Chinese intrusions in American systems are continuing unabated, according to the head of U.S. counterintelligence.
National Counterintelligence Executive William Evanina said on Wednesday there is “no indication … that anything has changed” in terms of Chinese hackers targeting the American private sector, according to a report in Reuters.
Evanina said targets include technology for producing glass insulation, magnetic resonance imaging (MRI), drone aircraft, wind and solar power generation, hydraulic fracking and oil fracking.
However, in spite of the volume of activity, the U.S. is not prepared to attribute responsibility to the Chinese government. As part of a bilateral September agreement that the countries would work to end commercial hacking, Chinese officials will come to Washington, D.C., on Dec. 1-2 to discuss progress that has been made.
In an interview with the Washington Examiner, Evanina said that nearly all attacks are the result of spear phishing, which an email designed to trick users into giving up personal information. “We’ve looked at all of these intrusions and exploitation of personally identifiable information over the years, both government and private sector, and just about 90 percent of them either started with or were enhanced by a spear phishing success,” he said.
“Our foreign adversaries and hackers who are looking to obtain our information do not have to be very sophisticated. They just need to be successful with some spear phishing attacks. And we have an inability as Americans to think twice before we click a link… We hear this all the time,” Evanina added.
The Office of Personnel Management, which was breached in an attack traced to China that resulted in the theft of personnel files on more than 21 million individuals who have applied for security clearances from the U.S. government, represents a particularly lucrative trove of personal information that can be be used to leverage access to victims’ online accounts.
Intelligence officials say they have not seen any indication that the information has been used. However, Evanina’s National Counterintelligence Security Center is in the middle of a four-month campaign to bring awareness to the possibility that attacks could come. “It’s a comprehensive suite of videos and literature that we’ve pushed out around the country and overseas to every single military person, former contractors, family members,” he told the Examiner.
“We’re trying to reach the broadest audience to say listen, not only is this counterintelligence threat real today, but it’s enduring. It’s going to be around for years, and the most common threats that we can mitigate are spear phishing and social networking,” Evanina said.
