WASHINGTON—The Obama administration is increasingly confident that China’s communist regime, not criminal hackers, was responsible for the extraordinary theft of personal information about as many as 14 million current and former federal employees and others, The Associated Press has learned. One sign: None of the data has been credibly offered for sale on underground markets popular among professional identity thieves.
Investigators inside U.S. intelligence and law enforcement agencies, using secret “beacons” employed across the Internet, have been monitoring data transmissions across overseas networks for the file properties associated with the American personnel records, and scouring communications among targeted foreign hackers for credible references to the theft, two people directly involved in the investigation said. They spoke on condition of anonymity because parts of the case and techniques being used are classified.
Investigation
The investigation is being coordinated at the little-known National Cyber Investigative Joint Task Force, which is led by the FBI and includes 19 intelligence agencies and law enforcement, including the National Security Agency, CIA, Homeland Security Department, Secret Service, and U.S. Cyber Command.
Investigators also have watched underground markets where identity thieves peddle information and found no trace of the data stolen from the U.S. Office of Personnel Management, they said. In the chessboard world of espionage, they also acknowledged that by revealing what they said was indirect evidence that spying was actually the motive, it might encourage Beijing’s authorities to sell at least some of the data surreptitiously to implicate identity thieves in what would be a counter-counterintelligence false-flag operation.
China has openly denied involvement in the break-in, and the United States has publicly provided no direct evidence proving China was responsible.
