China is pioneering the craft of state-backed theft of personally identifiable information, and it’s likely that China is using it to build a massive database on Americans, according to a new report.
“The theft of large amounts of PII by China-based targeted intrusion adversaries is anomalous to their typical tactics, techniques and procedures,” cybersecurity firm CrowdStrike said in its Global Threat Report released this week. “These actors are generally interested in sensitive information of a more strategic nature such as intellectual property, information related to business operations or sensitive government documents.”
“While the official response to most of these breaches has been to offer a period of identity theft protection and credit monitoring to each affected individual, it is unlikely that concerted efforts to compromise multiple networks within the same sector would be undertaken for the purpose of fraud,” the report adds. That’s a reference to the data breach at the Office of Personnel Management, which offered credit monitoring services to the 22.1 million people whose data was stolen, an act now assumed to be perpetrated by China.
Healthcare providers Anthem, Premera and CareFirst in 2015 also resulted in the theft of information on more than 50 million people.
In spite of that massive data loss to hackers linked to China, none of the information has been actively used to date. Criminal hackers would typically use it for identity theft, or sell it on the dark web for others to use.
“At this time, it is difficult to know exactly how this voluminous amount of information might be leveraged in the future,” CrowdStrike wrote. It said one possible scenario “is that these attacks are being used to build out profiles on individuals to support future operations.”
“Knowledge acquired during these operations could be used to create more individualized, and therefore more effective, spear phishing campaigns or also in more traditional, real-world espionage activity. Data contained in the [OPM] documentation would be particularly useful to traditional HUMINT operations as it contains details of a very personal nature about current and former government employees, as well as private sector employees working on government contracts,” the report adds. HUMINT is an abbreviation for human intelligence.
CrowdStrike suggests that China may also be using the information to build a dataset that includes detailed profiles on millions of people. “Such a project would require the theft of PII from multiple organizations such as those observed in this campaign,” it said.
If that is the case, the report predicted, breaches aimed at stealing massive troves of PII will continue, and potential targets should prepare for them.
“While there is currently no indication that PII theft is going to be a continuous trend, organizations across all sectors — but particularly those that possess PII on government employees or other individuals that may be of counterintelligence value — should remain alert to the possibility of similar activity going into 2016.”
CrowdStrike, a cybersecurity firm based in California, regularly tracks and analyzes hackers on behalf of corporate clients. In October, the company released a report suggesting that China was still engaged in state-backed commercial espionage, in spite of an agreement the previous month that it would cease.
Related Story: http://www.washingtonexaminer.com/article/2576841
China has denied culpability in all of the attacks. Numerous national security officials have expressed concern about how the country may use the information being stolen, though they have been at a loss as to potential solutions. Senate Homeland Security Committee Chairman Ron Johnson, R-Wis., has called for a briefing to take place with national counterterrorism analysts to discuss the issue.
