China’s efforts to purge its government of CIA moles has been aided significantly by a massive database of personnel information stolen from the U.S. government nearly a decade ago, as well as other hacked or leaked data sets, Foreign Policy reported on Monday.
Foreign Policy wrote that one of the data sources was the cyberattack on the Office of Personnel Management (OPM)—first disclosed in 2015, but which the magazine reported the U.S. first learned of in 2012—which resulted in the compromise of over 21 million records of federal employees, spouses, and job applicants. Other sources included “vast troves of sensitive personal private information, like travel and health data,” and other huge datasets with potentially actionable information stolen or acquired from the web.
These types of databases intelligence services to pick out individuals whose records contain red flags, suspicious behaviors, or otherwise stand out and monitor them for evidence of espionage. Chinese security services first began by setting up a “sophisticated travel intelligence program” in 2010, sources told the magazine, as well as gathered biometric and passenger data from travel hubs including via a hack of the international airport in Bangkok. Their job was made easier by a separate CIA screwup in 2010, in which a CIA source-communication system originally developed for use in the Middle East had major vulnerabilities and was easily cracked by Chinese security agencies. Chinese officials discovered that the CIA had been able to take advantage of widespread corruption in the Chinese government to set up an elaborate spy network; the CIA had even ensured its sources ascended to higher positions in the government hierarchy by funding the bribes necessary for Chinese officials to get promoted.
At least a dozen, and perhaps far more, CIA sources were reportedly captured and executed from 2010-2012. Another former senior official at the National Security Agency told the magazine it was around that time when Chinese intelligence agencies started attempting to steal larger data sets as well as build an infrastructure to allow the data to be easily combined and analyzed. The OPM breach was particularly alarming, Foreign Policy wrote, because it made it much easier for the Chinese government to identify both undercover CIA personnel and who they were in contact with.
The OPM data could reveal “individuals’ mental health records, their sexual histories and proclivities, and whether a person’s relatives abroad may be subject to government blackmail,” as well as “unusual behavior patterns, biographical information, or career milestones,” particularly when combined with other relevant data subsets, sources told the magazine. Not only had the CIA been kicked out of China, but now its own agents were being compromised as they traveled abroad; in one case, Chinese officials approached and attempted to “harass and entrap a U.S. official’s wife while she accompanied her children on a school field trip to China.” Starting in around 2013, Foreign Policy wrote, the CIA also noticed that Chinese counterintelligence had been clued into its efforts to recruit Chinese sources in Africa and Europe (in some cases, seemingly taunting the CIA by making it obvious how much they knew).
“The concern just wasn’t that [the OPM hack] would curtail info inside China,” a former senior national security official told Foreign Policy. “The U.S. and China bump up against each other around the world. It opened up a global Pandora’s box of problems.”
Foreign Policy’s report has to be taken in the context of a U.S.-China relationship that has grown considerably more fraught in the past few years. Particular sources of tension during Donald Trump’s administration have included a disastrous trade war with China and crackdowns on Chinese tech companies like Huawei and ByteDance, which the White House has labeled cybersecurity risks without offering any real evidence of such. Rhetoric offered by both Republican and Democratic politicians on China has often taken on xenophobic overtones.
That said, this is yet another reminder how important a concern cybersecurity has become for the feds and how data breaches can quickly become much larger problems with cascading effects. This month, a little-known IT firm named SolarWinds disclosed a hack that had resulted in well more than half of its 33,000 customers downloading software updates bugged with malware, including numerous U.S. government agencies including the Department of Homeland Security, Treasury, and Department of Energy. The U.S. government currently believes that a hacking group operated by or on behalf of Russia’s Foreign Intelligence Service was responsible for the attack. As with the OPM hack, it could take months for the feds to figure out how badly they were hit and years for the possible consequences to materialize.