How China and Russia are mining major U.S. data hacks

Intelligence services in Russia and China are cross-referencing hacked U.S. databases to reveal the identities of U.S. intelligence workers, according to a report in the Los Angeles Times. Jeffrey Brown learns more from reporter Brian Bennett.

Read the Full Transcript


    Next: a closer look at how major hacks of U.S. data are being used by China and Russia to target U.S. spies.

    Today's Los Angeles Times reports that intelligence services in those two nations are aggressively cross-referencing leaked information, including security clearances, airline records and medical insurance forms, to reveal the identities of intelligence officers and agents.

    Jeffrey Brown has more.


    We hear about these high-level data breaches all the time. Today's story connects some of the dots in a chilling way, claiming, for example, that at least one clandestine network of American engineers and scientists who work with U.S. undercover agents overseas has already been compromised.

    One of the article's authors, L.A. Times reporter Brian Bennett, joins me now.

    And welcome to you.

    So, we hear about these acts. This is about what happens afterwards, right, cross-indexing and putting together the information. What kind of clues are they looking for?

  • BRIAN BENNETT, The Los Angeles Times:

    So, right now, countries like China and Russia are collecting massive amounts of data on the lives of Americans and the lives of government workers.

    And this is going to allow them to get a dossier on people and know about their medical history, their banking information, if they have financial difficulties and might be vulnerable to blackmail or something else, their — any marital indiscretions that may have come out, their connections overseas. And all this information is put together in massive databases and powerful computers can crunch them and give a very detailed view of people traveling.


    You even seen cited things — we all remember like the U.S. Office of Personnel Management database last year, millions and millions of amounts of information on people. And then there's the more recent — it's the Ashley Madison database, right? You can sort of put all these things together. Is it difficult to do?


    It is difficult to do. And it's technical to do.

    But computers have become so advanced now, that countries like China and Russia are fully capable of doing this, and not only that, but they can work with criminal networks in their own countries, Chinese hackers and Chinese companies. And they can collect the data and put it together.


    Well, this is one of the things that struck me in your article. You were talking about governments, China and Russia specifically, but working with mobs, mob groups, working with private companies in their own countries to do this. Why would they be working with such groups?


    So, in the case of China, for example, intelligence officials have analyzed the data breaches that have been associated with China, and they determined that there's a hacking ring, a criminal hacking ring that is working at the behest of the Chinese government.

    And that ring, for example, was behind the data that was stolen from Anthem health insurance. That was 80 million files on different people stolen from that. And that information never made it to the black market. Usually, when there's a big data breach like that, the information would be sold to the highest bidder. Well, it never appeared.

    And so intelligence officials are confident that the hack was done at the behest of a foreign government and that China is using that information combined with other information they have stolen from U.S. government computers.


    All right, now, speaking of using, because that's what also is coming out here, is not just the gathering and then the cross-indexing, but the using of this information, you say there's been at least some evidence of at least one network that has been compromised. What do we know about in that case?


    So, what was described to me by these officials I spoke with for the article was that they aren't concerned at this point so much about the trained spies, the Americans who have had years and years of experience doing this work.

    They're more concerned about a network of American scientists and engineers who have day jobs, but occasionally they moonlight for the intelligence community. They have an expertise, and when asked they help out, and they have a security clearance.

    Well, now, because China was behind the OPM data breach that was able to dig into the security clearance files, they now know and can cross-index information on people's travel records, people's health care records and whether they have a security clearance or not.


    And compromised in this case means, do we know how — was the information given to these scientists or presented to them?


    So, intelligence officials say that they have evidence that China has this information and is using it.

    We don't know exactly how they are using it. And in the espionage world, spy agencies, they try to hide their tracks, and so they won't necessarily detain or hold onto an individual. One warning that was given out to government officials, for example, was that if you're at an airport and someone approaches you and they seem to have a lot in common with you, be very wary of that. So, there are of these sort of soft advances is what the intelligence community is talking about.


    And are authorities telling you that they suspect this has happened in other cases, that there are other compromises?



    They're very concerned about that. Particularly, they're concerned about the Russian government doing this, the Chinese government, and they're also concerned about the Iranian government being able to collect these massive amounts of data and use it to identify people working with U.S. intelligence.


    And do we know what steps the U.S. is taking, are able to take to counteract any of this?


    So, right now, the U.S. is aggressively trying to educate the government work force, and tell them, look, when you travel overseas, here is what you need to be worried about. When you're sitting at your desk and you receive an e-mail that looks like it's from aunt May and it has an attachment, be very careful, because these foreign intelligence services know so much about you, they can cater these messages and convince to you click on a link that may damage or collect information off of government servers.


    All right.

    Brian Bennett of The L.A. Times, thanks so much.


    Good to be with you.

Listen to this Segment