It feels like China is always behind big hacks. It’s not really true: North Korea hacked Sony, and Russia broke into the State Department’s unclassified networks. But if you can’t shake the idea that it’s always China, you might actually be on to something that the U.S. government didn’t realize until now.
In a report on Sunday, Bloomberg outlined evidence that Chinese state-sponsored hacks targeting the United States over the last few years have been part of an overarching plan to develop a database of Americans and collect information on key people. “China is building the Facebook of human intelligence capabilities,” Adam Meyers, the vice president of intelligence for cybersecurity firm CrowdStrike, told Bloomberg.
The Office of Personnel Management hacks, which were finally clarified last week and compromised personal data for at least 22 million Americans if not many more, are widely said to have been caused by China, though the White House has not confirmed this accusation. The hack of insurance company Anthem has also been connected to China.
Jordan Berry, an analyst at cybersecurity analysis firm FireEye told Bloomberg, “There was a clear and apparent shift” on China’s part toward large-scale bulk collection of its international espionage data. A cyber and intelligence expert on China told the Washington Post something similar in June. He said that in the past year and a half, China has expanded its capacity “for bigger data storage, for bigger data theft.” The Post’s headline was, “With a series of major hacks, China builds a database on Americans.”
Bloomberg paraphrased a source “familiar with the government assessment of what went wrong.” He or she indicated that “U.S. intelligence agencies were collecting information on the theft of personal data but failed to understand the scope and potential damage from the aggressive Chinese operation.”
Paul Kurtz, the CEO of TruSTAR Technology and a former White House cybersecurity advisor, told SCMagazine on Monday, “We will not fully understand the ripple effects [of the OPM hack] for a long period of time, if ever.”
Meanwhile China still denies conducting cyberespionage. Hong Lei, the spokesman for the Chinese Foreign Minister said in June, “We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation.” It seems that the U.S. has had the opposite problem and was in fact too trusting and naive.