U.S. officials worry hacked data exposes spies posted in China

WASHINGTON -- U.S. officials say they are concerned about the Chinese government's capability of using stolen records of millions of federal workers and contractors to piece together the identities of intelligence officers secretly posted in China over the years.

The potential exposure of the intelligence officers could prevent many American spies from being posted abroad again, current and former intelligence officials said. It would be a setback for intelligence agencies already concerned that a recent data breach at the Office of Personnel Management is a windfall for future Chinese espionage efforts.

In the days after the breach of records of millions of federal workers and contractors became public last month, some officials in President Barack Obama's administration said the theft was not as damaging as it might have been because the Chinese hackers did not gain access to the identities of American undercover spies.

Officials have privately blamed the Chinese government for the hacking attacks. However, the Obama administration has decided against publicly blaming China, in part out of reluctance to reveal the evidence that American investigators have assembled, which would expose details of the U.S.'s own espionage and cyber capabilities, said U.S. officials, who spoke on condition of anonymity because they were not authorized to speak about the decision.

The records of the CIA and some other intelligence agencies, they said, were never part of the personnel office's databases, and were protected during the breach. Officials said intelligence agencies were taking steps to try to mitigate the damage, but what they are doing is unclear.

But intelligence and congressional officials now say there is great concern that the hackers -- who government officials are now reluctant to say publicly were working for the Chinese government -- could still use the trove of information to identify American spies by a process of elimination. By combining the stolen data with information they have gathered over time, they said, they can use "big data analytics" to draw conclusions about identities of undercover operatives.

"The information that was exfiltrated was valuable in its own right. It's even more compromising when it is used in combination with other information they may hold," said Rep. Adam Schiff of California, the top Democrat on the House Intelligence Committee. "It may take years before we're aware of the full extent of the damage."

The CIA and other agencies with undercover officers would generally be cautious about immediately withdrawing spies from China, as that would raise suspicions among Chinese counterintelligence operatives. A CIA spokesman declined to comment.

The CIA and other intelligence agencies typically post their spies in U.S. embassies, where the officers pose as diplomats working on political affairs, agricultural policy or other issues. The U.S. Embassy in Beijing has long housed one of the largest CIA stations in the world, with intelligence officers gathering information on China's political maneuvering, economic development and military modernization.

Several current and former officials said that even if the identities of the agency officers were not in the personnel office's database, Chinese intelligence operatives could run searches through the database on everyone granted visas to work at U.S. diplomatic outposts in China. If any of the names are not found in the stolen files, those individuals could be suspected as spies by a process of elimination.

The director of the National Security Agency, Adm. Michael Rogers, alluded to that problem Thursday night during an interview at the Aspen Security Forum in Colorado.

"From an intelligence perspective, it gives you great insight potentially used for counterintelligence purposes," Rogers said. "So for example, if I'm interested in trying to identify U.S. persons who may be in my country -- and I am trying to figure out why they are there: Are they just tourists? Are they there for some other alternative purpose? There are interesting insights from the data you take from OPM."

Rogers suggested another possible motive of the hackers: The data could be used for developing sophisticated "spear phishing" attacks on government officials. In those attacks, the victim clicks on what seems to be an email from a known source, allowing a virus into their computer networks.

Information for this article was contributed by Michael S. Schmidt of The New York Times.

A Section on 07/26/2015

Upcoming Events