Articles - Privacy - February 16, 2020

Four Counterintelligence Reasons Why the Equifax Breach is Troublesome

admin February 16, 2020

0 479 5 min read

For years you’ve read on these pages how the Chinese government has been putting together a mosaic on every individual who enjoys the trust of the United States government. The criteria needed to be placed in the targeting hopper? Being entrusted with a U.S. government security clearance and access to the nation’s secrets.

In 2017 when the Equifax breach was first reported, we tied it to criminal entities, along with the breach of the Office of Personnel Management in 2014, when millions of SF-86s and background investigations went out the door to China’s intelligence. At that time, we assessed, based on industry analysis, that this was a financial crime and no nation state hand was evidenced.

This changed with the Department of Justice (DoJ) unsealing of the indictment of four People’s Liberation Army (PLA) officers from PLA’s 54^th Research Institute and charging them with the crime. The indictment makes clear that the PLA’s actions were comprehensive. “In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens.”

This also changes our analysis, and why we put forward four areas of concern for Field Security Officers. FSO’s should appropriately update their counterintelligence briefs of cleared individuals.

Cleared personnel and those who are employed by entities of interest to the Chinese should care about the targeting folio being put together by the PLA and other Chinese intelligence entities.

FOUR REASONS AREAS OF COUNTERINTELLIGENCE INTEREST:

1. Personal finances and continuous evaluation.

The number one adjudicative guideline resulting in security clearance denial is “Guideline F: Financial Considerations.” In 2019, the Defense Counterintelligence and Security Agency saw 522 cases which resulted in denial of appeals of security clearance denials associated with cases involving personal financial responsibility. While the OPM breach showed a great deal of information on those who had applied within the NISPOM world, it did not show those whose clearance adjudication fell within the Director Central Intelligence Directive (DCID). The Equifax data breach allows China’s analysts to do their own analysis and identify those whose finances would fall into the troublesome categories, and craft approaches to these individuals.

2. Your personal debt.

The first rule of an intelligence approach to an individual of interest is to ensure that their “boat floats.” The ability for the Chinese human intelligence (HUMINT) targeting analysts to use their own algorithms to determine who is at the cusp of financial insolvency due to medical, consumer, housing, education or any number of normal, but insurmountable items of debt will move an individual to the top of the targeting pool.