Attorney General Loretta Lynch, China’s State Councilor and Minister of Public Security Guo Shengkun, and US Secretary of Homeland Security Jeh Johnson pose for a photo at the first US-China cyber coordination meeting in Washington on December 1. (credit: news.cn)
An official Chinese report claims US and Chinese representatives “yielded positive outcomes” at the first meeting of a bilateral cyber security coordination group. The group was set up under the provisions of an agreement signed off on by President Barack Obama and Chinese President Xi Jinping in September. At the meeting in Washington, China acknowledged that the long-running penetration and theft of data from the systems of the Office of Personnel Management did originate from within China—but not from a state-sponsored attacker. “Through investigation, the case turned out to be a criminal case rather than a state-sponsored cyber attack as the US side has previously suspected,” the report from China’s Xinhaunet on the meeting claimed.
The OPM hack’s attribution to China had been previously denied by Chinese authorities. But the new claims that the attack (which lasted over a year and affected nearly 20 million people) was a criminal operation and not espionage runs counter to the usual patterns of such data thefts. None of the data stolen has yet been detected in use as part of financial fraud or other efforts criminals usually undertake to turn that data into cash. Still, while various sources have pointed to the sophistication of the attack on the OPM and how long it was able to be sustained, the attack used techniques that were within the capabilities of cybercriminals—relying on well-known vulnerabilities and taking advantage of vast material weaknesses in OPM’s network security that had been publicly cited by an Inspector General report.
The meeting of Chinese and US officials, chaired by US Secretary of Homeland Security Jeh Johnson, Attorney General Loretta Lynch, and China’s State Councilor and Minister of Public Security Guo Shengkun, was the first “High-Level Joint Dialogue on Cybercrime and Related Issues” mentioned in the September accord. Guo promised that China would move forward with creating a way to collaborate with US law enforcement agencies on combating cyber crime based on “the principles of law-abiding, reciprocity, honesty, and pragmatism.” The next meeting of the group will be held in Beijing in June of 2016.
Read 2 remaining paragraphs | Comments
At first cyber meeting, China claims OPM hack is “criminal case”
