporters.
Illustration by Max Fleishman
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.