CIA pulled officers from Beijing after OPM hacking of personnel records
By ELLEN NAKASHIM AND ADAM GOLDMAN | The Washington Post | Published: September 29, 2015
WASHINGTON — The CIA pulled a number of officers from the U.S. Embassy in Beijing as a precautionary measure in the wake of the massive cybertheft of the personal data of federal employees, current and former U.S. officials said.
The move is a concrete impact of the breach, one of two major hacks into Office of Personnel Management computers that were disclosed earlier this year. Officials have privately attributed the hacks to the Chinese government.
The theft of documents has been characterized by senior U.S. officials as political espionage intended to identify spies and people who might be recruited as spies or blackmailed to provide useful information.
Because the OPM records contained the background checks of State Department employees, officials privately said the Chinese could have compared those records with the list of embassy personnel. Anybody not on that list could be a CIA officer.
The CIA's move was meant to safeguard officers whose agency affiliation might be discovered as a result of the hack, said officials, who spoke on the condition of anonymity to discuss a sensitive matter.
The CIA declined to comment.
The disclosure comes as senior defense and intelligence officials on Tuesday tried — not always successfully — to explain to a committee of frustrated lawmakers their policy on deterring foreign governments, such as China, from carrying out cyber-intrusions.
Director of National Intelligence James R. Clapper Jr., testifying before the Senate Armed Services Committee, sought to make a distinction between the OPM hacks and cybertheft of U.S. companies' secrets to benefit another country's industry. What happened in OPM case, "as egregious as it was," Clapper said, was not an attack: "Rather, it would be a form of theft or espionage."
And, he said, "we, too, practice cyberespionage and . . . we're not bad at it." He suggested that the United States would not be wise to seek to punish another country for something its own intelligence services do. "I think it's a good idea to at least think about the old saw about people who live in glass houses shouldn't throw rocks."
That drew a sharp response from Sen. John McCain, R-Ariz., the committee's chairman. "So it's OK for them to steal our secrets that are most important because we live in a glass house? That is astounding."
Clapper protested that he did not say it was a good thing. "I'm just saying that both nations engage in this," he said, referring to China and the United States.
Several lawmakers were not satisfied with the lack of a punishment for the OPM theft, despite Clapper's explanation.
"This is a pretty significant issue that is going to impact millions of Americans," said Sen. Kelly Ayotte, R-N.H. "But it seems to me they are not seeing a response right now from us, and therefore we're going to continue to see bad behavior from the Chinese."
At another point in the hearing, Deputy Defense Secretary Robert O. Work seemed to stray off-message when he asked what response he would recommend if the Chinese were to carry off another OPM-like cybertheft.
"Sanctions? Retaliation?" asked Sen. Dan Sullivan, R-Alaska.
"Could be any of those, Senator. Maybe all of the above," Work responded.
In fact, largely because of the concerns that Clapper outlined, it is unlikely that the administration would impose sanctions or retaliate overtly for the OPM intrusions.
During the Cold War, Sen. Martin Heinrich, D-N.M., noted, a foreign agent who was nabbed trying to steal U.S. secrets would be kicked out of the country if he or she had diplomatic cover or thrown in jail otherwise.
In the OPM breach, he said, "the U.S. government seems uncertain about what a proportioned response would look like."
The counterintelligence risks of the OPM breach are significant, Clapper said. He noted that the intelligence agencies do not know specifically whose records were taken. But the scale of the compromise — more than 22 million individuals' records breached — "has very serious implications . . . from the standpoint of the intelligence community and the potential for identifying people" who may be undercover.
"Unfortunately," he said, "this is a gift that's going to keep on giving for years."