China and Russia are aggressively using stolen data to identify members of the U.S. intelligence community, according to a top security official.
They have been looking at a range of data to determine “who is an intelligence officer, who travels where, when, who’s got financial difficulties, who’s got medical issues, [to] put together a common picture,” William Evanina said in comments to the Los Angeles Times on Monday. Evanina is director of the National Counterintelligence and Security Center.
Evanina also said foreign intelligence services had “absolutely” already used the data against American operatives. However, the nature of that usage is classified. Just one network of U.S. engineers and scientists who provide assistance to undercover operatives has been identified as compromised, he said.
The security of personal information has been at risk since the U.S. Office of Personnel Management had its systems breached earlier this year. Hackers with apparent ties to China exfiltrated OPM files containing information on more than 22 million applicants who had sought security clearances with the U.S. government dating back fifteen years or more. Russian hackers linked to the Kremlin breached an unclassified e-mail server belonging to the Joint Chiefs of Staff in July.
Additionally, hackers earlier this month released data from the extramarital dating website Ashley Madison. Those files included data on more than 13,000 clients who had used government e-mail addresses. The Pentagon is currently appraising how many of those were military personnel who violated policies that prohibit extramarital affairs.
The hacks grant China and its allies a nearly unprecedented ability to identify and blackmail U.S. security personnel, he said. Russia is chief among those allies; the two countries signed 32 bilateral agreements earlier this year that included provisions for cooperating on cybersecurity.
Elaine Korzak, a cybersecurity fellow at Stanford, says the U.S. has deferred from making similar agreements, partially because of the difficulty of applying them to non-state actors. Countries like the U.S. “have moved away from the focus on an international ‘cybertreaty’ of sorts and are taking a broader approach to agree on norms, rules and principles that would govern the behavior and actions of different actors in cyberspace,” Korzak told the Examiner.
Korzak added that Russia has more in common with its neighbor in the East on a cultural level, which has been particularly helpful in coming to agreement on matters of cybersecurity. She said Western countries have been more inclined to shy away from cybertreaties “and have instead argued that current international legal frameworks should be applied.”
The relationship that Russia and China have on cybersecurity may be the deepest between state actors on the issue to date. China has no such kinship with India, for instance, in spite of the duo’s substantial economic ties. India has been a prominent target of cyberattacks originating in China; most notably, it was reported earlier this month that the Chinese have been penetrating India’s systems as far back as 2012. India has been exploring a deeper relationship with the U.S. on cyberissues.
It is conceivable that the U.S. intelligence community did not anticipate the direction that international cybersecurity norms would take over the course of the year. “I worry a lot more about the Russians,” Director of National Intelligence James Clapper said in October last year, just months before news of the OPM breach emerged.
The White House has drawn criticism from Republicans for being slow to respond to the OPM breach, refusing even to publicly acknowledge the role that the Chinese government is likely to have played.
Republican presidential candidate Donald Trump expressed criticisms the most colorfully, saying that when Chinese President Xi Jinping makes his first state visit to Washington next month, he would “get him a McDonald’s hamburger” rather than providing a state dinner. (However, he also said that President Obama was to blame for any misdeeds, and predicted that he would get along with the Chinese “very well” if he were president.)
Perhaps in response those criticisms, the Washington Post on Sunday quoted an anonymous senior administration official who said “the administration is pursuing a comprehensive strategy to confront” foreign entities that have violated U.S. systems, go as far as to suggest economic sanctions. “That strategy includes diplomatic engagement, trade policy tools, law enforcement mechanisms, and imposing sanctions on individuals or entities that engage in certain significant, malicious cyber-enabled activities,” the official said.
However, it is uncertain whether a formal announcement will be rendered prior to President Jinping’s visit. In past years, U.S. administrations have delayed decisions related to sanctions until after state-level meetings between the two countries.
