Four Million Records!: The Meaning of Massive Cyber Intrusions

It has become common to wake up to news of yet another intrusion in America, or even Chinese systems by cyber hackers.  The deeper ignored question is just what does this mean?  What can someone really do with four million records of identity for United States government employees?

The simple answer is not much.  Obviously these individuals will have to be wary of various scams and email phishing attempts, but one should always be weary of this. Someone might try to blackmail individuals, or seek to obtain credit in someone’s name once their personal details are made know, but is this really a vital threat to national security?  I hate to be the bearer of bad news, but if one looks hard enough – just about anything about anyone can be found on the internet.


Instead, stealing information of four million employees sounds more like the plot behind a James Bond movie. Let’s set the scene, SPECTRE has its monthly meeting and everyone goes around the room.  The Eastern European division is driving down the price of oil betting against oil futures.  The Asian division is betting that increased tensions in the South China Sea will lead to diminished returns on investment in the area, possibly scuttling TPPA, to help this process along SPECTRE has stolen a Vietnamese ship to conduct a false flag operation to draw each side into conflict.  Finally we get to the China division.  Their plan, steal the records of four million U.S. government employees.

Bond confronts the villain.  “What do you expect to do with all this information Blofeld?”

“Blackmail of course Mr. Bond, and I expect you to die.”

This is all silly of course (and suggests I have been watching way too many Bond movies lately), but the point stands.  These low level intrusions and violations are typical in the cyber world now.  They speak more about the vulnerabilities and weaknesses in the target (a theme we emphasize on our new book Cyber War versus Cyber Realities).  The United States needs to focus on shoring up its defenses, and they have done that given this is how they recognized the intrusion.

A deeper question must be asked, what does four million records of data get you?  Nothing.  It is not like this information is easy to analyze or useful.  This is information that is unrefined and voluminous, just think about how massive a file of four million records would be.  As much as companies and the news media trumpets each new hack and violation, it is unclear how these intrusions translate into actionable pieces of information.  Instead these incidents are more of the typical explorations done by states in cyberspace as they test the limits of the domain.  By finding this violation and locking it down, it is unclear if this avenue of attack is even useful in the future.  For all that China likely got in exploring American networks, their ability to return to the scene of the crime is severely compromised.

Panic and hysteria in cyberspace as useless.  Violations will be constant, the real question we need to ponder is just what these violations mean.  They are violations of our privacy, but just how harmful are they?  What should the proper reaction be?  Certainly the offensive and accusations are not warranted.  If someone breaks into your home because your door was unlocked it is likely that the real responsibility lies in the weakness in security in the first place.  Protect vital information, do not make it easily accessible or even located in one place.  We need to learn this lesson or it might be much more painful the next time it happens, and it will happen again, and again, and again.