US officials believe that China and Russia are building a database of US intelligence information using massive amounts of files stolen from government agencies and private companies, The Los Angeles Times reported Monday.
The intelligence community fears that sort of a database could be used to identify, profile, track, and potentially blackmail or recruit US intelligence operatives around the world.
Digital analysis of the data can reveal “who is an intelligence officer, who travels where, when, who’s got financial difficulties, who’s got medical issues, [to] put together a common picture,” William Evanina, the top counterintelligence official for the US intelligence community, told The Times.
In recent months, hackers linked to the Chinese government have stolen data on millions of Americans via the Office of Personnel Management (which holds US security clearance background checks), the health insurance giant Anthem, and two major airlines (United and American).
The attacks diverged from their usual pattern of stealing intellectual property and defence secrets.
Instead, the hackers have targeted information that would enable them to build a database of US diplomats, intelligence operatives, and those with business in China.
Some CIA, National Security Agency, and military special operations personnel were exposed in the OPM attack, resulting in what counterintelligence expert Joel Brenner described as “a
significant blow” to American human intelligence.
Russia, too, has been linked to at least two major government data breaches this year. In April, Russia-hired hackers reportedly broke into an unclassified White House system and stole information about President Barack Obama’s daily schedule and communications. In July, Russian hackers knocked the Pentagon’s email system offline for two weeks and shared large quantities of data across thousands of websites, NBC reported.
The stolen data could forseeably be used as leverage for foreign governments over individuals, but blackmail may not be the hackers’ only (or even primary) objective.
“There’s a difference between leverage and information,” cybersecurity expert Dave Aitel told Business Insider. “This isn’t about blackmail … it’s about understanding the scope of US intelligence activities, tracking all relationships, and making it impossible for the US to hide the true depth of its intelligence.”
The potentially blackmailable information exposed in the Ashley Madison hack, for example, is “much less important in the long run than simply knowing where everyone travelled,” Aitel noted. “And the OPM hack will be less important in the future than the much bigger strategic hacks that have targeted private companies.”
Still, “the combination of information [the hackers] obtained from OPM with the travel information they now have from United [Airlines] is hugely powerful” for the Chinese, Aitel told Business Insider last month, “and it will make the kind of work the CIA does much more difficult.”
Aitel noted that the hackers’ breach of United Airlines was especially significant as it’s the main airline in and out of Washington, DC’s Dulles International — the nearest international airport to the CIA’s headquarters in Langley, Virginia.
“Every CIA employee and visitor coming from abroad flies in and out of Dulles, and chances are they’re flying United,” Aitel told Business Insider.
“Cross-referencing names contained in the OPM, IRS, and other caches would expose identities of US personnel working abroad under commercial or diplomatic cover,” Robert Caruso, a former Navy special security officer who has worked in security at the State and Defence Departments, told Business Insider via email.
“You could easily target their families and employers with threats of blackmail or worse,” Caruso added.
The Obama administration is now trying to figure out how best to retaliate for the data breaches without escalating the cyberwar. The White House is reportedly considering sanctions against China, in line with an executive order Obama passed in April authorizing financial and travel sanctions against anyone involved in foreign-based cyberattacks.
“We need to assume China has hacked every database” at this point, Aitel said. “Anything China competes with, they hack first. Economic sanctions is the obvious response, and it’s long overdue.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.