![](\"https:\/\/media.wired.com\/photos\/5e41f9e3e601630009b7e826\/master\/pass\/Security_equifax-171313676.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Garrett M. Graff| Date: Tue, 11 Feb 2020 19:58:27 +0000<\/strong><\/p>\n Garrett M. Graff<\/span><\/a><\/span> <\/span><\/p>\n Equifax. Anthem. Marriott. OPM. The data that China has amassed about US citizens will power its intelligence activities for a generation.<\/p>\n At a press conference announcing the indictment of four Chinese hackers<\/a> Monday, US Attorney General William Barr spoke out loud what had long been discussed only over drinks at security conferences: Some of the biggest hacks of Americans\u2019 private data in the past decade had been the work of the Chinese government, resulting in a massive, unparalleled espionage advantage.<\/p>\n \u201cFor years, we have witnessed China\u2019s voracious appetite for the personal data of Americans, including the theft of personnel records from the US Office of Personnel Management, the intrusion into Marriott hotels, and Anthem health insurance company, and now the wholesale theft of credit and other information from Equifax,\u201d he told<\/a> reporters, in what was almost certainly the first time the four attacks had been publicly linked by a government official. While the new indictments from Barr make clear the common perpetrator, the damage China is alleged to have done may take decades for the United States to undo.<\/p>\n China\u2019s hoovering of Americans\u2019 private data has long been one of the biggest open secrets of modern intelligence. Gradually, over years, the Justice Department and the US government publicly pointed the finger at China for each breach in turn.<\/p>\n Chinese intelligence has amassed in just five years a database more detailed than any nation has ever possessed about one of its adversaries.<\/p>\n Public notice began with the break-in at the Office of Personnel Management<\/a> in the spring of 2015, shortly after which then-director of national security James Clapper named the superpower as the \u201cleading suspect.\u201d \u201cYou have to kind of salute the Chinese for what they did,\u201d Clapper said at the time<\/a>. In 2017, the FBI arrested<\/a> a Chinese national, Yu Pingan, who it said worked on the malware used in the OPM breach<\/a>. In 2018, Reuters reported that the Justice Department was zeroing in on Chinese hackers for the Marriott breach<\/a>. Then, last year, the Justice Department charged<\/a> Fujie Wang, as well as other members of a hacking group, with the intrusions that targeted Anthem.<\/p>\n But if you read the public charges closely, the US stayed away from discussing the suspects\u2019 motives or affiliations, or trying to hint in any way about why so many big breaches seemed to have a Chinese nexus. That changed this week.<\/p>\n Monday\u2019s detail-heavy indictment<\/a> against Chinese military personnel marks the first time that the US has directly gone after Chinese government hackers since its groundbreaking May 2014 indictment against five People\u2019s Liberation Army members<\/a> for economic espionage\u2014a case that came down even as Chinese hackers were, unbeknownst to the US, already inside the OPM system. Barr\u2019s announcement and the accompanying charges also directly tied the Chinese Communist Party to the case, as part of a larger \u201cChina strategy\u201d that the Justice Department has been pushing to raise the costs of China\u2019s rampant intellectual property theft and economic espionage.<\/p>\n The aggressiveness of the campaign has raised concerns that it could result in racial profiling\u2014a new book, The Scientist and the Spy<\/a><\/em>, alleges that profiling did occur during the FBI's last major anti-China push\u2014and so FBI deputy director David Bowdich was quick to draw parameters around the Justice Department\u2019s work. \u201cI want to make one very important point," he said<\/a> at Monday's press conference. "Our concern is not with the Chinese people or with the Chinese-American [community], it is with the Chinese government and Chinese Communist Party.\u201d<\/p>\n China\u2019s alleged hacking efforts have borne fruit just as big data and artificial intelligence combine to make those massive databases useful, sortable, and studiable. As Barr said on Monday, \u201cThis data has economic value, and these thefts can feed China\u2019s development of artificial intelligence tools as well as the creation of intelligence targeting packages.\u201d<\/p>\n Indeed, what has long worried intelligence professionals as the scope of China\u2019s data ambitions became clear is not the size of each individual theft\u2014even though all four rank among the largest and most serious data breaches ever\u2014it\u2019s the ways that the layers of the data build upon one another. The OPM breach exposed the personnel records of effectively every civilian employee of the US government, some 21 million people; they included not just key identifiers like names and Social Security numbers but also the comprehensive forms known as SF-86s, which are used in the process of granting employees security clearance and can contain all manner of sensitive information, from drug use and debts to foreign travel. Anthem reported that nearly 80 million people had their insurance information stolen. Marriott\u2019s final accounting of the intrusion into its Starwood subsidiary ended up just shy of 400 million individual records stolen, including as many as 5 million<\/a> passport numbers. Equifax saw the theft of personal identifiable information regarding 147 million people\u2014effectively the entire adult population of the United States\u2014including drivers\u2019 license numbers of at least 10 million of them.<\/p>\n By combining personnel data with travel records, health records, and credit information, Chinese intelligence has amassed in just five years a database more detailed than any nation has ever possessed about one of its adversaries. The data and its layers work both to identify existing US intelligence officers through their personnel records and travel patterns as well as to identify potential weaknesses\u2014through background checks, credit scores, and health records\u2014of intelligence targets China may someday hope to recruit. Numerous cases in recent years have shown the creative ways China has identified and targeted potential spies<\/a>, even sometimes using LinkedIn to find employees at companies of interest. The wealth of combined data now in the hands of Chinese intelligence will only make such targeting easier in the future.<\/p>\n China, whose own domestic<\/a> surveillance state<\/a> and facial recognition<\/a> advances<\/a> are as cutting-edge as they are Orwellian, appears to be sitting upon a database that it can use for decades to come. There is little to stop the country from turning the tools it has perfected at home against spies, would-be spies, intelligence officers, US government contractors, government officials, and people who simply work in any of the umpteen industries where it\u2019s eager to collect industrial secrets.<\/p>\n China\u2019s distinct advantage and evolving technology has forced a reckoning for US intelligence personnel. As Yahoo News\u2019 Zach Dorfman and Jenna McLaughlin reported<\/a> in December, US officials now worry whether they can work undercover overseas at all. The effort required to circumvent China\u2019s data trove, advances in biometric identifiers, and facial recognition at border crossings and on street corners seems increasingly Sisyphean. Countries with advanced espionage operations\u2014like Russia, China, and the US\u2014have begun meeting covert operatives in countries like Peru that offer little in the way of biometric data collection. The CIA is rethinking how\u2014and where\u2014it recruits personnel for overseas operations, based on the \u201cbig data\u201d implications and the potential \u201cdigital exhaust\u201d personnel may have.<\/p>\n The challenge ahead was outlined in news Monday that made far fewer headlines than the Equifax charges: The National Counterintelligence and Security Center, a little-known part of the Office of the Director of National Intelligence, released its new strategy<\/a> for countering espionage activities around the world.<\/p>\n One could see echoes of the Equifax and related data breaches in one of the three main thrusts of the new report: \u201cThreats to the United States posed by foreign intelligence entities are becoming more complex, diverse, and harmful to U.S. interests,\u201d it reported<\/a>. \u201cThreat actors have an increasingly sophisticated set of intelligence capabilities at their disposal and are employing them in new ways to target the United States. The global availability of technologies with intelligence applications\u2014such as biometric devices, unmanned systems, high resolution imagery, enhanced technical surveillance equipment, advanced encryption, and big data analytics\u2014and the unauthorized disclosures of US cyber tools have enabled a wider range of actors to obtain intelligence capabilities previously possessed only by well-financed intelligence services.\u201d<\/p>\n The challenge spies and counter-spies have in front of them will only grow more daunting as biometric identifiers\u2014fingerprints, facial recognition scans, and DNA tests\u2014continue to become more common in daily life. It\u2019s clear that the US government is already thinking about preventing and limiting its exposure to rich data troves, like Equifax, in the future: The Pentagon recently asked military personnel to stop<\/a> using at-home DNA kits for health and ancestry purposes, fearful about where that unchangeable, unalterable genetic data may end up now or later.<\/p>\n