CHINA: Allegations ‘irresponsible and unscientific,’ country spokesman says
seeking or renewing security clearances and on their background investigations.
Once harvested, the data can be useful to glean details about key government personnel and potential spy recruits, or for counterintelligence. Records in OPM’s database of background investigations, for instance, could contain a complete history of where an individual has lived, and all of his or her foreign contacts in, say, China.
“So now the Chinese counterintelligence authorities know which American officials are meeting with which Chinese,” a China cyber and intelligence expert said.
The data could help Chinese analysts do more effective targeting of individuals, a former National Security Agency official said. “They can find specific individuals they want to go after, family members,” he said.
The trend has emerged and accelerated over the last 12 to 18 months, the official said. The Chinese increase in capability has opened the way “for bigger data storage, for bigger data theft,” he said. “And when you can gain it in bulk, you take it in bulk.”
The Chinese government, he said, is making use of Chinese companies that specialize in aggregating large sets of data “to help them in sifting through” the information for useful details.
“The analogy would be one of our intelligence organizations using Google, Yahoo, Accenture to aggregate data that we collected,” he said.
China on Friday dismissed the allegation of hacking as “irresponsible and unscientific.” Chinese Foreign Ministry spokesman Hong Lei said Beijing wanted to cooperate with other nations to build a peaceful and secure cyberspace.
“We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation,” he told a regular news briefing,
The Office of Personnel Management disclosed that the latest hack of one of its systems exposed personal data of up to 4 million current and former employees — the largest hack of federal employee data in recent years.
U.S. officials privately said China was behind it. The stolen information included Social Security numbers and performance evaluations.
“This is an intelligence operation designed to help the Chinese government,” said the China expert. “It’s a new phase in an evolution of what they’re doing. It certainly requires greater sophistication on their part in terms of being able to take out this much data.”
Barger’s firm has also turned up technical evidence that the same Chinese group is behind the hacks of Premera Blue Cross and Empire BlueCross, which all were discovered at roughly the same time earlier this year.
The first OPM incident has been linked to the health care hacks by Barger and another security researcher, John Hultquist, senior manager for cyberespionage threat intelligence at iSight Partners. Hultquist said the same group is responsible for all of them, as well as other intrusions into commercial databases containing large sets of Americans’ personal information.
“They would leverage this data to get to diplomatic, political, military and economic intelligence that they typically target,” said Hultquist, declining to comment on who was behind the attacks.
Though much Chinese cyberespionage is attributed to the People’s Liberation Army, these hacks, Barger said, appear to be linked to the Ministry of State Security, which is a spy agency responsible for foreign espionage and domestic counterintelligence.
Other Chinese units, including the military, may also be involved in the campaign, analysts say.
Chinese government hackers “are like a vacuum cleaner” in sucking up information electronically, said Robert “Bear” Bryant, a former top counterespionage official in the government. “They’re becoming much more sophisticated in tying it all together. And they’re trying to harm us.”
Researchers note that in contrast to the hacks of Home Depot and Target, personal data that might have been stolen from OPM, Anthem and the other companies have not shown up on the black market, where it can be sold to identity thieves. That is another sign, they said, that it is not being targeted for commercial purposes.