The US Department of Justice has leveled official allegations against a group of Chinese hackers who hacked American computer systems between 2006 and 2018. Among the most noteworthy was a hack of the United States Navy.
More than 100,000 sailors had their personal information stolen in the hack. This information included social security numbers, names, and phone numbers. The FBI and DOJ have identified the defendants as Zhu Hua and Zhang Shilong. Both of them allegedly belong to a Chinese state-sponsored hacking group.
The FBI and DOJ are determined to bring the criminals to justice, and most media outlets are claiming that the assailants intended to steal US intelligence. According to the FBI, the group’s hacking campaign was widespread:
“As alleged in the Indictment, from at least 2006 through 2018, the defendants conducted extensive campaigns of global intrusions into computer systems aiming to steal, among other data, intellectual property and confidential business and technological information from more than at least 45 commercial and defense technology companies in at least a dozen states, managed service providers (“MSP”), which are companies that remotely manage the information technology infrastructure of businesses and governments around the world, and U.S. government agencies.”
What will China do with the personal information? At the moment, there aren’t many details about what China’s intentions could be.
It’s possible there might not be much value in sailors’ personal information. But it is important to note that there is some unclassified information that could be of value. The DOJ did not disclose any further details so it’s unclear when or if the information will be made public.
We’re also not clear on which US Navy bases were impacted, and every base in each state serves specific functions. The one in Bethesda, Maryland, for example, trains US military doctors. The base in Cleveland, Ohio houses the Defense Finance and Accounting Service, where payroll is generated and other financial data is stored. The base in San Diego, California deploys all the troops to the Middle East.
We don’t know exactly which bases got hacked, but we do know 1 in 3 sailors had their information stolen. Troops are taught early on how valuable their secrecy is; most troops are taught that even a scrap of information could be used to gain an advantage on the enemy.
The hackers could connect the dots and extrapolate from the data stolen to get a more complete picture. They could even manage to get all the information about each troop’s geolocation or gather information about troops whose accounts did not get hacked. It would only take a little bit of guesswork, using the data hacked to create connections between each sailor.
The hackers had little trouble gaining access to the network. The Next Web reached out to the US Navy for more details regarding the leaked information. Navy spokesperson Lt. Cmdr. Liza Dougherty explained that the Navy ensures that personnel is immediately informed when their identity has been compromised. According to Dougherty, the Navy considers personal information very sacred (as it should).
Doughtery couldn’t add more to the conversation as the investigation was still ongoing and she couldn’t risk jeopardizing it.
The relationship between China and the US has been rocky in 2018. Both countries have had trust issues stemming from trade sanctions. The US public wants the majority of jobs to stay in the US but big corporations benefit from exporting their businesses to China, because of low labor costs.
But it seems the public’s concern might have triggered China into getting defensive and cutting ties with the US. When Huawei’s CFO was arrested due to allegations of illegal trading, the relationship drifted even further.
Now there’s a global war being fought on computers. And in the age of information, enemies can do harm without shedding blood. It will be hard to mend the relationship unless a neutral party gets involved to resolve matters between the US and China.