TOKYO -- Beijing has for the first time acknowledged that Chinese hackers were behind a cyberattack carried out against a U.S. government agency.
The admission -- which follows years of China denying any connection to cyber espionage -- came at a meeting between top Chinese and American national security officials in Washington D.C.
U.S. Secretary of Homeland Security Jeh Johnson and Attorney General Loretta Lynch met with their Chinese counterparts, including China's Public Security Minister Guo Shengkun, for the first U.S.-China ministerial talks on fighting cybercrime in Washington on Dec. 1-2.
The Chinese officials maintained, however, that their government is not involved in cyber espionage activity.
The U.S. government has been fuming over an attack on the U.S. Office of Personnel Management in which its computer system was hacked into and the personal information of more than 21.5 million people stolen. The attack came to light in June, and Washington has suspected China's involvement from the beginning.
The hackers stole records relating to federal employees' health, family and household situations, as well as the personal information of foreign individuals in close contact with the U.S. government, according to U.S. media reports. The fingerprints of 5 million people were also stolen, The New York Times said.
It is one of the most serious cyberattacks in U.S. history. Such a large-scale breach of personal data by foreign hackers not only compromises government employees, the leaked data could also be used to reveal the identities of U.S. spies, potentially putting their lives at risk.
U.S. media reports on China's involvement were based on accounts of government officials speaking on condition of anonymity. Initially, Beijing categorically denied such allegations.
Then came the about-face. "Through investigation, the case turned out to be a criminal case," Chinese state-run news agency Xinhua said in an English-language article dated Dec. 2. The Chinese officials told their U.S. counterparts as much at the meeting, according to the article.
But they denied again that it was a state-sponsored cyberattack against the U.S., according to Xinhua. How the hackers broke into the computer system and stole the data and where that data is now being stored remain unclear.
U.S. government officials and security experts continue to believe the attack had government backing. In their view, it would be all but impossible for private hackers to breach the tightly protected computer system of the OPM and steal such a large volume of data.
"Even if the Chinese government did not launch the attack itself, it may have ordered a group of hackers to steal the information," said a Japanese expert who is familiar with the state of cybersecurity in the U.S. and China.
The U.S. government is apparently continuing its investigation into Beijing's possible involvement. China, meanwhile, is eager to chalk the incident up as a case of criminal activity by individual hackers.
Nevertheless, Beijing's acknowledgement represents an important turning point, as the Chinese government will now be required to take at least minimal measures to respond to hacking activity originating from within its borders.
According to The Washington Post, Chinese authorities have already arrested a handful of hackers believed to be connected to the attack and have informed the U.S. government about the arrests.
The U.S. will likely demand that China share any information obtained from suspect interrogations and may even ask that custody of the suspects be transferred to the U.S. The chances of Beijing complying with such demands are exceedingly slim.
So why did the Chinese government own up to the involvement of Chinese hackers? According to U.S. and Chinese sources, the U.S. Justice Department had obtained information that pointed irrefutably to Chinese involvement in the attacks and pressed the Chinese government with it just before President Xi Jinping's state visit to the U.S. in late September. Behind-the-scenes negotiations likely ensued.
Japan, a key U.S. ally, cannot afford to sit on the sidelines as Washington and Beijing wrestle over the issue of cybersecurity. Indeed, experts warn that Japan may be under a graver threat than the U.S.
"The U.S. has been able to detect cyber espionage activities, allowing them to successfully expose such problems," said a Japanese government official in charge of cybersecurity policy. "Japan could suffer a serious security breach without even realizing it had been attacked."