In a separate attack against OPM early last year, information relating to individuals who were either seeking to obtain or who had already obtained security clearances was also compromised. The extent of the information lost was vast and included detail relating to the background investigations or checks that led to security clearances of US government officials being granted.
The Chinese government is suspected, by various non-official sources [1], as being linked to this attack and other similar attacks in which huge amounts of Personally Identifiable Information (PII) has been stolen. For example, the attacks on the US Postal Service, health insurer Anthem and healthcare provider Premera Blue Cross. The Chinese government has, of course, denied all involvement.
However, all of these attacks have raised some interesting points for discussion. What would a foreign intelligence service do with huge swathes of PII? Cyber-criminals would of course sell this information, soon after obtaining it, on the black market and PII is now worth more than banking credentials in these circles. However, information relating to all of the above breaches is yet to appear in criminal forums; further indicating that a foreign intelligence service is linked to these attacks.
The targeting of large data sets by a foreign intelligence service suggests that there is a sophisticated capability complementing, and potentially driving forward, the cyber operations collecting this data. A capability that can make connections, spot patterns and draw inferences between diverse collections of data. These huge data sets would be impossible to interrogate without the use of sophisticated software, allowing the data to be manipulated and used in new ways; through the generation of complex queries.
This type of activity is already being used in the commercial world (and to be honest has most likely been used for a long time in the intelligence world). For example, Facebook has a Data Science Team. This team has reportedly developed ways to interrogate the data collected by Facebook in order to predict a user’s political views, their emotional stability and even when they are likely to split up with their partner!
In the same way that data collected via social media could be interrogated, in a commercial sense, in order to target products more effectively or profile users. Large data sets obtained in offensive cyber espionage operations could be interrogated by a foreign intelligence agency to improve the effectiveness of their operational targeting. Not just for follow on cyber-attacks but also to highlight individuals that may be susceptible to coercion, recruitment as human intelligence sources or identify those that would be vulnerable to other technical operations. The end goal of these operations would be the collection of intelligence along political, military and commercial lines. The possibilities are endless and when combined with data that is already in the public domain (like information on social media), it makes for a truly spectacular capability.
Cyber espionage is usually associated with the theft of intellectual property. However, in reality the scope is much broader. Cyber has revolutionised the way traditional espionage is conducted. And, through utilisation of offensive cyber capabilities, a much broader range of information is available to a foreign intelligence service than ever before. This information can be obtained quickly, with very little risk. When you add to this equation the use of ‘big data’ techniques in order to interrogate this information, it makes for a very powerful capability that can drive and dictate further intelligence collection opportunities. In addition, what should not be underestimated is the significant resource at the disposal of a foreign intelligence service. They have a wide range of capabilities, of which cyber is just one tool. These capabilities can be used interchangeably and are complementary.
All data is valuable. You may think that your data (whether commercial or personal) would not be of interest to a foreign intelligence service or criminal group. However, when that data is combined with other sources of information that is already in the hostile entities possession, it becomes a lot more valuable and exploitable.
Contact and Follow-Up
Tom is a part of our Response team based in our London office.
http://fedscoop.com/researchers-link-chinese-to-anthem-opm-hacks ;
http://www.washingtontimes.com/news/2015/jun/5/chinese-opm-hackers-also-behind-massive-health-car/