22 million Americans' most compromising data (from fingerprints to criminal records to identities of family and lovers) was breached in the Office of Personnel Management hack, presumably by hackers working for the Chinese government.
The personal information of every American who's ever applied for security clearance is now in the hands of the Chinese espionage apparatus. In the wake of the breach, the CIA pulled its officers from the Beijing office, though it's not clear if there's anyone who they could replace them with who wouldn't be just as vulnerable.
American intelligence officials have told Congress that the US shouldn't retaliate, hinting that America has executed equally egregious attacks against China, and that a tit-for-tat would reveal more dirty laundry.
Director of National Intelligence James R. Clapper Jr., testifying before the Senate Armed Services Committee, sought to make a distinction between the OPM hacks and cybertheft of U.S. companies' secrets to benefit another country's industry. What happened in OPM case, "as egregious as it was," Clapper said, was not an attack: "Rather, it would be a form of theft or espionage."
And, he said, "We, too, practice cyberespionage and . . . we're not bad at it." He suggested that the United States would not be wise to seek to punish another country for something its own intelligence services do. "I think it's a good idea to at least think about the old saw about people who live in glass houses shouldn't throw rocks."
That drew a sharp response from Sen. John McCain (R-Ariz.), the committee's chairman. "So it's okay for them to steal our secrets that are most important because we live in a glass house? That is astounding."
Clapper protested that he did not say it was a good thing. "I'm just saying that both nations engage in this," he said, referring to China and the United States.
CIA pulled officers from Beijing after breach of federal personnel records
[Ellen Nakashima and Adam Goldman/Washington Post]