Jul 3, 2018

How a loan scammer clouded the OPM breach's China link

The House Oversight hearings on OPM in 2015. Photo: Mark Wilson/Getty Images

Last month, Maryland resident Kavira Cross pleaded guilty to applying for fraudulent loans using personal information stolen in the 2015 U.S. Office of Personnel Management breach. The plea immediately raised some uncomfortable questions about the OPM breach, in which 21 million Americans' personal information was stolen.

The big picture: The U.S. attributed the breach to a Chinese intelligence operation. But surely China would not have orchestrated an attack on a federal agency just to help an American woman defraud a credit union? Here's where it's important not to jump to conclusions.

Why it matters: It's hard to look at the Cross plea without wondering about the attribution. "All prior public information was that this data breach was caused by Chinese hackers,” Sen. Mark Warner (D-Va.) wrote in a July 21 letter to the Justice Department. “Yet, according to the DOJ, this information is now in the hands of U.S. residents for illicit use, and may have been as early as 2015."

The U.S. has even arrested a Chinese national last year in the case. If Cross, rather than China, had hacked OPM — again, please don't jump to this conclusion — the U.S. would pay a big price in lost credibility. But experts say there are other explanations in play.

The background: Some of this confusion is of the Department of Justice's making.

  • The original June 18 DOJ press release about the Cross case said she had "participat[ed] in a scheme to use the stolen information of victims of the [OPM breach]." It read to many like the scheme involved either stealing or purchasing stolen OPM records.
  • Three days later, after confusion began to mount, the DOJ scrubbed the press release of any mention of OPM. But a note explain the change didn't answer many of the fundamental questions: "Numerous victims of the [Langley Federal Credit Union] identity theft fraud also identified themselves to DOJ as victims of the OPM Data Breach. The Government continues to investigate the ultimate source of the [personal information] used by the defendants and how this [personal information] was obtained. "

Be smart: "The story is weird, and we don’t know the provenance of the data," cautioned Toni Gidwani, director of research operations at ThreatConnect. "We’re in a space where there are multiple, plausible explanations for how she got the data."

  • Criminals tend to use current events as lures in phishing attacks designed to get people to give up personal information. In fact, in 2015, the Department of Homeland Security's U.S. Computer Emergency Readiness Team warned about phishing attacks related to the OPM theft.
  • OPM, as its name implies, stores data on federal employees and those who applied for federal jobs. Any stolen data set rich in names of current and former federal employees — even, say, a list of Northern Virginia residents — might have significant overlaps with the OPM breach data.
  • It's way too early to question the China attribution, said Gidwani and other experts.

Go deeper

Inside Trump's antifa tweet

President Trump at Cape Canaveral on May 30. Photo: Paul Hennessy/SOPA Images/LightRocket via Getty Images

As recently as Saturday night, senior administration officials told me that the designation of a violent cohort of far-left activists, antifa, as a terrorist organization was not being seriously discussed at the White House. But that was Saturday.

Behind the scenes: The situation changed dramatically a few hours later, after prominent conservative allies of the president, such as his friend media commentator Dan Bongino, publicly urged a tough response against people associated with antifa (short for "anti-fascist").

U.S. enters 6th day of nationwide protests over George Floyd's killing

A protest in Philadelphia on May 31. Photo: Mark Makela/Getty Images

Protests continued across the country for the sixth day in a row on Sunday, as demonstrators called for justice in response to the deaths of George Floyd, EMT Breonna Taylor, jogger Ahmaud Arbery and countless other black Americans who have suffered at the hands of racism and police brutality.

What's happening: Protestors in D.C. broke one police barricade outside the White House on Sunday evening after reportedly demonstrating for several hours. The atmosphere was still largely peaceful as of 6pm ET.

Trump privately scolded, warned by allies

Illustration: Aïda Amer/Axios. Photo: Win McNamee/Getty Images

Over the past couple of days, numerous advisers both inside and outside the White House have urged the president to tone down his violent rhetoric, which many worry could escalate racial tensions and hurt him politically.

Behind the scenes: The biggest source of internal concern was Trump's escalatory tweet, "when the looting starts, the shooting starts." Some advisers said it could damage him severely with independent voters and suburban women.