How China Will Use Your Personal Data Against You
Those who have been following the news in recent months have seen the ongoing investigations and effects of cyber attacks by North Korea and China against the United States. The most recent hack, purported to be masterminded by Chinese cybercriminals, focused on the database of U.S. government workers and provided China with its biggest win thus far in its cyber war with the U.S.
For many, it is still unclear what exactly China plans to do with this database of personal information. With the data of more than four million federal employees, China now has amassed a large arsenal of Social Security numbers, travel logs, passports, foreign contacts and many other pieces of personal information. These records include such seemingly mundane details as the names of pets, first grade teachers' names and even favorite colors.
While these specific details may seem unimportant, they actually provided hackers and cybercriminals with more than enough information to bypass many password issues involved in online accounts. For example, many security questions center on favorite pets, birth cities and even favorite foods. With this type of information, paired with a Social Security number or a legal name, hackers can gain access to many different personal accounts, including financial ones.
The Chinese government has allegedly been amassing a detailed database of this information for the last year, creating a sort of "Facebook for human intelligence" of the many U.S. citizens' and government workers' personal data it has stolen. Collecting personal preferences, behavioral patters and even seemingly insignificant life details that can lead to further data breaches or worse.
It is that "or worse" that really has many U.S. officials and cyber security experts concerned. Not only could China be looking to access additional personal accounts through these details, but it could be looking for motivations to entice or coerce cooperation from targeted individuals.
The acronym MICE, commonly used in the cyber security industry, indicates the motivations for possible coercion most commonly associated with hackers. The Chinese government looks for Money, Ideology, Compromise or Ego, or even a combination of several of these, in an individual to determine whether or not that target could be of assistance to the Chinese government. The personal data gleaned from the federal hack, as well as lesser hits, can provide the key to many of these motivations.
Once China has identified a person as a potential target for espionage, they begin the process of human recruitment. For example, a target with a chronically or terminally ill relative, discovered from hacked personal and medical records, may be offered money in exchange for information. Desperate for financial stability, this person may be likely to accept, offering government information to China.
This is just one example of the ways that this stolen data can be given to foreign governments and used against the United States and its citizens. However, it is important to note that the Chinese and hackers are not just picking and recruiting targets every day. In most instances, this is a waiting game, hoping that the right target comes along. The hackers can sit and watch their monitors, phishing for the right information for the specific job that needs to be done. Even when a potentially helpful target has been identified, the hackers will often wait and observe that person for months to track behavioral patterns and make personality assessments before contact is made.
While it remains to be seen whether this most recent hit to personal information privacy will provide results for the Chinese government, the United States should take some time to re-evaluate the way that it protects its employees and citizens from identity theft.