Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

China’s Data Collection on US Citizens:

Implications, Risks, and Solutions
Ming Shin Chen
Georgia Institute of Technology, Ivan Allen College of Liberal Arts, North Ave NW, Atlanta, GA 30332
Corresponding author: [email protected]
Keywords: OPM hack; Marriott Starwood; China; cybersecurity; counterintelligence

Executive Summary: The People’s Liberation Army of China has been linked to several
major data breaches targeting the personal data of American citizens, including the hacks on
the Office of Personnel Management (OPM), Marriott Starwood, United Airlines, and Anthem
Health Insurance, amongst others. These data breaches include personally identifiable
information on millions of American citizens, including full names, Social Security Numbers
(SSNs), job and income data, passport numbers, and flight histories. The data breaches also
included the loss of roughly 18 million copies of Standard Form 86, which included personal
data, including individuals’ past substance abuse, gambling habits, and history of psychiatric
care (Koerner 2016). The fact that the cyber intruders did not target financially valuable data,
coupled with the long duration of these cyber espionage campaigns, indicate the involvement
of a state-backed actor. Several post-breach investigations conducted by cybersecurity firms
including ThreatConnect, and Mandiant, in addition to investigations undertaken by the US
government, have attributed the attacks to a Chinese state-backed actor (Armerding 2016;
Mandiant; Threat Connect 2015). It is believed that the information gathered from these data
breaches is being compiled into a database by intelligence services in China, who seek to
target US citizens for intelligence gathering purposes. Citing evidence from the goals and
operations of Chinese intelligence services, this report makes the case that Chinese
intelligence services will use this database to identify, target, and recruit US informants.

The report finds that Chinese intelligence services, namely the People’s Liberation Army
(PLA) and the Ministry of State Security (MSS), were complicit in the creation and use of this
database. While the PLA conducts the bulk of the cyber offensive operations to collect
information for the database, the MSS, China’s premier foreign intelligence agency, is likely to
make use of the database. Based on the operating goals of the MSS, it is likely the database
will be used to aid in the agency’s informant recruitment process. The MSS’s informant
recruitment process often begins with virtual communications and ends with actual
“recruitment” occurring in mainland China. The report found that the MSS follows 5 key steps
in its informant recruitment process, including (1) “spotting”; (2) “assessing”; (3)
“developing”; (4) “recruiting”; and (5) “handling”.

To counter the threat posed by Chinese intelligence services, this report seeks to identify
high-value strategic targets which would contribute greatly to the database’s utility in
recruiting US informants, following the MSS’s five-step informant recruitment process. The
report further sought to devise countermeasures to protect these strategic targets, including
tighter cybersecurity standards, data privacy regulations, and counterintelligence efforts. Key
targets identified include:

(1) Data broker companies, specifically those that gather “people” data. This type of data includes
information like names, contact info, SSN, education, and job information, which could be used to

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

“spot”, or identify American citizens of interest, the first step in the informant recruitment
process. The report recommends enacting federal regulations on the data collection practices and
cybersecurity standards of data broker companies, maximizing cyber defenses while minimizing
data exposure

(2) Open-source social media platforms like LinkedIn, which may be used to identify and target US
citizens. This data will be used to “assess” and “develop” potential informants. Several reports
from Western intelligence agencies revealed that Chinese intelligence sources have utilized
LinkedIn to reach out to potential informants, posing as headhunters with the appeal of career-
advancing opportunities. The report recommends US counterintelligence services coordinate
efforts with LinkedIn to identify, publicize, and remove the accounts of the fake headhunters
operating on the social media site.

(3) The Department of Homeland Security’s Flight Tracker stores data on passport numbers and the
arrival and departure flight history for individuals’ dating five years back. This data could be used
in the “recruitment” step of the informant recruitment process, as evidence from the MSS’s
operations indicated physical recruitment encounter frequently occur in mainland China. The
information could be cross-referenced from flight histories from the United Airlines hack, and
passport numbers from the Marriott Starwood hack. Due to the value its database would
contribute to already stolen stores of personal data, this report issues an advisory warning to the
DHS. The agency should work to bolster its cyber defense infrastructure, in addition to efforts to
detect malicious intruders in the database.

(4) This report revealed the extent to which Chinese intelligence services are working to gather
human intelligence in the US, and the ways in which the personal data collected on US citizens
might be used to help them in this process. While none of the data stolen in the OPM, Marriott
Starwood, and United Airlines are known to have turned up on the dark web, this report finds
that these data breaches present a significant national security risk to the United States and its
citizens.

I. Introduction: China’s computer network Avenger from the Marvel superhero universe, PLA
operations against the US: Group 61398 became the prime suspect in the
Cyber-attacks targeting the personally identifiable breach of the agency’s database. The ode to the
information of US citizens have occurred in different Avengers superhero was recognized as a trademark
ways, taking different attack vectors and targeting a of the shadow-hacker group, which was also
variety of data types. Nonetheless, the responsible for the hack of the health insurance
characteristics of the stolen data indicate that the company Anthem a few months prior. PLA Unit
Chinese government perpetrated these attacks. 61398, a state-sponsored Advanced Persistent
Understanding the nature of these attacks will Threat (APT), has been known to use the cyber
provide a basis to evaluate the goals and future offensive to advance political, economic, and military
targets of the Chinese state. objectives. However, as the group generally
conducts industrial and economic espionage, the
In April 2015, a security engineer at OPM detected motive for the Anthem and OPM hacks became less
unusual outbound traffic while conducting routine clear.
maintenance of the agency’s digital network. The
unexpected signal pinged a site called Ultimately, the data breach on OPM compromised
opmsecurity.org, which the engineer did not over 4 million federal employees’ information.
recognize as one of the official domains of OPM. The OPM’s digital archives contain roughly 18 million
OPM network was being breached, but it was copies of Standard Form 86, a 127-page
unclear by whom or for how long. When the domain questionnaire for federal security clearance that
name was traced to the pseudonym Steve Rogers, an includes personal information including Social

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

Security Numbers (SSNs); residency and educational numbers, email addresses, and date of birth, in
history; employment history; information about addition to the 5 million passport numbers that
immediate family and other personal and business were also exposed (Human Rights Watch 2017).
acquaintances; health, criminal and financial history;
personal background information, coupled with Data Type of data Potential uses
sensitive information including applicants’ breach
substance abuse; gambling habits; and psychiatric OPM: SF-86 background Counter-
care. The hackers gained access to the complete Attack 1: information on up to intelligence:
personnel files of 4.2 million employees, past and discovered 4.1 million rich in detail
present, including 5.6 million government employee March former/current about persons
fingerprints. The data compromised dates back to 2014. employees, of interest—
1985, though most of the data that was targeted was Attack 2: including: full previous
from the year 2000 onwards. May 2014; names, job history, workplaces,
Discovered relationships, names of
Several data breaches that have been attributed to April 2015 personal finances, colleagues,
the Chinese government have been discovered since. past substance foreign
In 2018, two Chinese hackers were indicted for their abuse/ psychiatric contacts, where
role in hacking into the US Navy Personnel files, care, etc.; they travel;
stealing personal data on more than 100,000 US Fingerprints of 5.6 Potential for
Navy personnel (Nakashima et al. 2018). The two million government blackmail.
hackers, thought to be working for the Ministry of employees; 21.5
State Security (MSS), stole data including names, million SSN
SSNs, date of birth, salary information, personal numbers
phone numbers, and email addresses. Anthem, the
US’s second-largest health insurer, experienced a
Marriott Travel information Names can be
data breach in which the data of over 80 million
Starwood: on up to 383 million matched with
former and current Anthem affiliates were stolen
2014; records lost, information
(Koerner 2016). The data stolen did not include
Discovered including: full from OPM.
private health records or credit card numbers, but
September names, phone With passport
rather seemed to target personal identification data
2018 numbers, email data and birth
including SSNs, income data, birthdays, street and
addresses, and date names, the
email addresses. In a similar attack on Community
of birth; 5 million travel history
Health Systems in August 2014, the personal
passport numbers. of an individual
information of over 4.5 million patients’ data was
could be pieced
stolen (Community Health Systems 2014). Again,
together.
the breach did not target intellectual property or
financial or medical information, but focused rather
on the names, addresses, birth dates, telephone
Anthem Data on 80 million Bolsters list of
numbers and SSNs of clients were stolen. And in May
Insurance: employees and information
2015, it was discovered that Chinese state-backed
April 2014; members of from OPM hack.
actors, again likely the PLA, had been accessing the
discovered Anthem, not
United Airlines’ database since April 2014
Jan 2015 involving private
(Khandelwal 2015). The breach compromised
health records or
information concerning flights, passengers and their
credit card
movements, including passenger names, date of
numbers, but
birth, departure and arrival locations. The breach of
exposing SSNs,
the Marriott Starwood hotel chains’ database,
income data,
discovered in September 2018, found that Chinese
birthdays, and street
state-backed actors had been accessing the database
and email
since 2014, compromising up to 383 million travel
addresses.
records. The records included full names, phone

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

communications infrastructure installed for

“national security” purposes (Mandiant). In addition,
97% of the 1,905 intruders observed by Mandiant in
their post-breach investigation had their IP
addresses registered in Shanghai, with language
keyboards set to use Simplified Chinese. The ability
Navy Information on over Personal info of to conduct such a long-running and extensive cyber
Personnel: 100,000 Navy military espionage campaign also suggests state-backed
2006 to personnel, personnel support.
2018; including: the
Indicted innames, SSNs, dates Evidence from the post-breach investigations of
Dec 2018 of birth, salary OPM and Anthem Health Insurance further implicate
information, PLA Group 61398. In the OPM and Anthem hacks,
personal phone PlugX was used; this was the same backdoor tool
numbers, and email that had previously been used by the Chinese
addresses hacking group to target political activists in Hong
Communit 4.5 million clients’ Names and Kong and Tibet (Koerner 2016). Similarly, the
y Health data stolen, personal info investigation into the Marriott Starwood breach
Systems: including: names, revealed that the hacking tools, techniques, and
August addresses, birth procedures were the signature of the same group
2014 dates, telephone (Bing 2018). And as mentioned previously, the
numbers and Social domain of “opmsecurity.org” was registered to
Security numbers “Steve Rogers,” member of the Marvel Comic the
United Data concerning Flight data Avengers, and a signature of Unit 61398.
Airlines: flights’ passengers could be used
April 2014 and their to cross- Some, including the Communist Party of China (CCP),
Discovered movements, reference travel have claimed that the cyber-attack could be
May 2015 including names, patterns of attributed to a cyber-criminal organization outside
their date of birth, persons of of the central government’s control (Carsten 2015).
and their departure interest While it is conceivable that a cybercriminal
and arrival organization would be motivated to steal personal
locations. information including SSNs and personal contact
information, three characteristics further point to
Figure 1: A catalog of data breaches thought to be the command of government resources.
perpetrated by Chinese state-backed actors (DHS
Flight Tracker). 1. The attackers maintained access to these
databases for extended periods—many months,
Several characteristics unique to these cyber-attacks and years in some incidences. The long and
point to the direct involvement of the Chinese sustained nature of the data breaches indicate
government. Evidence from several data breaches substantial resources available to the attackers.
implicate the Chinese military establishment, the
People’s Liberation Army. In an investigative report 2. None of the data has been published. Criminal
by Cybersecurity firm Mandiant, researchers found actors, motivated by financial gain, would be
conclusive evidence that implicated PLA Unit 61398, motivated to sell the personal information
the mission focus of which is signals intelligence, obtained from these data breaches. At the time
foreign language proficiency, and defense of this writing five years have passed from the
information systems (Mandiant). The report came to discovery of the initial data breaches; however,
this conclusion for the following reasons: the IP none of this data has surfaced on the dark web
addresses of several of the data breaches were or used for financially motivated crimes.
traced back to China, specifically a PLA-operated
building in Shanghai which had special fiber optic

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

3. The type of information stolen from the database reinstate Chinese control. In 1949, the CCP gained
indicate the support of a nation state. Although control over China and established the People’s
the databases targeted included financially Republic of China (PRC). The legacy of the century of
valuable information, the data breaches did not humiliation is evident from its two “hundred year
include information like credit card numbers, goals”, which set to (1) build a moderately
which would be the target of any financially prosperous society by 2021, when the CCP
motivated cyber-criminal. Considering the celebrates its centenary, and (2) build a modern
personal information that could have been socialist country that is prosperous, strong,
gained from the Marriott Starwood or the democratic, culturally advanced and harmonious by
Anthem Insurance data breaches, the selection of 2049. China’s development goals are also reflected
data that was compromised indicates a lack of in President Xi Jinping’s “China Dream”, which
financial motivation. aspires for the “great rejuvenation of the Chinese
nation” (Pillsbury 2016). Despite assurances from
Given the evidence and characteristics of these data President Xi that China “will not seek to dominate”,
breaches, the PLA intends to use this data to form a China’s plans for revitalization may put the country
database on American citizens. This report makes at odds with the U.S (Xi Jinping 2018).
the case that this database will be utilized by the
Ministry of State Security (MSS) through continued The fundamental goal of the CCP is to maintain
data collection operations and advances in big data control and domestic stability. China’s leaders seek
processing. The database will be a critical resource to expand China’s growing economic, diplomatic and
in the MSS’s efforts to identify, target, and recruit military presence in an effort to establish regional
American citizens to serve as informants for preeminence, and to expand the country’s influence
commercial, military, and political intelligence. internationally (The State Council 2015). As
geopolitical tensions in the Asia-Pacific intensify,
II. Goals of the threat actor China’s military has stated its determination in
Understanding the motivations and intentions of the safeguarding its interests in this region, and to
threat actor is critical in order to identify vulnerable safeguard and counter the US’s “rebalancing”
data types of data that the threat actor may target strategy in the region (The State Council 2015).
next, and to devise countermeasures to prevent and Another central goal of the CCP is to maintain its
mitigate the effects of the threat actor’s data legitimacy. The CCP secures its legitimacy from its
collection efforts. By identifying the Chinese ability to provide economic growth and stability
Communist Party (CCP)’s overarching foreign policy within China; without it, it fears that instability and
and domestic goals, in addition to understanding threats to the central party will follow. This concern,
operations of the Ministry of State Security and the coupled with the insecurity stemming from the
People’s Liberation Army, the we may begin to century of humiliation, explain China’s motivations
understand which types of data may be targeted in as a revisionist power. According to President Xi
the future, and what can be done to mitigate this Jinping’s long-term plans, China should be a top-
threat. ranked nation in innovation by 2035, and by 2050,
China should become a nation with pioneering
The Chinese Communist Party has evolved global influence. China’s 13th five-year plan (2016-
significantly since the establishment of the People’s 2020) calls for greater technology innovations and
Republic of China (PRC), as have its foreign policy socioeconomic reform. The “Made in China 2025”
and domestic goals. China’s long-term goals are plan, the AI Development Strategy are just two more
shaped by its history, of which its “century of of several initiatives to expand China’s global
humiliation” plays a critical role. Following influence and rise as an economic leader. China is
thousands of years of dynastic rule, the century of also striving to expand its soft power, evident in its
humiliation began in the mid 19th century with the development projects throughout sub-Saharan
Opium Wars, lasting until 1949, the founding of the Africa and South Asia (Heath 2018).
People’s Republic of China. This era was marked by
continuous foreign occupation by Western colonial China’s overarching goals shape the motivations and
powers and Japan, with several failed attempts to usage for the data collected. There is obvious

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

intelligence value for any country—ally or enemy— intelligence infrastructure from the Project 2049
to be gathered from the hacks on OPM, Marriott Institute found that Unit 61398’s targets included
Starwood, United Airlines, and various healthcare the US and Canada, with a focus on “political,
entities. But in the eyes of the CCP, the United States economic, and military-related intelligence” (Stokes
is a threat to China’s goals for regional dominance et al. 2011).
and expansion internationally. From US Naval
patrols of disputed territories in Pacific waters, to For a period of 18 months from 2015 to 2017, cyber
the US’s continued support of Taiwan, to US efforts offensive groups from China seemed to become less
to obstruct the business of Chinese companies like active. In June 2016, FireEye reported dramatic
Huawei and ZTE, the US has indicated that it may decreases in activity from 72 suspected China-based
present barriers to China’s goals. As the CCP is set on cyber espionage groups since 2014 (Mandiant).
rejuvenation and increasing its standing in the world, Reasons for this could include a bilateral agreement
the current global hegemon, by its actions and reached between Presidents Barack Obama and Xi
statements, may be perceived as a barrier to Jinping on cyber espionage in September 2015.
achieving the “China Dream”. One incidence of this While the two governments agreed that they would
might include the ban of export of computer chips not conduct or knowingly support cyber-enabled
from the US to China, thereby obstructing the commercial IP theft, the two countries did not agree
development and production cycles of to cease government espionage, which is a generally
supercomputing companies. It would be feasible for accepted activity.
the Chinese to seek to obtain other methods to
obtain access to the knowledge and production of
these computer chips. The collection of data on US
citizens enables the Chinese state to identify and
categorize US citizens of interest, whereupon they
may be targeted for intelligence gathering purposes.

III. Operations, capabilities, and modus operandi

of China’s state intelligence agencies

i. PLA Unit 61398 and the Strategic Support Force

The cyber-attacks targeting US citizens’ data has Figure 2: Organizational Structure of the People’s
been attributed to the People’s Liberation Army. Liberation Army’s GSD 3rd Department. Figure
Specifically, the PLA Unit 61398 has been identified adapted from Mandiant. Feb 2013. “APT 1: Exposing
as the culprit in several of these attacks, including One of China’s Cyber Espionage Units.”
OPM and Anthem Health Insurance. Unit 61398,
whose official name is China’s Military Unit Cover For a period of 18 months from 2015 to 2017, cyber
Designator (MUCD) 61398, functions as the PLA’s offensive groups from China seemed to become less
cyber command. As shown in Figure 2, the PLA active. In June 2016, FireEye reported dramatic
reports directly to the CPC’s Central Military decreases in activity from 72 suspected China-based
Commission. The PLA’s cyber command, including cyber espionage groups since 2014 (Mandiant).
Unit 61398, fall under the PLA’s 3rd General Staff Reasons for this could include a bilateral agreement
Department’s 2nd bureau. The 3rd General Staff reached between Presidents Barack Obama and Xi
department’s focus is on signals intelligence, foreign Jinping on cyber espionage in September 2015.
language proficiency, and defense information While the two governments agreed that they would
systems; it is likely that those working in the 2nd not conduct or knowingly support cyber-enabled
bureau have been responsible for the attacks commercial IP theft, the two countries did not agree
focusing on gathering data on US citizens, but other to cease government espionage, which is a generally
goals include economic and industrial espionage accepted activity.
(Mandiant). Publicly available resources confirm
that Unit 61398’s mission focus is on computer The PLA’s ambitious military modernization and
network operations, and a report on China’s signals organizational reforms may better explain the

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

decrease in activity. The establishment of the The Ministry of State Security follows some key
Strategic Support Force (SSF) reflects an innovation operating procedures. First, the MSS conducts most
in the military’s force structure, which ultimately of its intelligence operations from within mainland
seeks to optimize China’s capabilities in the space, China. The limited intelligence networks the
cyberspace and electromagnetic domains (Office of Ministry of State Security has abroad is rooted in the
the Secretary of Defense 2018). The centralization of 1970’s when President Deng Xiaoping banned the
the cyber warfare command under the Central use of cover posts in diplomatic missions for being
Military Commission (CMC) can be seen as part of a used for espionage purposes (Eftimiades 1994). This
greater effort to consolidate and optimize the PLA’s is reflected in Taiwan, where China has been most
capabilities in order to fight and win future successful in establishing an informant network. Of
“informatized” wars (Kania et al. 2018). more than a dozen Chinese espionage cases that
were studied from 2010-2014, only one occurred
Following the brief hiatus of cyber offensive outside of China, and this case remained an anomaly
operations, several cybersecurity firms including regarding the MSS’s normal operating procedure
CrowdStrike and FireEye reported a resurgence in (Mattis 2014).
cyberespionage efforts stemming from the PLA
(Johnson 2018; FireEye 2016). However, the
intrusions have become more difficult to detect.
Increasingly common is the use of generic “tools”,
leaving limited to no unique signatures, making
attribution difficult (Johnson 2018). While some of
this resurgence could be attributed to worsening
trade relations between the US and China, the lull
and increase in discreet cyber intrusions is likely to
be a result of the PLA’s cyber force restructure. The
establishment of the SSF indicates shifts in the threat
actor’s operations, which will be examined in the Figure 3: Command structure of Chinese intelligence
next section of this report. agencies under the CSSC. Figure adapted from Jane’s
By HIS Markit. 2017. “Chinese Legislation Points to
ii. Coordination within China’s intelligence agencies New Intelligence Coordinating System.”
While the PLA/SSF conduct the bulk of the cyber
offensive operations to collect data for the database, The stories of two American spy recruits further
the Ministry of State Security (MSS) is responsible supports the theory that the MSS prefers to lure
for interpreting and utilizing the information potential informants to mainland China before
collected. As China’s main foreign intelligence making an official proposal. Kevin Mallory, a former
service, the MSS’s efforts in gathering human CIA official, was sentenced by a US federal court to
intelligence is one of its key objectives. China’s new 20 years in prison for attempting to provide
National Intelligence Law, passed in June 2017, classified documents to an agent of the PRC (US
sought to facilitate cooperation between state Department of Justice). Mallory was struggling
intelligence agencies by establishing a “state financially when he was contacted via LinkedIn by a
intelligence work coordination mechanism” Chinese “headhunter”. The MSS operative then
(Hoffman et al. 2017). This cooperation may also be arranged a phone call between Mallory and another
enabled due to the central command structure of individual, under the guise of a job with a think tank
intelligence organizations within China (see Figure in Shanghai. Following two trips to Shanghai,
3). The coordination between the PLA and MSS may Mallory agreed to sell defense secrets to his new
further be supported by Xi Jinping’s drive for greater Chinese contacts. American college student Glenn
integration between the intelligence services within Shriver was likewise also recruited to spy for the
China and in the CCP’s push to integrate its MSS while in mainland China. During his study
cyberwarfare capabilities. abroad in China, he responded to a newspaper ad
asking for someone to write a white paper about
trade relations between the US, North Korea, and
Taiwan. He was approached by a woman who

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

offered him $120 for the essay and was to groom their source to establish rapport. Having
subsequently recruited to become an informant for established that the Ministry of State Security
the MSS (Mattis 2015). Similar efforts to recruit operatives rarely recruit outside of mainland China,
Western nationals through social media sites like it is likely that this process will take place through
LinkedIn have also been reported by intelligence virtual communications.
agencies in the United Kingdom and in Germany
(Federal Ministry of the Interior 2016; Burgess Step 4: Recruiting
2015). These separate incidences further support Step 4 of the spy recruitment process, “recruitment”
the idea that the MSS operates mostly within its own likely happens when the informant travels to
territory. And while it is possible that recruitment mainland China. The informant may travel on their
occurs outside of mainland China, historical patterns own or may be lured by Chinese intelligence services
of informant recruitment indicate that domestic under the guise of a career-related reason. The data
outreach is critical to the operation of Chinese collected from the United Airlines and Marriott
intelligence agencies. Starwood hacks could provide flight histories and
passport information of several million Americans,
Dozens of incidences of informant recruitment by informing the MSS on the travel patterns of these
Chinese intelligence services give credence to the individuals
theory that the MSS follows a step-by-step
recruitment process (Graff 2018, Stratfor Worldview Step 5: Handling
2019; Aatola 2019). Step 5 is the maintenance of the relationship
between informant and the intelligence apparatus.
Step 1: Spotting This is the method with which the informant would
Intelligence officials identify people of interest. The relay information back to the Chinese intelligence
OPM database provides a wealth of data for this; the agency, in addition to how the informant would
4.1 million SF-86 background check files of former receive further instructions. This step of the
and current federal government employees include recruitment process maintains an already
full names, full job histories, SSNs, and fingerprints. established link. Therefore, it is less likely to benefit
This gives intelligence services an idea of which from additional data/information on informants.
people may be of interest for targeting. Combined Focusing on steps 1-4 of the recruitment process –
with the Navy Personnel and Anthem Insurance identifying, targeting and recruitment of potential
databases, Chinese intelligence services can form a American informants, the report identifies several
broad database of the type of careers select vulnerabilities that may be targeted as a part of
individuals have, and the type of information these China’s informant recruitment process.
individuals may have access to, in both the private
and public sectors The evidence found in this report indicates the PLA
and MSS will target data that will aid them in their
Step 2: Assessing informant recruitment process—who to target, how
Once intelligence officials identify potential recruits, to target them, and when. The next section of the
they examine how those targets might be report will be dedicated to identifying data sources
encouraged to spy. Common motivators include that China will target to bolster its database on
money, belief in the cause, blackmail, and ego. The American citizens, followed by recommendations to
SF-86 background check information from the OPM protect against these vulnerabilities.
hack includes details on personal relationships,
personal finances, past substance abuse, gambling IV. High-value strategic targets and policy
addictions, psychiatric care etc. This type of recommendations
information provides a comprehensive playbook This report identifies three key data targets that
with which to lure or coerce potential spy recruits. would provide great utility for Chinese intelligence
agencies for their informant recruitment process in
Step 3: Developing the United States. These potential vulnerabilities can
Having identified and assessed their potential be mitigated through a set of solutions through the
targets, Chinese intelligence officials may then begin

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

use of counterintelligence measures, cybersecurity into the data brokers’ databases without detection,
best practices, and data privacy standards. contributing to the database on American citizens.

i. Target: Data broker companies Policy recommendation 1: Implement stricter

Regarding Step 1 of the recruitment process, cybersecurity standards and privacy regulations for
identifying potential informants, data that can data broker companies
provide basic knowledge on American individuals’ Currently, data broker companies’ data collection
names, jobs, and perhaps contact information would methods are wholly legal, as they collect information
be most valuable. Armed with data from the OPM from publicly available resources (including public
data breach, it is likely that Chinese intelligence records, commercial purchase history, and social
sources would like to target other background media). Though broker companies are subject to the
information resources, including the CIA and NSA’s Fair Credit Reporting Act (FCRA), several lawsuits
employee databases in its search. However, Chinese involving data broker companies indicate these
intelligence agencies have indicated that their companies are rarely held accountable for reporting
espionage goals are not limited to government incorrect information (Federal Trade Commission
agencies but includes the private sector in their 2014). This highlights the ease with which data
targets as well. Data broker companies, particularly brokers may collect and disseminate information.
those that specialize in “people searches”, hold a The FTC recommended that Congress consider
high value targets. These types of data brokers, legislation to account for the privacy and security
including companies like Acxiom, Datalogix and vulnerabilities, including the deletion of older data,
PeekYou, gather third party information on millions and to allow consumer to opt out and possess
of Americans including names, phone numbers, greater propriety over the data that is stored on
locations, emails, SSN, education information, job them, such as allowing consumers access to their
information, marital status and social media, data, and greater regulations on the collection and
providing a base from which Chinese could identify storage of sensitive data (DHS Flight Tracker). This
potential targets. The limited regulations regarding practice is supported by the National Institute of
the types and amount of consumer information Standards and Technology (NIST)’s Cybersecurity
make it relatively easy for data broker companies to Framework, which posits that an organization’s
amass information. However, the cybersecurity cybersecurity activities creates risks when personal
standards which these companies are held to are information is collected and used without
relatively lax. This is evidenced by an analysis of the consideration for privacy, and further the over-
top 100 data brokers in the US, of which only 25% collection or over-retention of personal information
encrypted their landing pages, and 50% encrypted may result in heightened security risks (NIST 2018).
login pages. Most data broker companies only Several states have begun to regulate the data
subscribe to security as a service offering, and collection and cybersecurity standards of data
security seals on their own are not effective broker companies. From January 2019, the state of
countermeasures (Haynes 2017). Vermont required that data brokers adopt
comprehensive security measures, and to publicly
In a report on data brokers’ collection of consumer disclose the companies’ data collection practices,
information, the Federal Trade Commission found opt-out policies purchaser credentialing practices,
several practices regarding storage and retention of and security breaches (Goldstick et al. 2019).
data that may impact the privacy and security of the
consumers about whom the data was collected This report suggests that the US federal government
(Federal Trade Commission 2014). The FTC has also establish a regulatory law concerning the data
taken action against data broker companies Reed collection practices and cybersecurity standards of
Elsevier and Seisint for security flaws that allowed data broker companies. By addressing both data
identity thieves to exploit the companies’ databases privacy and cybersecurity vulnerabilities, the risk of
(Federal Trade Commission 2008). These an intrusive data breach could be reduced.
cybersecurity vulnerabilities, coupled with the
unrestricted collection of personal data, presents the ii. Target: Open-source social media (LinkedIn)
perfect opportunity for PLA/SSF operatives to hack

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

Regarding steps 2 and 3 of the recruitment process, solution recommends counterintelligence measures
the “assessment” and “development” of a potential be taken against these so-called headhunters, in
spy recruit, Chinese intelligence operatives will seek addition to recommending user-based security
to gain a more in-depth understanding of potential practices.
spy recruits, and subsequently attempt to contact
these individuals. Open-source social media, such as First, identify and publicize fake profiles of Chinese
LinkedIn, would provide valuable background “headhunters”. US counterintelligence services
information on individuals, in addition to providing should work to identify and publicize the accounts of
a medium with which to “develop”, or “groom” the fake headhunters operating on LinkedIn. The
individuals for espionage. Social media sites, such as Clarifying Lawful Overseas Use of Data Act, or
LinkedIn, would be ideal for the MSS to reach out CLOUD Act, is a federal law enacted in 2018, which
and communicate with prospective informants. The established processes and procedures for US cloud
German intelligence service reported that MSS service providers to comply to law enforcement
operatives, posing as headhunters, targeted over requests for access to data in other countries, if a
10,000 German politicians, scientists, and other warrant or subpoena exists (Kris 2015). The CLOUD
professionals through LinkedIn. These headhunters Act, supported by the Department of Justice as well
reach out to people over LinkedIn, after which they as by major tech companies (including Microsoft,
“luring [them] with enticing offers and eventually Apple, and Google), would legally compel LinkedIn
inviting [them] to China, where the intelligence- to aid the US government in identifying these users.
gathering commences” (Federal Ministry of the LinkedIn has already complied to government
Interior 2016).The German intelligence service requests to remove fake profiles in the past,
reported that Chinese espionage efforts focused on including the deactivation of LinkedIn accounts that
industry, research, technology and the armed forces, German officials had identified as spies (Hernandez
in addition to gathering intelligence on German et al. 2017). LinkedIn may be able to pinpoint the
political processes, specifically anything that may actual identities of the headhunters on LinkedIn
pose a threat to the CCP’s monopoly on power from the “verification” data it gathers on users in
(Federal Interior of the Minister 2016). In the UK, China, courtesy of China’s Cybersecurity Law, passed
the MI-5 released a memo warning government in 2017 (Liao 2019).
workers that Chinese operatives were utilizing
LinkedIn social network to target government This law requires users to verify their identities
employee (Burgess 2015). William Evanina, the US through their phone numbers and a “real-name
counter-intelligence chief, also confirmed that verification process.” These legal requirements, part
Chinese intelligence agencies were also using fake of an effort to end digital anonymity in China, may
LinkedIn accounts to recruit Americans with access give LinkedIn hints of the true identities of the
to government and commercial secrets (Strobel et al. headhunters. While these users are likely to provide
2018). The fact that Chinese intelligence officers fraudulent identities, the phone numbers could be
rarely operate outside of mainland China increases traced to some organization or individual. With
the likelihood that they would take advantage of cooperation between the US government and
openly available social media connections. LinkedIn, the threat posed by China’s intelligence
sources to communicate with and recruit individuals
Policy recommendation 2: Counterintelligence and may be mitigated.
user-based cybersecurity recommendations for social
media platforms Second, develop user-based best practices. LinkedIn
LinkedIn is arguably one of the most useful social users should also be warned about the suspicious
media platforms with which Chinese intelligence behavior of fake headhunters operating on LinkedIn,
services may use to search, contact and recruit as well as the potential consequences of consorting
potential informants and other persons of interest. with these Chinese informant recruiters. Warning
Knowing that (1) China’s intelligence agents work social media users about this threat may fall in line
almost exclusively within the geographic confines of with similar efforts to educate social media users
mainland China, and (2) several past incidences of how to other fake accounts, such as with Russian
informant recruitment have begun online, the

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

bots and trolls during the US Presidential Election in V. Challenges and limitations to analysis and
2016 (Aneia et al. 2018). implementation of these recommendations
Due to the nature of cyber espionage and the
By taking an active stance on identifying, removing analysis of intelligence issues, it is impossible to fully
and warning about the threat of Chinese operatives understand or be certain of the threat actor’s goals
operating on LinkedIn, the vulnerability of openly or plans, nor is it possible to devise detailed security
available data resources may be reduced. Effectively plans for the suggested targets in the previous
enforcing these measures will make it more difficult section. While publicly available statements from the
for China’s intelligence officials to assess, target and PLA and from independent analysts suggest that
communicate with potential informants. coordination efforts between the PLA and MSS is
likely, there has been no official confirmation from
the Chinese government or from US intelligence
services. In addition, the cybersecurity
iii. Vulnerability: DHS Flight Tracker vulnerabilities of the DHS are not disclosed to the
Step 4 of the spy recruitment process, the actual public for obvious reasons, but as a result the report
“recruitment”, generally occurs when individuals cannot anything more than a blanket advisory for
travel to China. Through the United Airlines and the DHS to defend against this threat. Further, the
Marriott Starwood hacks, Chinese intelligence views portrayed in this report are based off a review
services likely have information on the flight of publicly available government publications and
patterns of United passengers, in addition to five statements, journal articles, and news articles.
million passport numbers. This information will be Although the evidence presented in this report
key in the MSS knowing when and where to engage suggested certain behaviors and motivations, this
with persons of interest. The DHS’s flight tracker report by no means claims all-encompassing
contains passport numbers and the arrival and understanding of the motivations and operations of
departure flight history for individuals’ dating five the Chinese government. Security experts should
years back. Combined with the passport information consider the threat posed to forms of media that
stolen from the Marriott Starwood hack, Chinese could provide personal information about
intelligence officials could cross reference the individuals, particularly data that could be used to
information from the DHS flight tracker to identify blackmail individuals (Reddit accounts, dating app
the travel patterns of targeted individuals (DHS information, etc.).
Flight Tracker).
Additionally, the recommendations presented in this
Policy recommendation 3: Strengthening cyber report may encounter legal challenges. The Federal
defenses of the DHS Flight Tracker Trade Commission recommended greater
The DHS should be advised that its information has transparency, accountability, and cybersecurity
high strategic value for Chinese intelligence agencies. standards for data broker companies five years ago.
The department should seek to bolster its cyber Despite progress on this issue in the state of
defense infrastructure, in addition to increase its Vermont, there will likely be challenges to enacting
efforts to detect malicious intruders in the database. federal regulations on this issue. And although
With the SSF’s operations becoming increasingly LinkedIn has shown a willingness to remove and
well-concealed, it is likely that an intrusion may not publicize the identities of the MSS operatives
be noticed until it is too late. And while a diplomatic recruiting Western intelligence sources, China’s
solution, like that of the 2015 agreement to cease Cybersecurity Law and the Personal Information
commercial IP theft resulted in a slowdown in Security Specification (2018) requires firms to store
hacking activity, it is unlikely that either country data locally in China, thereby preventing some of the
would come to a agreement to halt intelligence information regarding flagged profiles to be shared
gathering operations. Coupled with inherent with Western governments (Kirkpatrick 2018).
difficulties with attribution and the current state of
US-China relations, a cyber cease-fire in this VI. Conclusion
situation is unlikely. While none of the data stolen in the OPM, Marriott
Starwood, and United Airlines hacks have had

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

immediately damaging effects to individuals, this the future. The US government and its citizens need
report found that this data may be used to identify, to understand the magnitude of this threat. While
target, and recruit US citizens as spies for the this report identifies key strategic targets and
Chinese state. This use case would present a recommendations, there are still countless other
significant threat to the national security of the databases that can, and will, be targeted. With an
United States and its citizens. Amidst increasing understanding of what Chinese intelligence
tension between the US and China and the operations are hoping to accomplish, the US can be
revamping of the Strategic Support Force, it is likely better equipped to mitigate this threat.
that we will see more utilization of this database in

References Constitution.”
Aaltola, Mike. 2019. “Geostrategically Motivated Co- https://www.verfassungsschutz.de/embed/annu
option of Social Media.” Finnish Institute of al-report-2016-summary.pdf
International Affairs. https://www.fiia.fi/wp- Federal Trade Commission. 2008. “Agency Announces
content/uploads/2019/06/bp267_geostrategical Settlement of Separate Actions Against
ly_motivated_co-option_of_social-media.pdf Retailer TJX, and Data Brokers Reed Elsevier and Seisint
Aneja, Arpita, Sandra Ifraimova,. 2018. “How to Spot a for Failing to Provide Adequate Security for
Russian Bot.” Time Magazine. Consumers Data.” Federal Trade Commission.
http://time.com/5274785/how-to-spot-a- https://www.ftc.gov/news-events/press-
russian-troll/ releases/2008/03/agency-announces-
Armerding. 2016. “The OPM Breach Report: A Long Time settlement-separate-actions-against-retailer-tjx
Coming.” CSO Online. Federal Trade Commission. 2014. “FTC Recommends
https://www.csoonline.com/article/3130682/th Congress Require the Data Broker Industry to be
e-opm-breach-report-a-long-time-coming.html More Transparent and give Consumers Greater
BBC News. 2018. “Xi Jinping says China ‘will not seek to Control over their Personal Information.” FTC.
dominate.’” BBC News. https://www.ftc.gov/news-events/press-
https://www.bbc.com/news/world-asia-china- releases/2014/05/ftc-recommends-congress-
46601175 require-data-broker-industry-be-
Bing, Christopher. “Exclusive: Clues in Marriott Hack more?utm_source=govdelivery
Implicate China – Sources.” Reuters. Ambassador Chas W. Freeman. “China’s Challenge to
https://uk.reuters.com/article/uk-marriott- American Hegemony: Remarks to the
intnl-cyber-china/clues-in-marriott-hack- Global Strategy Forum.” Middle East Policy Council.
implicate-china-sources-idUKKBN1O504B https://www.mepc.org/speeches/chinas-
Burgess, Christopher. 2015. “Beware where you share: challenge-american-hegemony
British Intelligence Cautions Employees Against FireEye. 2016. “Redline Drawn: China Recalculates its Use
LinkedIn.” Clearance Jobs. of Cyber Espionage.” Fireeye ISight Intelligence.
https://news.clearancejobs.com/2015/08/21/b https://www.fireeye.com/content/dam/fireeye-
eware-share-british-intelligence-cautions- www/current-threats/pdfs/rpt-china-
employees-linkedin/ espionage.pdf
Carsten, Paul, Mark Hosenball. 2015. “China’s Xinhua says Goldstick, Samuel D, Jennifer L Rathburn, Aaron K
US OPM hack was not state- Tantleff. “Ringing in 2019 with New State Privacy
sponsored.” Reuters. and Data Security Laws Impacting Data Brokers
https://www.reuters.com/article/us-china-usa- and Insurers.” Foley and Lardner LLP.
cybersecurity/chinas-xinhua-says-u-s-opm-hack- http://www.mondaq.com/unitedstates/x/77187
was-not-state-sponsored- 0/Security/Ringing+in+2019+with+New+State+
idUSKBN0TL0F120151202 Privacy+and+Data+Security+Laws+Impacting+D
Community Health Systems, Inc. 2014. “United States ata+Brokers+and+Insurers
Securities and Exchange Commission.” Sec.gov. Graff, Garrett M. 2018. “China’s 5 Steps for Recruiting
https://www.sec.gov/Archives/edgar/data/110 Spies.” Wired.
8109/000119312514312504/d776541d8k.htm https://www.wired.com/story/china-spy-
DHS Flight Tracker. https://i94.cbp.dhs.gov/I94/#/home recruitment-us/
Nicholas Eftimiades. 1994. Chinese Intelligence Haynes, Alex. 2017. “Are Data Brokers Actually Secure?”
Operations. Naval Institute Press. Info Security. https://www.infosecurity-
Federal Ministry of the Interior. 2016. “Brief Summary: magazine.com/opinions/are-data-brokers-
2016 Report on the Protection of the actually-secure/

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

Heath, Timothy. 2018. “China’s Pursuit of Overseas https://www.lawfareblog.com/preliminary-

Security.” RAND Corporation. thoughts-cross-border-data-requests
https://www.rand.org/content/dam/rand/pubs Liao, Rita. 2019. “LinkedIn Now Requires Phone Number
/research_reports/RR2200/RR2271/RAND_RR2 Verification for All Users in China.” Tech Crunch.
271.pdf https://techcrunch.com/2019/01/09/linkedin-
Hernandez, Javier C and Melissa Eddy. 2017. “Germany real-name-phone-number-verification-china/
Accuses China of Using LinkedIn to Recruit Mandiant. “APT 1: Exposing One of China’s Cyber
Informants.” The New York Times. Espionage Units.” Mandiant.
https://www.nytimes.com/2017/12/11/world/ https://www.fireeye.com/content/dam/fireeye-
asia/china-germany-linkedin.html www/services/pdfs/mandiant-apt1-report.pdf
Hoffman, Samantha and Peter Mattis. 2017. “Chinese Mattis, Peter. “China’s Espionage Against Taiwan (Part 1:
Legislation Points to New Intelligence Analysis of Recent Operations)” The Jamestown
Coordinating System.” Jane’s By IHS Markit. Foundation.
https://www.janes.com/images/assets/183/741 https://jamestown.org/program/chinas-
83/Chinese_legislation_points_to_new_intelligenc espionage-against-taiwan-part-i-analysis-of-
e_co-ordinating_system.pdf recent-operations/
Mirani, Leo, Max Nisen. 2014. “The nine companies that
Human Rights Watch. 2017. “China: Police ‘Big Data’ know more about you than Google or Facebook.”
Systems Violate Privacy, Target Dissent.” Human Quartz. https://qz.com/213900/the-nine-
Rights Watch. companies-that-know-more-about-you-than-
https://www.hrw.org/news/2017/11/19/china- google-or-facebook/
police-big-data-systems-violate-privacy-target- Nakashima, Ellen, David J Lynch. 2018. “U.S. charges
dissent Chinese Hackers in Alleged Theft of Vast Trove of
Xi Jinping’s speech marking the 40th anniversary of the Confidential Data from 12 Countries.” The
country’s reform and opening up to the market Washington Post.
economy, at the Great Hall of the People on https://www.washingtonpost.com/world/nation
December 17, 2018. al-security/us-and-more-than-a-dozen-allies-to-
https://www.youtube.com/watch?v=MILBtNHX condemn-china-for-economic-
4rQ espionage/2018/12/20/cdfd0338-0455-11e9-
Johnson, Tim. 2018. “China Backed Off From Hacking US b5df-5d3874f1ac36_story.html
Companies. Now it is at it again.” McClatchy. National Institute of Standards and Technology. 2018.
https://www.mcclatchydc.com/news/nation- “Framework for Improving Critical Infrastructure
world/national/national- Cybersecurity, Version 1.1.”
security/article212666139.html https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.C
Kania, Elsa B, John K Costello. 2018. “The Strategic SWP.04162018.pdf
Support Force and the Future of Chinese Office of the Secretary of Defense. 2018. “Annual Report
Information Operations.” The Cyber Defense to Congress: Military and Security Developments
Review. Involving the People’s Republic of China 2018.”
https://cyberdefensereview.army.mil/Portals/6 Department of Defense.
/Documents/CDR%20Journal%20Articles/The% https://media.defense.gov/2018/Aug/16/20019
20Strategic%20Support%20Force_Kania_Costell 55282/-1/-1/1/2018-CHINA-MILITARY-
o.pdf?ver=2018-07-31-093713-580 POWER-REPORT.PDF
Khandelwal, Swati. 2015. “United Airlines Hacked by Michael Pillsbury 2016. The Hundred Year Marathon:
Sophisticated Hacking Group.” The Hacker News. China’s Secret Strategy to Replace American as
https://thehackernews.com/2015/07/united- the Global Superpower. St. Martin’s Press.
airlines-hacked.html The State Council Information Office of the People’s
Kirkpatrick, Keith. 2018. “Borders in the Cloud.” Republic of China. 2015. “China’s Military
Communications of the ACM Strategy.” http://eng.mod.gov.cn/Press/2015-
https://cacm.acm.org/magazines/2018/9/2305 05/26/content_4586805.htm
63-borders-in-the-cloud/fulltext Stokes Mark A, Jenny Lin, L.C. Russell Hsiao. 2011. “The
Koerner, Brendan L. 2016. “Inside the Cyberattack that Chinese People’s Liberation Army
Shocked the US Government.” Wired. Signals Intelligence and Cyber Reconnaissance
https://www.wired.com/2016/10/inside- Infrastructure,” Project 2049 Institute (2011): 8
cyberattack-shocked-us-government/ http://project2049.net/documents/pla_third_de
Kris, David. 2015. “Preliminary Thoughts on Cross-Border partment_sigint_cyber_stokes_lin_hsiao.pdf
Data Requests.” Lawfare. Stratfor Worldview. 2019. “Beware: Iran and China Use
LinkedIn to Recruit Spies.” The National Interest.

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019

Journal of Science Policy & Governance THREAT ASSESSMENT: DATA COLLECTION ON US CITIZENS

https://nationalinterest.org/blog/buzz/beware- https://threatconnect.com/blog/opm-breach-
iran-and-china-use-linkedin-recruit-spies-65761 analysis-update/
Strobel, Warren and Jonathan Landay. 2018. “Exclusive: United State Department of Justice. 2019. “Former CIA
US accuses China of ‘super aggressive’ spy Officer Sentenced to Prison for Espionage.” US
campaign on LinkedIn.” Reuters. Department of Justice.
https://www.reuters.com/article/us-linkedin- https://www.justice.gov/opa/pr/former-cia-
china-espionage-exclusive/exclusive-us-accuses- officer-sentenced-prison-espionage
china-of-super-aggressive-spy-campaign-on-
linkedin-idUSKCN1LG15Y
Threat Connect Research Team. 2015. “OPM Breach
Analysis: Update.” Threat Connect.

Ming (Sherry) Chen is a recent graduate of the Master’s in Cybersecurity Policy program at Georgia Tech, where
she also received her Bachelor’s in International Affairs. Her interests include technology and policy, especially as
they pertain to national security. Her previous work includes research on AI and technology developments in
China and Russia.

Acknowledgments
The author would like to acknowledge Dr. Jaclyn Kerr and the staff at the Center for Global Security Research for
their guidance and support, and Dr. Milton Mueller for his contributions in the preparation of this manuscript.

www.sciencepolicyjournal.org JSPG., Vol. 15, Issue 1, October 2019