Play Live Radio
Next Up:
0:00
0:00

Spy balloons have the spotlight, but Chinese digital espionage has gone on for years

ARI SHAPIRO, HOST:

The alleged fleet of Chinese spy balloons and unidentified flying objects have captivated the nation and also brought increased scrutiny to American airspace. But the People's Republic of China has already stolen vast quantities of data from U.S. agencies and companies. The country's been doing it for more than a decade not by spying from the skies but by prowling the internet. NPR cybersecurity correspondent Jenna McLaughlin is here to give us the bigger picture. Hey, Jenna.

JENNA MCLAUGHLIN, BYLINE: Hey, Ari.

SHAPIRO: What's the cybersecurity community saying about the country's recent balloon obsession?

MCLAUGHLIN: Well, it's got a lot of cyber experts kind of scratching their heads a little bit because, I mean, they've been focused on Chinese espionage in cyberspace for quite a while. The balloon itself can seem ominous, and it's definitely caught the public's imagination. But the national security threat is fairly minimal. I spoke to Ben Read. He leads analysis on nation-state hacking at Google's Mandiant. And he tells me that Chinese digital espionage has gone on unabated, balloon or no balloon.

BEN READ: We've definitely continued to see Chinese intrusion activity. It has not stopped with the balloon. But we haven't really seen any relationship. Sort of the broad profile of attempts by the PRC to collect a lot of information sort of matches, but aside from that super-high-level overlap, I guess I can't draw any connections between them.

MCLAUGHLIN: In other words, the balloon fits into this overall pattern of collecting as much information as possible. But it's pretty hard to beat what you can collect in cyberspace. And China's been conducting digital intrusions for decades. In fact, Read actually mentioned that one of the first hacking groups his firm tracked was a Chinese cyberespionage group linked to the People's Liberation Army. And they had been stealing economic secrets since way back in 2006. Now there are dozens of groups in China alone that his team tracks.

SHAPIRO: OK. So tell us about one of the hacks that China pulled off and what the impact was.

MCLAUGHLIN: Sure. So one of the best examples, I think, is between 2013 and 2014, and that's when China breached the Office of Personnel Management, which is basically the human resources department of the entire federal government. They stole 22 million records from security clearance forms to fingerprints, and that data could be used for profiling, knowing who works in what agency, maybe even for the recruitment of intelligence assets. We don't really know for sure.

SHAPIRO: So that's the U.S. government. But we also know that China has hacked U.S. companies and individuals. I mean, how worried should folks be about that?

MCLAUGHLIN: I think a little more worried than about the balloon, perhaps. FBI and other U.S. agencies have been warning for a while about China's ongoing efforts to spy on dissidents as well as, you mentioned, steal economic information and industrial secrets. That includes everyone from telecom firms, defense companies, even massive hotel chain Marriott, where the hackers stole information on about 500 million hotel guests. They basically go where the data lives. For Ben Read at Mandiant, it's a pretty simple explanation.

READ: Computers are everywhere. Almost all information is on a computer somewhere.

MCLAUGHLIN: He explained that it's a pretty low risk to get the most large amount of information, whereas something like the balloon is actually limited by its vantage point and its capabilities.

SHAPIRO: OK, so balloon aside, what can a person or a company do to protect themselves against this kind of cyberespionage?

MCLAUGHLIN: Conveniently, the advice for basic cyber hygiene is similar across the board whether you're worried about Chinese espionage or a criminal ransomware attack. That includes installing two-factor authentication, using a password manager. The basics won't protect against every advanced attack, but it will make it harder.

SHAPIRO: That's NPR's Jenna McLaughlin. Thank you.

MCLAUGHLIN: Thanks.

(SOUNDBITE OF LIL WAYNE SONG, "SHOOTER FEAT. ROBIN THICKE") Transcript provided by NPR, Copyright NPR.

NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Jenna McLaughlin is NPR's cybersecurity correspondent, focusing on the intersection of national security and technology.