The Chinese government is developing detailed profiles of U.S. workers and private citizens as part of a long-term strategic espionage campaign that might include blackmailing key government officials, said the chairman of the House Homeland Security Committee.
The theft of data on as many as four million government workers disclosed last week was done by the same Chinese hackers who stole tens of millions of health-care records in recent attacks on Anthem Inc. and Premera Blue Cross, said Representative Michael McCaul, a Texas Republican.
“It’s a huge intelligence collection operation,” McCaul said in a phone interview Monday. “The fact that they’re able to do this now and sweep it up shows that China is becoming more sophisticated.”
U.S. intelligence and law enforcement officials haven’t publicly confirmed the source of the attacks, though McCaul said he has been briefed on the investigation.
Asked about McCaul’s comments, Zhu Haiquan, a spokesman for the Chinese Embassy in Washington, said “none of the rhetoric is based on facts.”
“Jumping to conclusion and making hypothetical accusation is meaningless and counterproductive,” he said in an e-mail. “Cyber attack is a global threat which could only be addressed by international cooperation based on mutual trust and mutual respect. We hope the U.S. side can play a responsible and constructive role in this regard.”
The latest attack on the Office of Personnel Management, which was disclosed June 4 and likely is one of the largest breaches of government personnel data, has rattled current and former U.S. officials and renewed calls for Congress to pass cybersecurity legislation that has languished for nearly five years.
“This problem is not going to go away,” President Barack Obama said at a news conference Monday at the Group of Seven summit in Germany. “We have known for a long time that there are significant vulnerabilities, and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector.”
Obama declined to say who was behind the OPM attack, which exposed data of current and former federal employees. The agency began notifying affected personnel Monday.
McCaul said health-care, financial and work-related data collected by the Chinese government can be used in targeted intelligence operations to further penetrate vital U.S. networks or blackmail officials. China, for example, may be gathering data on lower-level government employees with the intention of trying to compromise them when they become more important, McCaul said.
“They can manipulate and exploit this data for a variety of things, including compromising individuals, recruiting individuals, looking at their financial status and who they are associated with,” he said.
McCaul said he plans to hold a hearing on the OPM attack and broader trends.
“This could be of proportions that we’ve never seen before,” he said. “This is too big of a breach. We need to conduct the oversight.”