Chinese hackers have become such a persistent presence on American computer networks — both public and private — that sometimes their meddling slips by with little notice. Not this time.
Late last year, intruders stole the records of some 4 million U.S. government workers from a federal data center. The attack, disclosed last week and attributed to Chinese hackers, was linked to previous breaches at health insurers Anthem and Premera Blue Cross. And it included the records of workers who had applied for security clearances.
The implications are ominous. Embarrassing information dredged up in a background check could be used for blackmail. And social engineering attacks, such as spear phishing, are a lot easier when hackers have a wealth of personal material to work with.
And it’s not just individuals at risk. Applying big-data tools to such a vast trove might yield insights into U.S. intelligence and military strategy, expose a revealing web of government relationships, or find unexpected correlations that Chinese analysts could exploit. In short: This is bad. The U.S. would be within its rights to respond aggressively.
Restraint, though unsatisfying, is the prudent response. The U.S.-China relationship is complicated but strategically important. Even as the U.S. resists Chinese incursions into the South China Sea, it needs China’s cooperation in Afghanistan and elsewhere.
So what can and should U.S. officials do? For one, they can warn their Chinese counterparts that the U.S. has a lot of tools at its disposal, digital and otherwise, if these attacks continue. More diplomatically — and there are high-level talks scheduled for later this month — they should emphasize the benefits of a more trusting relationship between the two countries, including easier Chinese investment in U.S. markets and increased economic growth.