The CIA pulled a number of its officers out of the U.S. Embassy in Beijing following the hack of the Office of Personnel Management (OPM), The Washington Post reports.
Officials said the Chinese could have compared background check information from the stolen OPM data with embassy personnel lists. A name that didn’t appear on the embassy list could be outed as an officer.
Despite pressure from lawmakers, the White House has declined to put any public blame on China for the theft, although officials have privately indicated that Beijing was behind it.
Intelligence officials and others have characterized the OPM breach as traditional political espionage, something the U.S. also does.
The disclosure came just hours after senior intelligence and defense officials tried — and mostly failed — to explain to frustrated lawmakers why the U.S. hasn’t hit China back over the leaks.
“Why wouldn’t we take hard actions against them?” asked Sen. Joe ManchinJoe ManchinPicking 2018 candidates pits McConnell vs. GOP groups Manchin: Trump should make his clothes in West Virginia Sanders supporter to run against red-state Democrat MORE (D-W.Va.), referencing reports that Chinese hackers have stolen technology from U.S. defense contractors. “I just don’t understand why we wouldn’t retaliate, from a financial standpoint.”
On the 2016 trail, candidates have started to stake out positions on cybersecurity that call for retaliation. Jeb Bush recently unveiled a formal policy plan in which he called the Obama administration’s response to intrusions “feeble.”
Earlier this week, Ohio Gov. John Kasich, a Republican presidential candidate, also called for a more offensive national approach.
“People have to know that if you are going to mess with us, that not only are we in a position to defend ourselves but also to come back at them,” Kasich said during a weekend national security forum at Morningside College in Sioux City, Iowa.
Director of National Intelligence James Clapper on Tuesday tried to draw a distinction between traditional espionage, such as the OPM hack, and stealing trade secrets from private companies, which the U.S. does not do.
“I think it’s a good idea to think about the old saying about people that live in glass houses shouldn't throw rocks,” Clapper told the Senate Armed Services Committee, noting the U.S. itself “is not bad” at cyberespionage.
Revisiting a message that he delivered to a House Intelligence hearing earlier in the month, Clapper insisted the hack on OPM was not an “attack” because it was a passive form of intelligence-gathering.
His call for caution did not go over well with members.
“So it’s OK for them to steal our secrets that are most important, because we live in a glass house?” Sen. John McCainJohn McCainFive fights for Trump’s first year Trump wall faces skepticism on border No Congress members along Mexico border support funding Trump's wall MORE (R-Ariz.) asked. “That is astounding.”
Others have suggested that the responsibility for incident lies with the U.S. for effectively “leaving the barn door open” by failing to adequately protect the OPM’s digital defenses.
Watchdog reports show the agency repeatedly failed to heed its inspector general’s warnings, even refusing to shut down several of its weakest computer systems as recommended.
Lawmakers have put consistent pressure on the White House to respond to the hack in more tangible ways.
“What we’re seeing with these repeated hacks and repeated intrusions is that building your defense is not enough in and of itself,” Rep. Adam SchiffAdam SchiffDems knock Trump on Earth Day Five questions for the House's new Russia investigator Schiff: Trump breaking Iran deal ‘a grave mistake’ MORE (D-Calif.), the top Democrat on the House Intelligence Committee, told reporters shortly after the hacks were first revealed. “There also has to be a deterrent.”
On Friday, the U.S. and Beijing inked a deal agreeing to neither conduct nor support corporate espionage. The so-called “common understanding” is being widely criticized as unenforceable.