U.S. investigators say the Chinese government is behind a data breach that stole the personnel records of 4 million federal workers.
Considering what was stolen from the Office of Personnel Management -- details about who has access to the nation's secrets -- experts say the Chinese may be trying to improve how they spy on our government.
The U.S. Navy's former top cybersecurity commander, retired Captain Mike Walls, expects Chinese spies will use the information to better target specific American employees.
"This is an intelligence play which will inform the Chinese as they conduct future cyberattacks," he said.
Jason Polancich, an ex-intelligence analyst for the U.S. government, said hackers are likely "collecting intelligence on employees, their roles, projects they work on, access levels" and more to exploit them. China could try to turn them into spies with bribes or blackmail.
Personnel records aren't the typical stolen goods hackers go after. Credit cards can be sold on the black market. Health records are a goldmine for identity thieves.
"The data gathered lends itself much more toward foreign intelligence gathering versus, say, the collection of credit card numbers or Social Security numbers which can be directly leveraged for monetary gain," said Jesse McKenna, an executive at cybersecurity firm vArmour.
Plus, several cybersecurity firms say they haven't yet seen this stolen data set sold on the black market -- the usual route for criminal hackers looking to make a quick buck.
"If the data does not end up on underground sites for cybercriminals to purchase -- and it has not yet, even though the breach occurred in December -- then it is likely not being used for cybercrime," said Anup Ghosh, founder of malware-detection firm Invincea.
China has been accused of hacking in the past.
For example, hackers broke into Lockheed Martin's computers and stole plans for the F-35 fighter jet between 2007 and 2009. The new Chinese FC-31 fighter jet looks eerily similar to the American F-35.
However, a recognized scholar on Chinese foreign policy, Columbia University associate professor Elizabeth Wishnick, noted that the U.S. government hasn't presented any firm evidence, and this attack comes at an odd time.
"It would be odd timing for the Chinese government to perpetrate this type of attack right before the U.S.-China Strategic and Economic Dialogue which will be held later this month, since U.S. officials would be likely to raise cybersecurity issues there," she said.
But besides political skepticism, no evidence of Chinese involvement in the hack has been made public by U.S. authorities.
"It is too early to tell what the motivation would be for an attack like this. Anybody who says they know 100% is flat out lying," said Armond Caglar, a hacking expert at TSC Advantage.
But on Friday, cybersecurity firm ThreatConnect linked the recent hack of insurance giant Anthem, which China is accused of perpetrating, to this latest breach of the U.S. government.
The malware used to hack Anthem and OPM pointed to a specific IP address, a computer server connected to the Internet that hosted the Web domain OPMlearning.org. That address is in no way associated with the actual government agency. Employees at the government agency were tricked into infecting their network by opening legitimate-looking emails ending in @OPMlearning.org and @OPMsecurity.org.
In both cases, the hackers launched their attack from a server registered by them using false names. And the names they used? Tony Stark. Steve Rogers. Natasha Romanoff. James Rhodes.
America just got hacked by Captain America and the Avengers.