US officials: Jury still out on who hacked OPM

NSA director said China had conducted more cyberattacks against the US than any other country, but hinted Russia was more skillful.

US spy chief James Clapper giving earlier testimony in Congress (Image: C-SPAN/file photo)

US director of national intelligence James Clapper has said the US government has yet to figure out exactly who was behind a devastating attack on its government employee vetting department earlier this year.

larry dignan

OPM data breach's big question: What's fingerprint data worth in future cyber attacks?

Federal agencies and the intelligence community will form a working group to examine how fingerprint data can be used in future attacks.

Read More

Clapper, who spoke while giving testimony at a Senate Armed Services committee hearing on Tuesday, said the attribution for the attack on the Office of Personnel Management was "not simple."

There are "differing degrees of confidence" across the intelligence community as to who is to blame, said Clapper. The spy chief said that the way the government attributes blame is three-fold, including determining the geographic location of the attack, who conducts the attack, as well as the authority who gives the order for the attack.

His comments are the latest in a slew of comments from unnamed officials, speaking to the media in recent months who have pointed the finger of blame at China.

Clapper did not repeat his earlier claim that China is the "leading suspect" in the attack, which he made during the state visit in which Chinese premier Xi Jinping met with the US president in Washington DC.

He added that the OPM data breach was "more an act of espionage" rather than an "attack,"something he admitted the US conducts itself as part of its intelligence gathering capability.

NSA director admiral Michael Rogers did, however, say China was more persistent in terms of volume of cyberattacks against the US, but Russia was more capable.

The Office of Personnel Management, the agency which vets prospective employees to work with classified and secure work with the federal government, suffered at least two massive cyberattacks earlier this year, which led to a data breach on as many as 22.1 million individuals.

Background investigation and vetting "records of current, former, and prospective federal employees and contractors" were taken in the breach. The agency previously said "some information" regarding mental health and financial history provided by applicants and people contacted during background investigations may have been taken. Later reports showed as many as 5.6 million fingerprints were stolen in the breach.

We reached out to the Office of the Director of National Intelligence for comment, but did not immediately hear back.