index

By Ellen Nakashima–Washington Post–

China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health care companies, using a high-tech tactic to achieve a traditional goal of espionage: recruiting spies or gaining more information on your enemy, analysts say.

Groups of hackers working for the Chinese government have to date compromised the networks of the Office of Personnel Management which holds data on millions of current and former federal employees, as well as health insurance giant Anthem, among other targets, the researchers said.

“They’re definitely going after quite a bit of personnel information,” said Rich Barger, chief intelligence officer of ThreatConnect, a Northern Virginia cybersecurity firm. “We suspect they’re using it to understand more about who to target, whether electronically or via human recruitment

[for espionage].”

The targeting of large-scale databases appears to be a relatively new tactic and is used by the Chinese government to further its intelligence-gathering.

“This is an intelligence operation designed to help the Chinese government,” said a China cyber and intelligence expert, who requested anonymity because of the ongoing investigation. “This is government espionage. This is not commercial espionage. It’s a new phase in an evolution of what they’re doing. It certainly requires greater sophistication on their part in terms of being able to take out this much data.”

Barger’s firm has also turned up technical evidence that the same Chinese group is behind the hacks of Premera Blue Cross and Empire BlueCross, which all were discovered at roughly the same time earlier this year.

Though much Chinese cyberespionage is attributed to the People’s Liberation Army, these hacks, Barger said, appear to be linked to the Ministry of State Security, which is responsible for counterintelligence and political security.

Chinese government hackers “are like a vacuum cleaner” in sucking up information electronically, said Robert “Bear” Bryant, a former national counterintelligence executive, the government’s top counterespionage official. “They’re becoming much more sophisticated in tying it all together. And they’re trying to harm us.”

The OPM hack disclosed by the agency on Thursday exposed the personal data — including social security numbers and performance evaluations — of up to 4 million current and former employees. It dates at least to December of last year, officials said. Earlier last year, OPM discovered an intrusion into a separate, highly sensitive database that contains information on employees seeking or renewing security clearances and on their background investigations.

That earlier incident has been linked to the health care hacks by Barger and another security researcher, John Hultquist, senior manager for cyberespionage threat intelligence at iSight Partners. Hultquist said the same group is responsible for all of them, as well as other intrusions into commercial databases containing large sets of Americans’ personal information.

“They would leverage this data to get to diplomatic, political, military and economic intelligence that they typically target,” said Hultquist, declining to comment on who was behind the attacks.

But U.S. officials have privately confirmed that it is Chinese government actors carrying out the intrusions.