I’ve mentioned this in numerous places for the last few years, so I decided it was time to finally put it into a formal piece.
It seems obvious at this point that China is building a massive database of information on American individuals and companies, which they can then use for various purposes—including espionage, intellectual property theft, extortion, and other types of coercion.
Here are some of the attacks that have been linked to China with some significant degree of confidence.
OPM: The attack on the Office of Personnel Management was perhaps the worst breach in history in terms of espionage, as what was stolen was the background investigation files for most everyone in the United States with a security clearance. So—just to spell it out—China now has all the dirty laundry for Americans serving in the most sensitive positions in our military and government. Link
Equifax: Most of the credit files, and associated financial information, for a massive percentage of the American population. Link
Marriott: The Marriott breach captured millions of files on people who travel a lot for business. Link
Seeing any patterns yet? Here are some more.
Google and 34 other companies in 2010, including Northrop Grumman, Symantec, Yahoo, Dow Chemical, and Adobe Systems.
Navy Contractor, 2018 Link
China using LinkedIn to target people inside high-value companies, 2018 Link
Sandia National Labs, 2004 Link
Congressman Wolf, 2006 Link
Commerce Department, 2006 Link
F-35 Program, 2009 Link
Think Tank/Law Firm Associated with a Chinese Fugitive, 2017 Link
And this is just a fraction of what’s out there.
Basically, they’re building an organized database of stolen information that they can use to beat us economically and militarily in the long-term.
I’d like to be mad at them, but I’m not really. They have a mission, and that’s to win the game over the span of decades and centuries—not tomorrow or the next day. They’re strategic and they’re unified.
I wish the US were so organized and cohesive. I really do.
But just because I respect what China is doing, or at least the fact that they’re conscious enough to be doing it to further their unified goals—doesn’t mean that I have to like it.
And here’s a great prediction for 2019 from Chad Loder:
You see the stuff they have already:
Unsupervised Learning — Security, Tech, and AI in 10 minutes…
Get a weekly breakdown of what's happening in security and tech—and why it matters.
Background investigation information for our most sensitive people
Our credit files
Our business travelers
A list of who works at what companies, doing what
Now add a hack of a DNA database to that list. Imagine them having partial (and eventually full) genome information on these same people. Of course right now there aren’t too many practical attacks one can launch using that information, but they did just arrest someone for making CRISPR babies.
This stuff is pretty far off, so don’t think we’re close to bio attacks that only kill certain people. That’s fiction today, and probably will be for quite some time.
The whole technological world is working on personalized medicine right now. And with personalized medicine will inevitably come personalized weapons. I’m not sure how far off those practical attacks are, but I can tell you the answer is not far enough.
But even without personalized weapons based on a DNA breach, the idea that a highly organized and highly trained state-level adversary is actively building these kinds of databases on us, and using that information however they can to secure victory—that’s just extremely frustrating, and exhilarating, and surreal, all at once.
It’s asymmetric in so many ways.
We don’t even have that much information on our own citizens, but it’s being gathered and organized by a hostile government to be used against us. And, even crazier, we wouldn’t be allowed to have that much data in one place if we could do it technically.
I think the possible exceptions are data broker companies, like Acxiom, Nielsen, Corelogic, etc. There’s little doubt in my mind that they’re actively trying to compromise other data brokers like them who have the specific mission of collecting and linking information together on individuals.
Those have to be extremely high on their list of targets.
China is owning us with impunity, and they’re building massive databases to help them target high-value individuals and companies for information and/or leverage.
Most people aren’t aware of this level of organization and strategic, long-term thinking on their part, and they should be.
I’m not sure how to fault them for doing this, other than to point out that much of it is illegal. The fact is that this is the new reality for warfare, so every nation should probably have some similar capability.
If you want to know where the shoe hasn’t dropped yet, look at DNA Databases, Data Brokers, and Law Firms. Those are places that have deep data, unified data, and sensitive data that would go a long way towards enriching what they already have.
It’s time to get in this game, becuase right now China is not only playing (and winning) without us: they’re doing so without most people even knowing about it.
Image from e-hacking news.