It Appears China Is Building A Massive Espionage Database On America
22 Feb 2019
I’ve mentioned this in numerous places for the last few years, so I decided it was time to finally put it into a formal piece.
It seems obvious at this point that China is building a massive database of information on American individuals and companies, which they can then use for various purposes—including espionage, intellectual property theft, extortion, and other types of coercion.
2/3 of the intellectual property theft cases that the department of justice deals with come from China
Here are some of the attacks that have been linked to China with some significant degree of confidence.
OPM: The attack on the Office of Personnel Management was perhaps the worst breach in history in terms of espionage, as what was stolen was the background investigation files for most everyone in the United States with a security clearance. So—just to spell it out—China now has all the dirty laundry for Americans serving in the most sensitive positions in our military and government.
Equifax: Most of the credit files, and associated financial information, for a massive percentage of the American population.
Marriott: The Marriott breach captured millions of files on people who travel a lot for business.
"China is the single greatest risk to the security of American technologies." - Congressional Advisory Group
Seeing any patterns yet? Here are some more.
- Google and 34 other companies in 2010, including Northrop Grumman, Symantec, Yahoo, Dow Chemical, and Adobe Systems.
- Navy Contractor, 2018
- China using LinkedIn to target people inside high-value companies, 2018
- Sandia National Labs, 2004
- Congressman Wolf, 2006
- Commerce Department, 2006
- F-35 Program, 2009
- Think Tank/Law Firm Associated with a Chinese Fugitive, 2017
And this is just a fraction of what’s out there.
You see the stuff they have already:
- Background investigation information for our most sensitive people
- Our credit files
- Our business travelers
- A list of who works at what companies, doing what
Now add a hack of a DNA database to that list. Imagine them having partial (and eventually full) genome information on these same people. Of course right now there aren’t too many practical attacks one can launch using that information, but they did just arrest someone for making CRISPR babies.
This stuff is pretty far off, so don’t think we’re close to bio attacks that only kill certain people. That’s fiction today, and probably will be for quite some time.
The whole technological world is working on personalized medicine right now. And with personalized medicine will inevitably come personalized weapons. I’m not sure how far off those practical attacks are, but I can tell you the answer is not far enough.
But even without personalized weapons based on a DNA breach, the idea that a highly organized and highly trained state-level adversary is actively building these kinds of databases on us, and using that information however they can to secure victory—that’s just extremely frustrating, and exhilarating, and surreal, all at once.
It’s asymmetric in so many ways.
We don’t even have that much information on our own citizens, but it’s being gathered and organized by a hostile government to be used against us. And, even crazier, we wouldn’t be allowed to have that much data in one place if we could do it technically.
I think the possible exceptions are data broker companies, like Acxiom, Nielsen, Corelogic, etc. There’s little doubt in my mind that they’re actively trying to compromise other data brokers like them who have the specific mission of collecting and linking information together on individuals.
Those have to be extremely high on their list of targets.
China is owning us with impunity, and they’re building massive databases to help them target high-value individuals and companies for information and/or leverage.
Most people aren’t aware of this level of organization and strategic, long-term thinking on their part, and they should be.
I’m not sure how to fault them for doing this, other than to point out that much of it is illegal. The fact is that this is the new reality for warfare, so every nation should probably have some similar capability.
If you want to know where the shoe hasn’t dropped yet, look at DNA Databases, Data Brokers, and Law Firms. Those are places that have deep data, unified data, and sensitive data that would go a long way towards enriching what they already have.
It’s time to get in this game, becuase right now China is not only playing (and winning) without us: they’re doing so without most people even knowing about it.
Share this link: