Indeed, through successive cyberattacks, China has taken hold of the personal data of much of the American population, regardless of their occupation. (Chinese firms also gather this data by investing in U.S. companies and through partnerships with U.S. researchers.)
In addition to the OPB hack, in the last decade alone, China has stolen about 500 million travel and personal records from the Marriott hotel chain, 145 million financial and personal records from Equifax, and 78 million financial, healthcare, and personal records from Anthem.
While data itself used to be hard to come by, the advancement of bulk-data collection over the past 20 to 30 years has made processing, interpreting, and analyzing it in a timely fashion the bigger challenge.
In the 1990s, access to so much data didn’t necessarily translate into actionable intelligence, but investments in and rapid improvements to artificial intelligence are changing that.
Different methods of categorizing and storing data won’t necessarily solve the problem.
“The most [technologically] advanced security can often be bypassed using an analog [and simple] method. We’ve seen a number of different strategies being tossed around in the public discourse, from mounting a stronger offense to focusing almost exclusively on buffering our critical infrastructure defenses,” a former Air Force officer with a background in joint special operations and intelligence told Insider.
A more aggressive cyberwarfare strategy might be the solution, and the Biden administration has indicated that it will be more active in the cyber realm.
But according to Privacy Matters, a digital security and privacy publication, there are important considerations to make before opening Pandora’s box of cyberwarfare, where there are still no established norms, even among state actors.
What About You?
According to the NCSC report, the ethnic diversity of U.S. healthcare data, as well as that data’s accessibility, makes it especially appealing to China.
China’s aggressive bulk-collection strategy, especially of DNA files, poses risks for private citizens.
As the NCSC states, the loss of your DNA isn’t like losing your phone or credit card. You can’t replace your DNA, and its theft can affect you as well as your immediate family and relatives.
Unfortunately, the theft of financial or travel data by Chinese or Russian hackers may not concern people who aren’t immediately affected. But losing your DNA is a completely different proposition, as it’s literally your biological identity and can be used to track you or to design a biological weapon tailored to you.
“Things can seem pretty helpless from an individual perspective, especially when we read headlines suggesting the NSA has had their own cyber hacking tools stolen and reused against them,” the former officer said.
“We can’t very well defend our financial institutions or other companies from Chinese hackers, but we can know what to do when that inevitably occurs and our personal information is leaked online (along with millions of others),” the officer said. “All of this is to say that maintaining an understanding of your online privacy and digital security is an individual responsibility — all else is supplemental.”
For a private citizen, caught in a cyberwar between world powers, there are few responses to such theft. Understanding the threat and acting to safeguard the information you can beforehand is probably the best defense.
This report was written by Stavros Atlamazoglou and originally published on Insider.
COMMENTS