For years you’ve read on these pages how the Chinese government has been putting together a mosaic on every individual who enjoys the trust of the United States government. The criteria needed to be placed in the targeting hopper? Being entrusted with a U.S. government security clearance and access to the nation’s secrets.
In 2017 when the Equifax breach was first reported, we tied it to criminal entities, along with the breach of the Office of Personnel Management in 2014, when millions of SF-86s and background investigations went out the door to China’s intelligence. At that time, we assessed, based on industry analysis, that this was a financial crime and no nation state hand was evidenced.
This changed with the Department of Justice (DoJ) unsealing of the indictment of four People’s Liberation Army (PLA) officers from PLA’s 54th Research Institute and charging them with the crime. The indictment makes clear that the PLA’s actions were comprehensive. “In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens.”
This also changes our analysis, and why we put forward four areas of concern for Field Security Officers. FSO’s should appropriately update their counterintelligence briefs of cleared individuals.
Cleared personnel and those who are employed by entities of interest to the Chinese should care about the targeting folio being put together by the PLA and other Chinese intelligence entities.
Four reasons areas of counterintelligence interest:
1. Personal finances and continuous evaluation.
The number one adjudicative guideline resulting in security clearance denial is “Guideline F: Financial Considerations.” In 2019, the Defense Counterintelligence and Security Agency saw 522 cases which resulted in denial of appeals of security clearance denials associated with cases involving personal financial responsibility. While the OPM breach showed a great deal of information on those who had applied within the NISPOM world, it did not show those whose clearance adjudication fell within the Director Central Intelligence Directive (DCID). The Equifax data breach allows China’s analysts to do their own analysis and identify those whose finances would fall into the troublesome categories, and craft approaches to these individuals.
2. Your personal debt.
The first rule of an intelligence approach to an individual of interest is to ensure that their “boat floats.” The ability for the Chinese human intelligence (HUMINT) targeting analysts to use their own algorithms to determine who is at the cusp of financial insolvency due to medical, consumer, housing, education or any number of normal, but insurmountable items of debt will move an individual to the top of the targeting pool.
3. China’s social matrix overlay.
It has been discussed at length here and elsewhere how China is evolving a social score for all their citizens. The Equifax breach, coupled with the scraping of open social networks and the breach of pseudo-private networks (Linkedin) and closed networks (Ashley Madison) provides to China the necessary information to allow for the Ministry of State Security (MSS) to do the same for foreign nationals who may travel to China today or at some future point in time.
4. Company and organizational targeting matrices.
The information culled from Equifax, coupled with that from Anthem and LinkedIn breaches allows the big data analysts within the MSS and PLA to put together wiring diagrams for entities of interest. The credit report aspect of the Equifax breach provides to the Chinese the W2 tax information for individuals within the wiring diagram. The wiring diagrams became more robust with the Equifax data.
China determines who is targeted; the target doesn’t get a vote
We are unable to determine who among us falls within the targeting matrix of the PLA, as we don’t control that aspect of the equation. But we can control how we prepare for an approach, and how we react when such an approach occurs.