Every day, hundreds of American businesses and government organizations face the threat of hackers located in China. We’ve already written about some of the most significant data breaches that originated in China, such as the hack of the Office of Personnel Management that compromised the personal information and security clearance data belonging to millions of federal employees. But smaller infractions happen all the time, and their impact on victims is no less profound.
In response to what is increasingly becoming an international problem, the governments of the U.S. and China have agreed to negotiate what is being referred to as an “arms control” deal for the internet. The goal of this agreement is to stop hacks that have the potential to damage critical infrastructure in both countries, such as power stations and hospitals.
In a recent speech, Chinese President Xi Jinping appeared to deny the existence of state-sponsored hacks, saying that “the Chinese government will not engage in commercial theft or encourage or support such theft by anyone.” He added that “China is ready to set up a high-level, joint dialogue mechanism with the United States on fighting cybercrime.”
While this is certainly an important goal for two countries that are trying to maintain peaceful relations, many cybersecurity experts worry that it won’t be enough.
“This is one of the most complicated problems around. The consequences of not getting it right are immense,” Richard Bejtilich, chief security strategist of the FireEye cybersecurity firm, told Buzzfeed News. “Both China and the U.S. are eager to hammer something out because anything at this point would benefit either party immensely.”
However, he added, “that doesn’t mean that what they are going to hammer out will makes thing better on the ground.”
One major problem is that the potential deal appears to focus solely on the problem of protecting critical infrastructure — a term that does not cover theft of personal information. But recent news reports suggest that most hacking events tend to seek personal information, rather than focus on larger targets like power plants, precisely because of the higher potential returns. By using people’s names, birth dates, addresses and Social Security Numbers, thieves can create false financial accounts in their names and steal thousands of dollars.
This leads to the next problem that the U.S.-China deal won’t fix. It is likely that many, if not most, of the Chinese-based perpetrators are acting outside of the Chinese government’s sphere of control. This would make it difficult for any deal — even one that put a greater emphasis on identity theft — to have the desired effect.
The truth is that as long as personal financial data is stored on the internet, there will be people who try to steal it. Consumers can only rely on their governments to do so much to protect them. At a certain point, they need to take their security into their own hands.
Luckily, it is possible to be proactive by signing up for a credit monitoring services. This can provide the best protection by alerting you to certain activity on your credit file that may be indicative of fraud.