US fears data stolen by Chinese hacker could identify spies

The Personnel Management office suffered one of the largest breaches of information ever in the latest attack by Chinese hackers

American officials are concerned that the Chinese government could use the stolen records of millions of federal workers and contractors to piece together the identities of intelligence officers secretly posted in China over the years.

The potential exposure of the intelligence officers could prevent a large cadre of American spies from ever being posted abroad again, current and former intelligence officials said. It would be a significant setback for intelligence agencies already concerned that a recent data breach at the Office of Personnel Management is a major windfall for Chinese espionage efforts.

In the days after the breach of records of millions of federal workers and contractors became public last month, some officials in the Obama administration said that the theft was not as damaging as it might have been because the Chinese hackers did not gain access to the identities of American undercover spies.

The records of the CIA and some other intelligence agencies, they said, were never part of the personnel office's databases, and were protected during the breach. Officials said intelligence agencies were taking steps to try to mitigate the damage, but it is unclear what they are specifically doing.

But intelligence and congressional officials now say there is great concern that the hackers - who government officials are now reluctant to say publicly were working for the Chinese government - could still use the vast trove of information to identify American spies by a process of elimination. By combining the stolen data with information they have gathered over time, they said, the hackers can use "big data analytics" to draw conclusions about the identities of operatives.

"The information that was exfiltrated was valuable in its own right," said Representative Adam B Schiff of California, the top Democrat on the House Intelligence Committee. "It's even more compromising when it is used in combination with other information they may hold. It may take years before we're aware of the full extent of the damage."

The CIA and other agencies with undercover officers would be cautious about immediately withdrawing spies from China because that would raise suspicions among Chinese counterintelligence operatives. A CIA spokesman declined to comment.

The CIA. and other agencies typically post their spies in American embassies, where the officers pose as diplomats working on political affairs, agricultural policy or other issues. The American Embassy in Beijing has long housed one of the largest CIA stations in the world, with intelligence officers gathering information on China's political maneuvering, economic development and military modernisation.

Several current and former officials said that even if the identities of the agency officers were not in the personnel office's database, Chinese intelligence operatives could run searches through the database on everyone granted visas to work at American diplomatic outposts in China. If any of the names are not found in the stolen files, those individuals could be suspected as spies by a process of elimination. The director of the National Security Agency, Adm Michael S Rogers, alluded to that problem Thursday night during an interview at the Aspen Security Forum in Colorado.

"From an intelligence perspective, it gives you great insight potentially used for counterintelligence purposes," Admiral Rogers said. "If I'm interested in trying to identify US persons who may be in my country - and I am trying to figure out why they are there: Are they just tourists? Are they there for some other alternative purpose? - there are interesting insights from the data you take from OPM."

Admiral Rogers suggested another possible motive of the hackers: The data could be used for developing sophisticated "spear phishing" attacks on government officials. In those attacks, victims click on what seem to be innocent emails from known sources, allowing viruses into their computer networks.

©2015 The New York Times News Service