Wednesday, July 8, 2015

China and Personal Information Security

Working on a military base I receive some crazy briefings. This one was given by our security officer. As you can see it’s a collection of portions of articles from 2 different websites. Anyway I found it interesting and of use for us civilians as I guess the military did too.
“China finally admits it has special cyber warfare units. Lots of them! For years the U.S. and many other countries have suspected China of carrying out several high-profile cyber-attacks with the country strongly denying the claims. For the first time China has admitted it does have cyber warfare divisions and several of them. In the latest updated edition of a PLA publication called “The Science of Military Strategy, China finally broke its silence and openly talked about its digital spying and network attack capabilities. China clearly stated it has specialized units devoted to wage war on computer networks. Joe McReynolds, an expert on Chinese military strategy at the Center for intelligence Research and Analysis, stated this is the first time China has explicitly acknowledged it has secretive cyber-warfare units on both the military as well as civilian government sides.
Chinese Cyber Warfare Units
According to McReynolds China has 3 types of operational units:
Specialized military forces to fight the network: The unit designed to carry out defensive and offensive network attacks.
Groups of experts from civil society organizations: The unit contains specialists from civilian organizations including the Ministry of State Security (China’s CIA), and the Ministry of Pubic Security (China’s FBI) who are authorized to conduct military network operations.
External entities: The unit sounds like hacking-for-hire mercenaries and contains non-government entities (state sponsored hackers) that can be organized and mobilized for network warfare operations.
According to experts, the above units are utilized in civil cyber operations, including industrial espionage against U.S. private companies to steal secrets. “It means that the Chinese have discarded their fig leak of quasi-plausible deniability,” McReynolds said. “As recently as 2013, official PLA (People’s Liberation Army) publications have issued blanket denials such as “The Chinese military has never supported any hacker attack or hacking activities.” “They can’t make that claim anymore.” and
Since May of 2014, the Chinese government has been amassing what can only be described as the "Facebook for human intelligence targeting" from the databases lifted from some of our most fundamental and essential systems. Why would anyone want healthcare records? If you take a step back, these records are part of a bigger picture, used in concert with the personnel records of US government workers and any other databases that have been stolen over the years. The beneficiary of that data can build an interesting picture detailing the confidential history, preferences, behavioral patterns, and more, of millions of potential intelligence targets.
The People’s Republic of China does not only conduct network-based espionage, they are a major government on the world stage. They have human intelligence collectors whose job is to identify people with access to interesting or useful information and to collect that information.
By combining these diverse data streams, human collectors can identify the vulnerabilities present in a target’s life, and determine the proper motivation to exploit them. With access to medical records or insurance information, an operator may be able to identify the person aiding a dying relative. Through financial data and court records, an operator can determine who is going through a bitter divorce or custody battle. If they are able to identify these openings, they can approach the target and offer a simple trade of money or services for information. This information may seem insignificant to the target, but in aggregate across many different sources becomes quite valuable to the collector. While there is not much a specific individual can control when this information is provided to an outside agency, ensuring family members and friends are aware that their actions can have an impact on you or your life or career could help mitigate some of these potential vulnerabilities.”
What I can surmise from all this is be careful about what information you put out there. I know we have to function in life and give personal information to appropriate agencies and institutions but limit what we can and be careful about who gets what info. I’ve questioned many times the need for a business or other entity to have my social security number or other information. Why the heck does my doctor need some of this stuff? As Kramer of Seinfeld said, “I don’t know. Why does Radio Shack want my phone number?”
Be cautious in what you do and how you do it. Information is power and we give up enough of our freedom in this country as it is.

Semper Paratus
Check 6