U.S. officials are concerned that the Chinese government could use stolen records of millions of federal workers and contractors to piece together the identities of intelligence officers secretly posted in China over the years.

Share story

WASHINGTON — U.S. officials are concerned the Chinese government could use stolen records of millions of federal workers and contractors to piece together the identities of intelligence officers secretly posted in China over the years.

The potential exposure of the intelligence officers could prevent a large cadre of American spies from ever being posted abroad again, current and former intelligence officials said. It would be a significant setback for intelligence agencies already concerned that a recent data breach at the Office of Personnel Management is a massive windfall for future Chinese espionage efforts.

In the days after the breach of records of millions of federal workers and contractors became public last month, some officials in the Obama administration said that the theft was not as damaging as it might have been because the Chinese hackers did not gain access to the identities of American undercover spies.

The records of the Central Intelligence Agency and some other intelligence agencies, they said, were never part of the personnel office’s databases, and were protected during the breach. Officials said that intelligence agencies were taking steps to try to mitigate the damage, but what they are specifically doing is unclear.

Intelligence and congressional officials say there is great concern that the hackers — who government officials are now reluctant to say publicly were working for the Chinese government — could still use the vast trove of information to identify American spies by a process of elimination.

By combining the stolen data with information they have patiently gathered over time, they said, they can use “big data analytics” to draw conclusions about identities of undercover operatives.

“The information that was exfiltrated was valuable in its own right. It’s even more compromising when it is used in combination with other information they may hold,” said Rep. Adam of California, the top Democrat on the House Intelligence Committee. “It may take years before we’re aware of the full extent of the damage.”

The CIA and other agencies with undercover officers would generally be cautious about immediately withdrawing spies from China, as that would raise suspicions among Chinese counterintelligence operatives. A CIA spokesman declined to comment.

The CIA and other intelligence agencies typically post their spies in U.S. embassies, where the officers pose as diplomats working on political affairs, agricultural policy or other issues.

The U.S. Embassy in Beijing has long housed one of the largest CIA stations in the world, with intelligence officers gathering information on China’s political maneuvering, economic development and military modernization.

Several current and former officials said that even if the identities of the agency officers were not in the personnel office’s database, Chinese intelligence operatives could run searches through the database on everyone granted visas to work at U.S. diplomatic outposts in China. If any of the names are not found in the stolen files, those individuals could be suspected as spies by a process of elimination.

The director of the National Security Agency, Adm. Michael Rogers, alluded to that problem on Thursday night during an interview at the Aspen Security Forum in Colorado.

“From an intelligence perspective, it gives you great insight potentially used for counterintelligence purposes,” Rogers said. “So for example, if I’m interested in trying to identify U.S. persons who may be in my country — and I am trying to figure out why they are there: Are they just tourists? Are they there for some other alternative purpose? — there are interesting insights from the data you take from OPM.”

Rogers suggested another possible motive of the hackers: The data could be used for developing sophisticated “spear phishing” attacks on government officials. In those attacks, the victim clicks on what seems to be an innocent email from a known source, allowing a virus into their computer networks.

Rogers said it was “not perhaps unrelated that in the past nine months I am watching huge spear phishing campaigns targeted at the United States,” though he would not name the countries that are the source of the attacks.

Officials said that it is not yet clear how Chinese officials are using — or might use — the stolen files, which include personal information gathered during background checks of government workers, many who now hold Top Secret clearances.

“As a practical matter, you have to assume that all of the information has been exposed and can be exploited,” said Schiff, who added that it was prudent to plan for “worst-case scenarios.”

Some former officials said they were not overly alarmed that the data breach could do long-term damage to U.S. intelligence collection, saying it was uncertain how many hard conclusions about American spies the Chinese could draw from the millions of personnel files — a mountain of data that could become overwhelming.

“The Chinese have created their own big data problem,” said Rob Knake, a former director of cybersecurity policy issues at the National Security Council and now a senior fellow at the Council on Foreign Relations.

Knake said that the CIA and other intelligence agencies will be able to adapt in the event that secrets were exposed by the data breach. Still, he said, the breach had the potential for “a whole bunch of CIA case officers spending the rest of their careers riding desks.”

Inside the U.S. government there is little debate that China was the source of the attack on the Office of Personnel Management, which unfolded over at least 18 months. Last month the director of national intelligence, James Clapper, said that “you’ve got to salute the Chinese for what they did,” before retreating a bit to say China was the “leading suspect” in the case.