Data on Federal Workers a Priority for Chinese Hackers: Experts

by Robert Windrem /

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Cyber experts and U.S. government officials say that suspected Chinese involvement in the breach of Office of Personnel Management data should not be a surprise, as that country's intelligence policy has long targeted mass databases for attack and later exploitation.

"U.S. officials and cyber experts have long believed China has been building a database of U.S. government employees,” said Scott Borg, president of U.S. Cyber Consequences Unit, which does cyber protection for public and private clients.

Both the nature of past intrusions linked to Chinese actors and acknowledgments in internal Chinese publications make this priority clear, Borg said.

The OPM has revealed that data for as many as four million current and former government workers may have been compromised. Officials told NBC News the breach could be the biggest cyberattack in the nation's history, potentially affecting every agency of the U.S. government.

Unnamed U.S. officials have also identified China as the culprit, a charge Chinese officials have vehemently denied. However, State Department spokeswoman Marie Harf stressed at a briefing on Friday that the U.S. government has made no definite attribution as to who was behind the attack.

Borg however believes it's "more than likely" Chinese hackers are involved in the breach, mainly because of the mass of data being targeted.

Amit Yoran, president of RSA, a network security company, says indeed there is evidence of the Chinese interest.

Read More: Can the Government Protect Itself From Hackers?

"That is consistent with English translation of Chinese intelligence documents," said Yoran, who served as director of the Cyber Security Division at the Department of Homeland Security in 2003 and 2004. "The targeting of mass databases is a Chinese priority."

Medical and insurance records have been compromised in recent high-profile attacks on private health-care and insurance companies like Premera and Anthem. There have been reports that these breaches also may have been perpetrated by hackers originating in China. On Friday, cybersecurity firm iSIGHT claimed to have linked those healthcare breaches to the hackers who targeted OPM.

Although some in the U.S. government have been mystified by why the Chinese would want to develop databases on American federal employees, Yoran said the possibilities are endless.

"It's of tremendous value," said Yoran, a former U.S. Army officer. "Effectively a large database can give you a roadmap that can help you target who has access to the information that you’re going after, things like who works where, at what level."

One U.S. official familiar with the Chinese strategy for gathering digital information described it as a “mass-volume approach, vacuuming up as much as they can.”

And considering that both military and possibly intelligence personnel data has been breached and accessed, according to Congressional sources, there are more than subtle national security issues.

Read More: Russia Hacked White House Last Year, U.S. Officials Say

"There's tremendous exposure with military records, specifically mapping who is where, who has access to weapons systems or programs, where they are ... OPM data is extremely sensitive if used and leveraged by both state and criminal elements."

Yoran did say that he's not certain if employees' security clearances -- and particularly those employees with high security clearances -- have been accessed. An OPM letter to Congressional staffers on Friday said that the agency knew what types of data were exposed, but not what specific data the hackers might have taken.

“Historically, these type of systems have not been online from Internet accessible networks,” Yoran said.

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.