China has arrested hackers that it claims were connected to the breach of the Office of Personnel Management (OPM) and the exposure of the records of millions of current and former federal employees. China's official Xinhua news agency disclaimed Chinese responsibility for the attack again on Wednesday [reuters.com].
The Washington Post previously reported that China arrested hackers in October for targeting U.S. firms to steal commercial secrets [washingtonpost.com]. This was portrayed as a conciliatory gesture amid joint cybersecurity discussions and ahead of a state visit to the U.S. by President Xi Jinping. Instead of corporate espionage, those yet-to-be-identified hackers have now been blamed for the OPM breach [washingtonpost.com]:
The Chinese government recently arrested a handful of hackers it says were connected to the breach of Office of Personnel Management's database this year, a mammoth break-in that exposed the records of more than 22 million current and former federal employees.
The arrests took place shortly before a state visit in September by President Xi Jinping, and U.S. officials say they appear to have been carried out in an effort to lessen tensions with Washington. The identities of the suspects — and whether they have any connection to the Chinese government — remain unclear.
[...] If the individuals detained were indeed the hackers, the arrests would mark the first measure of accountability for what has been characterized as one of the most devastating breaches of U.S. government data in history. But officials said it has been difficult to confirm whether the people rounded up were connected to the OPM breach. "We don't know that if the arrests the Chinese purported to have made are the guilty parties," said one U.S. official who — like others interviewed — spoke on the condition of anonymity because of the subject's sensitivity. "There is a history [in China] of people being arrested for things they didn't do or other 'crimes against the state.'"
Since the intrusions were disclosed in June, U.S. government officials have said they suspected the involvement of the Chinese government, in particular the civilian Ministry of State Security. Some officials say the hackers may have been MSS contractors, possibly acting on their own but aware the agency would be interested in the data.
Chinese officials have characterized the arrests as a criminal matter, rather than state-sponsored, and told their American counterparts that the individuals will be prosecuted, said U.S. officials, who spoke on the condition of anonymity.
[...] The Washington Post previously reported that the arrests were linked to thefts of data from U.S. companies to be sold or passed to Chinese state-run firms. Rather, they were linked to the OPM breach.