By Joshua Philipp, Epoch Times | July 22, 2015
Last Updated: July 22, 2015 9:12 pm
A man checks security cameras on Tiananamen Square in Beijing on October 31, 2013. The Chinese Communist Party is building a database on Americans, using software from its domestic spy programs. (Ed Jones/AFP/Getty Images)
According to experts, the Chinese regime is building a database on Americans, using data stolen through numerous cyberattacks and, to some degree, inside spies. A source close to the matter told Epoch Times it may be building this system using the same software as its new domestic spy program.
The software being used by the CCP was initially created to analyze massive sets of data, and draw connections between the data. The source confirmed that Chinese authorities are repurposing this software for a new program that gathers information on Chinese citizens into a single database from police and spy organizations throughout China.
Involved in the program are an estimated six secret police organizations, the source said, as well as its regular police and domestic spy organizations.
The leading role in developing the program is played by an office that suggests something more is at work. The source said one of the key organizations involved in the program is under the Chinese military’s General Staff Department, Third Department. This office is in charge of the Chinese regime’s foreign cyberattacks.
The offices involved and the functionalities of the system align with what experts in the United States suspect is now taking place: that the Chinese Communist Party (CCP) is building a database on Americans, using information stolen in a recent string of cyberattacks.
“This information theft is significant. By amassing a database of American citizens—their personal information, passwords, and relationship within business or a government agency—they now have the keys to the castle,” said Casey Fleming, CEO for BLACKOPS Partners Corporation, who provides intelligence and advises the Fortune 500 on protecting trade secrets.
By amassing a database of American citizens—their personal information, passwords, and relationship within business or a government agency—they now have the keys to the castle.
— Casey Fleming
If the CCP were to benefit from such a massive amount of data, it would “require powerful software to manage and analyze the relationships and connections between individuals and groups,” Fleming said, noting that software with these capabilities “has been available for a number of years in the United States.”
“They can now create a shopping list for the innovation and intelligence they want to steal, and target the actual American citizens who have access to it—with an exponential improvement in the accuracy, speed and success over what they’ve had in the past,” Fleming said.
Connected Attacks
The U.S. Office of Personnel Management (OPM) revealed on June 4 that hackers breached their networks, in an attack that stole background checks and personal records on 21.5 million U.S. federal employees.
This followed similar cyberattacks that stole an estimated 80 million records on Americans from the U.S. health insurance company Anthem Inc. Similar cyberattacks targeted data from BlueCross, BlueShield, and others.
MORE:Why China’s New Cybersecurity Law Will Hurt the Tech Sector, and China ItselfHow China Could Use the Federal Breach to Recruit Spies
According to Fleming, the recent string of attacks is part of a “highly calculated and ongoing intelligence operation that required planning and execution at the highest levels within the Chinese government.”
He said, “Our intelligence shows this is an ongoing nation-state intelligence operation with a higher purpose.”
Digital forensics link the attacks to the Chinese regime. The cyberattacks were carried out with a specialized tool known as Sakula, which was tied to a group of Chinese hackers in November 2014 in a report by the security company CrowdStrike. The hacker group has been given several names by researchers, including “Deep Panda,” “Axiom,” and “Group 72.” It has been known to target governments, financial and legal offices, and telecommunications industries.
“I don’t think this is a criminal-related operation,” said Adam Meyers, vice president of intelligence at CrowdStrike, in a phone interview.
The nature of the attacks, which offer little in the way of financial gain, suggest the hackers are using the data for intelligence purposes.
“Having access to this type of information, if you’re conducting an intelligence operation, it’s extremely useful,” Meyers said.
Taking all this information, the CCP will be able to create more complete profiles on U.S. federal employees, individuals with security clearances, and people in industries the Chinese regime is targeting for infiltration.
Many of the same individuals can be found across different databases stolen by the CCP, including the records from OPM and Anthem, said Tony Cole, vice president and global government chief technology officer at FireEye, in a phone interview.
“[This] tells us that more than likely the Chinese government is trying to build a database on Americans who have high-level government clearances or are influential in government,” Cole said.
The key documents stolen in the recent cyberattack on the OPM were the SF86 forms on federal employees. This questionnaire for people applying for national security positions looks back seven years, and includes private information on each individual including any counseling, relationship problems, and details on their families and foreign contacts.
MORE:Information on Every Federal Employee Allegedly Stolen In CyberattackTwo Groups of Chinese Hackers Behind Breach of Millions of US Employees Information
“It shows the weaknesses many cleared individuals have,” Cole said. “It’s a treasure trove of individuals they may decide to talk to.”
The OPM database has information on people with security clearances in the U.S. military and federal government going back to 1985. Many of these individuals are now working in other industries, and Cole noted “the opportunities for the Chinese government using the type of data they’ve gathered is almost unlimited.”
A Searchable System
By comparing data stolen from a different system, Chinese spies will have a perfect roadmap on how to exploit people. For instance, the CCP may find a person with high-level security clearance also has a parent in the hospital and may be short on cash. Or there may be discrepancies between the data that would reveal if an individual lied about something.
“If you have a sick loved one you’re caring for, and they figure that out, they can come to you and say ‘hey we know you have some financial trouble, maybe we can help you out,'” Meyers said.
According to the source, comparing data in this manner is exactly what the new software being implemented by the CCP is designed to do. Using it, the CCP would very easily be able to draw connections on individuals between massive sets of data stolen from different sources.
Domestically, this software is being used to create the CCP’s new “Social Credit System.” The Orwellian spy program consolidates all information on every person in China, and assigns each person a rating. It brings in data ranging from financial credit and criminal records, to details about their online activities and who they’re talking to.
The CCP has been working on programs to link every citizen’s ID to national databases since around 2005, in order to better track the Chinese people. It has similar databases across different police and spy organizations. The new software is able to combine the already massive databases into a single database containing all available information on each person.
The latest step in its plan to build the system made international headlines in April, after Oxford University translated an official document from the CCP detailing the new system’s functions and a six-year-plan to roll it out.
According to the International Business Times (IBT), the Social Credit System is comparable to the spy program used under the East German communist regime. IBT cited a Dutch newspaper stating that under the CCP’s vast system of state-owned enterprises, government offices and Internet companies can exploit big data in ways that are “unimaginable in the West.”
Domestically, the system will be used to find dissidents and political activists. It can then expedite the trials by providing judges with a complete history and profile on each individual.
MORE:China Let It Slip That Its Cyber Army Is RealExtensive Network of Secret Chinese Military Units Attack US on Daily Basis
When deployed against the United States, however, its focus will likely be on espionage—specifically on identifying Americans who will become targets of Chinese spies.
According to Meyers, it’s unlikely that OPM will be the last target in the CCP’s new push to collect personal information on Americans.
“It’s a new twist to an old game. Espionage is the second oldest profession in the world,” Meyers said, noting that in his work in security, he has seen “rapid proliferation” in these types of attacks.
http://www.theepochtimes.com/n3/1471152-china-is-building-a-database-on-americans-using-its-domestic-spy-program/