The Bullshit Excuses for Not Retaliating for OPM

A handful of anonymous sources have given Ellen Nakashima some bullshit explanations for why the Administration is not retaliating against China for the OPM hack.

Most laughable is that they’re willing to retaliate for “economic” spying but not “political” spying. While also mentioning the Sony example, Nakashima points to the DOJ case against Chinese hackers for eavesdropping on discussions about trade disputes from the steel industry.

As a result, China has so far escaped any major consequence for what U.S. officials have described as one of the most damaging cyber thefts in U.S. government history — an outcome that also appears to reflect an emerging divide in how the United States responds to commercial vs. traditional espionage.

Over the past year and a half, the United States has moved aggressively against foreign governments accused of stealing the corporate secrets of major U.S. firms. Most notably, the Justice Department last year filed criminal charges against five Chinese military officers accused of involvement in alleged hacks of U.S. Steel, Westinghouse and other companies.

Nakashima doesn’t say whether her sources made this connection or she did, but it’s an inapt example. As I pointed out at the time, spying on trade negotiation adversaries is precisely the kind of “commercial” spying we embrace. We do this all the time. DOJ chose to indict on those trade dispute discussions but not on a never-ending list of hacks against more sensitive targets — like the F-35 development team — that fit more comfortably (though still not entirely) in the kind of “economic” spying we fancy others do but we don’t; DOJ probably made that choice because both the target and the evidence was segregable from more sensitive issues (the Chinese government and our clusterfuck of DOD contracting cyberdefense). In other words, it is not (as Nakashima claims uncritically) an example of the split between political and economic spying we claim to adhere to. That indictment is far better understood as us indicting Chinese hackers for something we not only do but also falls into what is considered acceptable spying internationally — that is, us trying to subject the rest of the world to our legal system — but doing so in an area where we won’t have to give any secrets away to prosecute.

The rest of the WaPo story focuses on another nonsensical explanation for not going after China: to avoid revealing sources and methods.

“We have chosen not to make any official assertions about attribution at this point,” said a senior administration official, despite the widely held conviction that Beijing was responsible. The official cited factors including concern that making a public case against China could require exposing details of the United States’ own espionage and cyber capabilities.

Again, this is nonsensical and should not have been repeated uncritically.

The FBI and everyone else has been happy to blame North Korea for the Sony hack. But we’ve gotten no more proof there than we have that China is behind the OPM hack. Rather than exposing sources and methods to prove attribution, the government simply said, “trust us.” There’s no reason they couldn’t do the same here (indeed, that’s what they have been saying in secret). The Sony hack is proof that the government doesn’t feel like it needs to offer proof before it blames another country for a hack.

There are two far more likely reasons we’re not retaliating against China in this case (though the fact that we do this kind of stuff to China all the time — and they could happily point to proof of that to demonize us in response — is one of them).

First, we simply don’t “retaliate” against countries that are big enough to fight back (as Nakashima’s other example, of the Russian hack of State for which we haven’t retaliated, makes clear). It’s one thing to go after a group of hackers from which China can claim some plausible deniability. It’s another to go after China itself.

Finally, Nakashima alludes to what is probably the real reason we’re going to remain quiet about this hack.

The government also is pursuing an array of counter-intelligence measures aimed at guarding against the Chinese government’s ability to use the stolen data to identify federal workers who might be induced to spy for Beijing.

China has much of our intelligence community — and many other easily embarrassed types, including politicians — by the nuts right now. It knows who our spooks are, where they are, what they might know, what their fingerprints are, and what extramarital affairs they’ve admitted to. When someone has you by the nuts like that, it’s usually a good idea to extract your nuts before you start trying to throw punches. It’s going to take a long time for the US to do that.

Which strongly suggests that the more laughable excuses for not retaliating — the claim we’re not blaming China because of sources and methods and some split between economic and political spying that we don’t really follow — serve no other purpose than to avoid admitting how much China does have us by the nuts.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

17 replies
  1. bloopie2 says:

    Were the existence, and general whereabouts (in the ether), and contents of the hacked OBM database(s), widely known, or at least easily knowable to a sophisticated third party who might be on the lookout for such stuff? Or was this a super-secret thing they found?

  2. Saltinwound says:

    The cyber security people I have met say the dirty secret is that everyone has been hacked and compromised. In the case of Sony, even if it was North Korea that released information, that does not mean they were the ones who hacked Sony. They could have more easily bought access from someone who was already in the system–a white hate, a black hat, another country or business. If everyone has been hacked, is there any response that makes sense?

    • P J Evans says:

      None of the responses so far have made any sense to me. They all seem to be about blaming other countries while ignoring our own actions (in the case of us hacking other countries) and inactions (in the case of not securing our own critical/government databases).

      (Why the government thinks that Sony’s data is critical infrastructure still hasn’t been explained in a way that makes sense.)

  3. Rayne says:

    I don’t know why Nakashima insists on being a parrot. There is ZERO daylight between China’s military and business interests, between China’s politics and economics. China’s not a democracy, as much as the US and its corporate overlords would like to think it is.

    Further — and I know I’m a broken record on this point, repeating this for years now — they told us they would employ asymmetric warfare. They literally warned us they would use economic weapons. They told us there was no separation between military and economic targets or weapons.

    The stupid, it burns nuclear-winter white, superacid hot.

  4. bevin says:

    How about:

    “There is ZERO daylight between the USA’s military and business interests, between the USA’s politics and economics. the USA’s not a democracy, as much as the US and its corporate overlords would like to think it is.” ?

  5. earlofhuntingdon says:

    China is not a demon; it is, however, a formidable economic competitor. It has been conducting “economic” and “political” spying for quite some, as has the United States. The Chinese are quite good at it. And they have considerable economic leverage over the US – dollar forex holdings, principal trading partner in goods and services, provider of much of the world’s computer hardware and software, including internet backbone equipment. Had US companies not fallen so much in love with the self-immolating notion of the virtual company, and thus moved much of their manufacturing (and technology and know-how) to China, we would not be so vulnerable. The Chinese are also better at chess than we are, and not so given to playing only the short game. One might even say they invented the long game.

    • Rayne says:

      China is our dance partner. We have a need to sell higher value exports and deter their military potential; they have a need to keep population busy AND satisfy decades of pent-up demand.

      But even a dedicated dance partner can get pissed off and get ugly if their toes get stepped on too often. We do that a lot — in no small part because of US’ fundamentally different government, which operates in 2- and 4-year cycles versus their lifetime appointments.

      What really puzzles me as we continue this awkward, clumsy dance is how many people in US military have read Sun Tzu’s The Art of War, but never really use it — and how many government employees and electeds have never read it at all.

        • Rayne says:

          Which supports the point about US’ inability to see long term. A mere four years earlier a youngster I know who entered military had been assigned The Art of War.

          But military under Clinton a whole other creature than military under Cheney. I mean, Bush.

  6. GKJames says:

    “[W]e simply don’t ‘retaliate’ against countries that are big enough to fight back.” Why should our cyber responses be any different from our military ones?

Comments are closed.