China says US OPM breach 'criminal', not state-funded attack

At the first bilateral ministerial dialogue, China points to cybercriminals--not its government--as the culprits behind the cyberattack on US Office of Personnel Management earlier this year.

The Chinese government has pointed to cybercriminals to be the ones responsible for the data theft involving the US Office of Personnel Management (OPM), dismissing its involvement in the breach.

Citing an "investigation", Chinese officials said the cyberattack turned out to be "a criminal case" rather than a state-sponsored assault as the US government had suspected, reported state-run media outlet Xinhua News Agency. No further details were provided regarding the investigation or whether the US or Chinese government had conducted the investigation.

The revelation apparently came out of the first China-US ministerial talks on combating cybercrimes held Tuesday at the US Justice Department in Washington, where government officials from both nations discussed "a number of cases" for future collaboration on cybersecurity.

The dialogue was co-chaired by China's State Councilor and Minister of Public Security Guo Shengkun and US Attorney-General Loretta Lynch as well as Secretary of Homeland Security Jeh Johnson. The discussion was the result of a meeting between Chinese President Xi Jinping and US President Barack Obama in September 2015, when both heads of states agreed to cooperate and abide by "norms" of cyber behaviour.

At the high-level meeting this week, Xinhua reported that the two sides reached "consensus on fighting cyberterrorism" as well as on initiatives aimed at strengthening their capabilities in battling cybercrimes. These would include the introduction of a hotline.

The two security attacks on OPM, responsible for vetting government employees for security clearance, resulted in the theft of records belonging to more than 22.1 million individuals, including social security numbers.

Only recently in September, US director of national intelligence James Clapper said his government had yet to figure out exactly who was behind the cyberattack, pointing to ""differing degrees of confidence" regarding the actual identity of the hackers. Various unnamed US government officials had previously blamed China for the attack, though, the Obama administration did not publicly point the finger at the Chinese government.

At the ministerial dialogue, Guo said both countries should aim to establish consensus and guidelines outlined by Xi and Oabama. He added that China would work with the US to establish cyber law enforcement mechanisms based on the "principles of law-abiding, reciprocity, honest, and pragmatism".

On their part, US officials urged for more information sharing, though, White House spokesperson told Reutershe would not comment on the results of the first U.S.-Chinese dialogue. He did say, however, that it was "an important step" in addressing US concerns about Chinese cyber espionage.

Both countries would meet again in Beijing next June for the second cybersecurity ministerial talk.