Moving Against China’s Military for Hacking US Company

As if identity theft alone isn’t enough of a concern for Americans, the Equifax hacking indicates that China’s military wants to weaponize sensitive personal information to undermine U.S. national security.

Three members of China’s People’s Liberation Army have been indicted by the Justice Department in the 2017 data breach of Atlanta-based Equifax Inc., one of the nation’s largest credit reporting agencies.

The charges include conspiracy to commit computer fraud, economic espionage, and wire fraud.

This was a data breach—a “release of personally sensitive, protected, and/or confidential data”—rather than a security breach, which refers only to the hacking of websites and applications without theft.

And it was a large one, with the names, birth dates, and Social Security numbers of 145 million Americans.

These are not ordinary criminal hackers with a motive to sign up for credit cards using another person’s name. The accused are members of a foreign military branch—the People’s Liberation Army’s 54th Research Institute, which falls under the scrutiny of the Chinese army’s Strategic Support Force.

The Strategic Support Force works on information operations, such as cyberspying, to conduct a form of hybrid warfare that uses diverse elements such as propaganda, economics, and cyberattacks against its adversaries.

The Equifax hack provides the unit with personal financial information that can help the Chinese recruit spies within our national security sector, as well as influence key business and media figures.

Financial information can help intelligence operatives identify those who are susceptible to bribery or other economic pressure, such as former CIA officer Kevin Patrick Mallory, who provided secrets to the Chinese in exchange for money to pay off his mortgage and other debts.  

The Chinese have used human intelligence—targets include military forces, defense industrial companies, national security decision-makers, and critical infrastructure entities—to undermine the U.S. strategically and economically.

The Equifax breach could have implications beyond identity theft. The information could be used to target individuals for espionage, bribe, or blackmail.

U.S. national security matters are at stake here. Both the U.S. government and private businesses must take stronger security measures against these acts of theft and espionage.