One of things that makes hacking so unsettling is the asymmetry of the situation: Unlike with a physical theft, the victims sometimes don’t know they’re victims for a long time, and once they find out, it’s hard to tell just how badly they’ve been victimized.
That’s true of the massive data breach revealed Thursday affecting 4 million current and former federal employees. There’s still a great deal that hasn’t been explained about why and how the hack happened, and whose data was compromised. (Angry federal employees took to the Facebook page of the Office of Personnel Management to complain about feeling left in the dark about the attacks.) There are, however, some emerging answers to three key questions: Who did it, why, and how it happened.
Early on, the government fingered Chinese hackers in the leak. Bruce Schneier has written for The Atlantic about the dangers of uncritically accepting initial attributions for attacks. The Chinese government has also rejected the claim, saying that it’s a victim of hacking itself. (That’s probably true—and the U.S. admits that it also hacks foreign governments.) But officials says there are fingerprints of known Chinese hackers. Another they’re pointing at China—rather than, say, Russian organized-crime hackers who have also assaulted American computer systems—is the kind of data taken and what’s been done with it.