CyberGuide - Information Security and Cyber Risk Management

Chinese leverage private data breaches for espionage

By Jarrett Kolthoff, SpearTip

The four individuals who were identified and indicted by the Trump Administration in relation to the Equifax breach from 2017 is yet another example of the overt collection efforts by the Chinese government to steal Americans’ sensitive personal information. The openness of the U.S. government to share these examples should help bring the reality of cyber threats to the forefront in corporate board rooms and research universities. I would like to highlight that these particular attacks were conducted for a different goal – espionage.

As a former Special Agent, U.S. Army Counterintelligence, I understand there are profound and far-reaching implications of these carefully coordinated and expertly executed cyber-attacks. It’s a known fact that nation-state bad actors aren’t just exploiting American companies for their own financial gain, the attackers are digging for information that they will almost certainly use to put lives at risk.

The DOJ announcement publicly cited what we in the industry have known for a long time – China has carried out successful, elaborate and potentially ongoing cyber-attacks against American citizens for some time. This compromised information was never specifically seen on the dark web or sold by known cyber criminals – this indicates a nation-state both in the sophistication and secrecy of the attack, and in that the attackers’ motive is not for financial gain.

The scale of this incident is a terrifying reminder that American companies and organizations cannot passively sit back and assume their liability is limited to their bottom line. A foreign government now has the personal information of nearly 150 million Americans. This includes known habits, medical records, complete financial history and facial recognition that would allow the Chinese government to monitor the location and activity of an American visiting that country, or any online activity via social media. This information can be extremely useful in influencing campaigns and elections – and the policy implications thereafter.

The combined compromised datasets of the Anthem, Marriot and Equifax breaches, along with others, greatly assists nation-states in identifying vulnerable individuals who are likely targets within American organizations. These could be employees with high debt, with a hidden past, and/or who can gain physical access to your internal network – people the agent handlers can recruit through pressure tactics, putting even more information and people at risk. This is the cyber equivalent of “spotting & assessing” for source-targeting and for identifying U.S. personnel operating overseas.

When cyber espionage becomes part of the conversation – as I know from my time as a counterintelligence agent and now working with corporate America – the issue becomes one of national security that can endanger America’s competitive advantage. American corporations, alongside U.S. intelligence agencies, are primarily responsible for protecting and defending our most critical national assets.

The Department of Justice absolutely did the right thing in taking a more aggressive posture against a nation-state for its attack on our national security and in unmasking the individuals and governments behind it. My hope is this is just the first of many steps the U.S. will take to protect American lives and corporate intellectual property from this active cyber warfare activity by adversarial nation-states.

The Equifax breach, and numerous others, were terrible events. But we can use these as a cornerstone to reinforce a commitment to privacy and data security, and ensure American companies and universities take the right steps to protect their information at all costs. This is a “clarion call” for Board Members and Chief Executives to demand more to protect the information for which they are responsible. It is a matter of national security.

About the author: Jarrett Kolthoff is a former Special Agent – U.S. Army Counterintelligence, with duty stations in Maryland, Bosnia and Germany. He’s the founder and CEO of SpearTip – a cyber counterintelligence firm that protects the environments of their clients across the globe through SpearTip’s 24/7 Security Operations Center. Jarrett’s civil casework includes investigations of Chinese cyber espionage, Russian extortion, hostile corporate takeovers, rogue IT personnel, hacktivists, international wire fraud and ransomware cases.