US data breach is an intelligence coup for People’s Republic of China
The hacking of millions of U.S. government employees is likely part of an effort by People’s Republic of China (PRC) intelligence for long-term profiling — and possibly more nefarious things.
Security analysts say considerable evidence points to the PRC, and that the cyberintrusion shows the long and patient efforts in Beijing to collect and compile data which may be useful in the future.
“It’s normal for big intelligence agencies to create large biographic databases on their opponents,” said James Lewis, a senior fellow at the Center for Strategic and International Studies, a Washington think tank.
Lewis said that while data on individuals may not seem significant on the surface, analysis of huge amounts of information can provide a strategic advantage.
“They get the same kinds of big data insights that companies use for targeted advertising,” he told AFP.
Reports last week indicated some 4 million current or former government employees were hit, but a union letter said many more — every federal employee, every federal retiree, and up to 1 million former federal employees — could also have had personal data compromised.
These types of cyberattacks are troublesome because they involve stealth access that allows intruders to remain on computer networks for long periods of time, analysts say.
John Dickson, a former Air Force intelligence officer who is now a partner with the security firm Denim Group, said the database contains a trove of important information for a foreign intelligence service, including background checks from people with security clearances.
An analysis of the incident by the Virginia-based security firm ThreatConnect backs the theory that the PRC was behind the breach.
John Schindler, a former National Security Agency officer who is now a consultant, said the data is “the Holy Grail” from an intelligence perspective.
The hack “is unprecedented in its scope, offers our adversaries the opportunity to penetrate our government and use that information to deceive it at a strategic level,” he said in a blog post.
Health Hack Connection?
The attack targeting the U.S. Office of Personnel Management could be connected to other data breaches even though they may not seem similar on the surface, say analysts.
In recent months, breaches affecting tens of millions of Americans have been reported at health insurance firms such as Anthem and CareFirst, members of the Blue Cross Blue Shield Association — which cover many federal government employees.
ThreatConnect said its analysis shows similar software and signatures in both the OPM incident and the health care breaches, suggesting these could be part of the same effort to compile intelligence data.
Anup Ghosh, founder and chief executive of the security firm Invincea, said the incidents suggest a long-term plan “building dossiers on targets of interest.”