An undisclosed number of CIA officers have been pulled from China in the wake of massive cybertheft earlier this year that exposed the personal data of more than 21 million U.S. government workers, The Washington Post reported, citing current and former U.S. officials.
As a precautionary measure, the Central Intelligence Agency removed the agents from the U.S. embassy in Beijing, said the officials, who spoke with the Post on condition of anonymity.
The CIA declined to comment.
Data breaches
The move comes after the announcement earlier this year of two massive data breaches at the U.S. Office of Personnel Management that exposed personnel records of 21.5 million current and former U.S. federal employees.
OPM said the information included security-clearance background checks as well as 5.6 million fingerprint records.
U.S. officials suspect the data was stolen in an attempt to identify U.S. spies, who could then be recruited or coerced into providing sensitive information.
The newspaper quoted Director of National Intelligence James Clapper saying the OPM breach posed significant risks to U.S. intelligence-gathering.
Clapper said that the intelligence agencies do not know specifically whose records were taken, but the scale of the compromise “has very serious implications … from the standpoint of the intelligence community and the potential for identifying people” who may be undercover.
U.S. officials have linked the OPM breach to China, but have not said publicly whether they believe its government was responsible.
China Ministry of Foreign Affairs spokesman Hong Lei often has denied that Beijing is involved in hacking and said the country itself is often the victim of such attacks.
"The Chinese government firmly opposes any forms of hacking," Hong told news channel CNN Wednesday.
Senate hearing
The newspaper report appeared shortly after Clapper and other senior intelligence and defense officials testified Tuesday before the Senate Armed Services Committee.
The Post said the officials were being asked to explain to frustrated lawmakers the U.S. policy on deterring foreign governments, such as China, from carrying out cyberattacks.
Clapper was trying to make the distinction between the OPM hacks and cybertheft of U.S. companies’ secrets to benefit another country’s industry, the Post reported.
He said that what happened in OPM case, “as egregious as it was,” was not an attack. “Rather, it would be a form of theft or espionage.”
“We, too, practice cyber-espionage and in a public forum, I'm not going to say how successful we are, but we're not bad,” Clapper said. “I think it's a good idea to at least think about the old saw about people in glass houses should not throw rocks.”
Clapper’s comment drew a sharp response from Committee Chairman John McCain: “So it’s okay for them to steal our secrets that are most important because we live in a glass house? That is astounding.”
Recent cyber agreement
The testimony came as part of a broader hearing, with the defense and intelligence officials being questioned about a recent U.S.-China cyber agreement meant to slow a growing torrent of cyberattacks on U.S. computer networks.
McCain asked Clapper if he was optimistic that the agreement would result in the elimination of such attacks from China.
Clapper replied: “No.”
The agreement was not supposed to eliminate all cyberattacks, only state-sponsored ones that target businesses.
Some material for this report came from Reuters and AP.