According to experts, the Chinese regime is building a database on Americans, using data stolen through numerous cyberattacks and, to some degree, inside spies. A source close to the matter told Epoch Times it may be building this system using the same software as its new domestic spy program.
The software being used by the CCP was initially created to analyze massive sets of data, and draw connections between the data. The source confirmed that Chinese authorities are repurposing this software for a new program that gathers information on Chinese citizens into a single database from police and spy organizations throughout China.
Involved in the program are an estimated six secret police organizations, the source said, as well as its regular police and domestic spy organizations.
The leading role in developing the program is played by an office that suggests something more is at work. The source said one of the key organizations involved in the program is under the Chinese military’s General Staff Department, Third Department. This office is in charge of the Chinese regime’s foreign cyberattacks.
The offices involved and the functionalities of the system align with what experts in the United States suspect is now taking place: that the Chinese Communist Party (CCP) is building a database on Americans, using information stolen in a recent string of cyberattacks.
“This information theft is significant. By amassing a database of American citizens—their personal information, passwords, and relationship within business or a government agency—they now have the keys to the castle,” said Casey Fleming, CEO for BLACKOPS Partners Corporation, who provides intelligence and advises the Fortune 500 on protecting trade secrets.
If the CCP were to benefit from such a massive amount of data, it would “require powerful software to manage and analyze the relationships and connections between individuals and groups,” Fleming said, noting that software with these capabilities “has been available for a number of years in the United States.”
“They can now create a shopping list for the innovation and intelligence they want to steal, and target the actual American citizens who have access to it—with an exponential improvement in the accuracy, speed and success over what they’ve had in the past,” Fleming said.
The U.S. Office of Personnel Management (OPM) revealed on June 4 that hackers breached its networks, in an attack that stole background checks and personal records on 21.5 million U.S. federal employees.
This followed similar cyberattacks that stole an estimated 80 million records on Americans from the U.S. health insurance company Anthem Inc. Similar cyberattacks targeted data from BlueCross, BlueShield, and others.
According to Fleming, the recent string of attacks is part of a “highly calculated and ongoing intelligence operation that required planning and execution at the highest levels within the Chinese government.”
He said, “Our intelligence shows this is an ongoing nation-state intelligence operation with a higher purpose.”
Digital forensics link the attacks to the Chinese regime. The cyberattacks were carried out with a specialized tool known as Sakula, which was tied to a group of Chinese hackers in November 2014 in a report by the security company CrowdStrike. The hacker group has been given several names by researchers, including “Deep Panda,” “Axiom,” and “Group 72.” It has been known to target governments, financial and legal offices, and telecommunications industries.
“I don’t think this is a criminal-related operation,” said Adam Meyers, vice president of intelligence at CrowdStrike, in a phone interview.
The nature of the attacks, which offers little in the way of financial gain, suggests the hackers are using the data for intelligence purposes.
“Having access to this type of information, if you’re conducting an intelligence operation, it’s extremely useful,” Meyers said.
Taking all this information, the CCP will be able to create more complete profiles on U.S. federal employees, individuals with security clearances, and people in industries the Chinese regime is targeting for infiltration.
Many of the same individuals can be found across different databases stolen by the CCP, including the records from OPM and Anthem, said Tony Cole, vice president and global government chief technology officer at FireEye, in a phone interview.
“[This] tells us that more than likely the Chinese government is trying to build a database on Americans who have high-level government clearances or are influential in government,” Cole said.
The key documents stolen in the recent cyberattack on the OPM were the SF86 forms on federal employees. This questionnaire for people applying for national security positions looks back seven years, and includes private information on each individual including any counseling, relationship problems, and details on their families and foreign contacts.
“It shows the weaknesses many cleared individuals have,” Cole said. “It’s a treasure trove of individuals they may decide to talk to.”
The OPM database has information on people with security clearances in the U.S. military and federal government going back to 1985. Many of these individuals are now working in other industries, and Cole noted, “The opportunities for the Chinese government using the type of data they’ve gathered is almost unlimited.”
A Searchable System
By comparing data stolen from a different system, Chinese spies will have a perfect roadmap on how to exploit people. For instance, the CCP may find a person with high-level security clearance also has a parent in the hospital and may be short on cash. Or there may be discrepancies between the data that would reveal if an individual lied about something.
“If you have a sick loved one you’re caring for, and they figure that out, they can come to you and say ‘Hey we know you have some financial trouble, maybe we can help you out,'” Meyers said.
According to the source, comparing data in this manner is exactly what the new software being implemented by the CCP is designed to do. Using it, the CCP would very easily be able to draw connections on individuals between massive sets of data stolen from different sources.
Domestically, this software is being used to create the CCP’s new “Social Credit System.” The Orwellian spy program consolidates all information on every person in China, and assigns each person a rating. It brings in data ranging from financial credit and criminal records, to details about their online activities and who they’re talking to.
The CCP has been working on programs to link every citizen’s ID to national databases since around 2005, in order to better track the Chinese people. It has similar databases across different police and spy organizations. The new software is able to combine the already massive databases into a single database containing all available information on each person.
The latest step in its plan to build the system made international headlines in April, after Oxford University translated an official document from the CCP detailing the new system’s functions and a six-year plan to roll it out.
According to the International Business Times (IBT), the Social Credit System is comparable to the spy program used under the East German communist regime. IBT cited a Dutch newspaper stating that under the CCP’s vast system of state-owned enterprises, government offices and Internet companies can exploit big data in ways that are “unimaginable in the West.”
Domestically, the system will be used to find dissidents and political activists. It can then expedite the trials by providing judges with a complete history and profile on each individual.
When deployed against the United States, however, its focus will likely be on espionage—specifically on identifying Americans who will become targets of Chinese spies.
According to Meyers, it’s unlikely that OPM will be the last target in the CCP’s new push to collect personal information on Americans.
“It’s a new twist to an old game. Espionage is the second oldest profession in the world,” Meyers said, noting that in his work in security, he has seen “rapid proliferation” in these types of attacks.