Category Archives: Department of Homeland Security

Trump Admin Trying to Get a Cyber Doctrine

Posted on by

October is national cyber awareness month, frankly every month and every day should be an awareness day.

octo | Office of the Chief Technology Officer

So, back in late 2017, the House passed by a voice vote H.R. 3559 – Cybersecurity and Infrastructure Security Agency Act of 2017. As you may guess, it is stalled in the Senate.

Meanwhile, in an effort to mobilize and consolidate cyber operations for the United States, there is no consensus within Congress. Should every government agency has a cyber division? Should the United States be able to perform counter cyber attacks? What kind of a cyber attack on the United States constitutes an act of war?

Just last month, Politico published a piece stating in part:

Recent reports that Russia has been attempting to install malware in our electrical grid and that its hackers have infiltrated utility-control rooms across America should constitute a significant wakeup call. Our most critical infrastructure systems are vulnerable to malicious foreign cyberactivity and, despite considerable effort, the collective response has been inadequate. As Director of National Intelligence Dan Coats ominously warned, “The warning lights are blinking red.”

A successful attack on our critical infrastructure — power grids, water supplies, communications systems, transportation and financial networks — could be devastating. Each of these is vital to our economy, health and security. One recent study found that a single coordinated attack on the East Coast power grid could leave parts of the region without power for months, cause thousands of deaths due to the failure of health and safety systems, and cost the U.S. economy almost $250 billion. Cyberattacks could also undermine our elections, either by altering our voter registration rolls or by tampering with the voting systems or results themselves.

The op-ed was written by retired General and former CIA Director David Petraeus who is arguing: “Our grab-bag approach isn’t working. Gen. David Petraeus says it’s time to go big.”

Actually, I agree with General Petraeus on his position. Last month also, John Bolton on the White House National Security Council declared that the U.S. is going on the offensive. Yet in an interesting article, Forbes offers a point and counter-point to that argument.

Last week, President Trump spoke to world leaders about how China is interfering in U.S. elections via the cyber realm. While no evidence has been offered, that is not to say there is no evidence, it is a common tactic of China. Additionally, the United States is offering robust assistance to NATO allies.

Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official.

The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers on Wednesday and Thursday.

Katie Wheelbarger, the principal deputy assistant defense secretary for international security affairs, said the U.S. is committing to use offensive and defensive cyber operations for NATO allies, but America will maintain control over its own personnel and capabilities.

The decision comes on the heels of the NATO summit in July, when members agreed to allow the alliance to use cyber capabilities that are provided voluntarily by allies to protect networks and respond to cyberattacks. It reflects growing concerns by the U.S. and its allies over Moscow’s use of cyber operations to influence elections in America and elsewhere.

“Russia is constantly pushing its cyber and information operations,” said Wheelbarger, adding that this is a way for the U.S. to show its continued commitment to NATO.

Wheelbarger told reporters traveling to NATO with Mattis that the move is a signal to other nations that NATO is prepared to counter cyberattacks waged against the alliance or its members.

Much like America’s nuclear capabilities, the formal declaration of cyber support can help serve as a military deterrent to other nations and adversaries.

The U.S. has, for some time, considered cyber as a warfighting domain, much like air, sea, space and ground operations. In recent weeks the Pentagon released a new cybersecurity strategy that maps out a more aggressive use of military cyber capabilities. And it specifically calls out Russia and China for their use of cyberattacks.

China, it said, has been “persistently” stealing data from the public and private sector to gain an economic advantage. And it said Russia has use cyber information operations to “influence our population and challenge our diplomatic processes.” U.S. officials have repeatedly accused Moscow of interfering in the 2016 elections, including through online social media.

“We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of a crisis or conflict,” the new strategy states, adding that the U.S. is prepared to use cyberwarfare along with other military weapons against its enemies when needed, including to counter malicious cyber activities targeting the country. Read more here.

Not to be left out is North Korea.

The Department of Homeland Security, the Department of the Treasury, and the Federal Bureau of Investigation have identified malware and other indicators of compromise used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

For more information, see:

Yup, in closing…..we agree with General Petraeus….it is long overdue to go big and go NOW.

Well, the Report Declares 22 Million Not 11 Million Illegals

Posted on by

State by State: The Cost of Illegal Immigration ...

Foreign nationals are increasingly gaining the ability to influence American elections more directly. They’re being granted the right to vote.

From Boston, where the city council is debating the move, to San Francisco, where noncitizens gained the right earlier this month in school-board elections, jurisdictions are looking to expand the boundaries of the electorate beyond its citizens.

***

Primer: This was compiled by Yale and MIT. Have you considered how many U.S. House Representatives exist from districts where illegals and foreign nationals are the majority? 20? 10? 40?

Context: The Democrats on the Dreamer thing were and are willing to sacrifice the interests of 325 million Americans in order to gain unconditional amnesty for 3.4 million illegal aliens.

The number of undocumented immigrants in the United States: Estimates based on demographic modeling with data from 1990 to 2016

In part: Our analysis has two main outputs. First, we generate what we call our conservative estimate, using parameter values that intentionally underestimate population inflows and overestimate population outflows, leading to estimates that will tend to underestimate the number of undocumented immigrants. Our conservative estimate for 2016 is 16.7 million, well above the estimate that is most widely accepted at present, which is for 2015 but should be comparable. Our model as well as most work in the literature indicates that the population size has been relatively stable since 2008; thus 2015 and 2016 are quite comparable. For our second step, recognizing that there is significant uncertainty about population flows, we simulate our model over a wide range of values for key parameters. These parameter values range from very conservative estimates to standard values in the literature. We sample values for each key parameter from uniform distributions over the ranges we establish. In our simulations, we also include Poisson population uncertainty conditional on parameter values, thus addressing the inherent variability in population flows. Our simulation results produce probability distributions over the number of undocumented immigrants for each year from 1990 to 2016. The results demonstrate that our conservative estimate falls towards the bottom of the probability distribution, at approximately the 2.5th percentile. The mean of the 2016 distribution is 22.1 million, which we take as the best overall estimate of the number of undocumented immigrants based on our modeling approach and current data. We also show the variability in our model based on the simulations for each year from 1990 through 2016.

***

Population inflows

Population inflows are decomposed into two streams: (I) undocumented immigrants who initially entered the country legally but have overstayed their visas; and (II) immigrants who have illegally crossed the border without being apprehended. We describe our approach for each source, explain the basis for our assumptions and why they are conservative, and list parameter ranges for the simulation.

(I) Visa overstays are estimated using Department of Homeland Security (DHS) data for 2016, the first year for which visa overstays were comprehensively measured [5]. To apply this data in our context we also gather data for non-immigrant visas issued for all years from 1990 [6]. For our conservative estimate we assume that for each year the rate of overstays was equal to the 2016 rate. Calibration of our model shows that this assumption is in fact quite conservative. In particular, approximately 41% of undocumented immigrants based on the current survey data approach are visa overstayers [7], which translates to a visa overstay population of 4.6 million in 2015. Our model however predicts the number of overstayers to be less than this (even though our overall estimate of the number of undocumented immigrants is higher). That is, in our model most undocumented immigrants are not overstayers, and the model produces an estimate of the number of overstayers below the estimate produced in the conventional approach based on survey data. We compute that we would need to set the visa overstay rate above the DHS 2016 rate, specifically 1.1 times that rate, for our conservative estimate to generate as many overstayers as the 4.6 million in the 11.3 million estimate. Since many overstayers leave or adjust their status within a few months of their visa expiration date, we make a further conservative adjustment and count as overstayers only those individuals who have overstayed more than 1 year. For the simulation, we set the visa overstay rate equal to the 2016 rate multiplied by a uniform draw from the range [0.5,1.5]; consistent with the discussion above, this is a relatively conservative range.

(II) Illegal Border Crossers: We estimate illegal border crossers through application of the standard repeated trials (capture-recapture) model [810]. The model requires as inputs statistics on the total number of border apprehensions, the number of individuals apprehended more than once in a year (recidivist apprehensions), and estimates of the deterrence rate—the fraction of individuals who give up after being apprehended and do not attempt another crossing. Given these inputs, the repeated trials model generates estimates of: (i) the apprehension rate—the probability an individual is caught trying to cross the border; and (ii) the total number of individuals who are not apprehended (they may be caught one or more times but cross successfully on a later attempt) and enter the interior of the country illegally—the number of illegal border crossers in a year. We discuss data sources and potential weaknesses of this approach here; more information and mathematical details are provided in the Supporting Information.

DHS [10, 11] provide figures for the total number of border apprehensions for every year in our timespan. They also provide information on the number of recidivist apprehensions and estimates of the deterrence rate for every year from 2005. Based on these figures and estimates they provide an estimate of the apprehension rate for each year from 2005 to 2015. Their estimate is 35% for 2005 and increases steadily, to above 50% by the end of the sample period. From their estimates we are able to derive directly estimates of the number of illegal border crossers for each of these years. For earlier years (1990 to 2004) we must make further assumptions. Our assumptions are about the apprehension and deterrence rates, since these have been addressed in the literature; in turn we are able to generate estimates of the number of illegal border crossers in earlier years based on these assumptions (see the Supporting Information for analytic details).

Most experts agree that the apprehension rate was significantly lower in earlier years [12, 13]. A recent study [12] using data from the Mexican Migration Project estimates this rate for every year from 1990 to 2010; estimates in the 1990’s begin from the low twenties and range upwards to approximately 30%. A second study estimates the rate for 2003 at around 20% [13]. Given these estimates, and the general view that apprehension rates have risen, for our conservative estimate we assume that the apprehension rate in years 1990-2004 was equal to the average rate in years 2005-10 or 39%; this is well above the rates discussed in the literature for earlier years and thus tends to reduce our estimate of the number of undocumented immigrants since it implies a larger fraction are apprehended at the border. For our simulation we assume a uniform distribution over the range [0.25,0.40] for the earlier years, still above the average rates in the literature for these years.

Additional facts support the view that the apprehension rate has increased in recent years. The number of border agents has increased dramatically over the timespan of our analysis [14], and the number of hours spent by border agents patrolling the immediate border area has increased by more than 300% between 1992- 2004 [15]. Further, new infrastructure (e.g., fences) and technologies (e.g., night vision equipment, sensors, and video imaging systems) were also introduced during this period [15]. Thus the apprehension rate we use for earlier years almost certainly overstates the actual apprehension rate and therefore underestimates the number of successful crossings. However, we note that these additional border resources may have been concentrated in certain locations and it remains a possibility that apprehension rates were higher in earlier years. We note finally that in using data only on Southern Border crossings we again are conservative in our approach, not accounting for illegal crossings along other borders.

Notwithstanding our view that we make conservative choices in setting up our model and parameter values, we acknowledge that border apprehension rates for the 1990’s are not based on as well-developed data sources as estimates for more recent years. Thus it remains a possibility that these rates are higher than we believe. One aspect of this uncertainty concerns deterrence. When deterrence is higher border crossings will fall. Most researchers believe deterrence has increased in recent years [8, 12]. We note that reference [12] estimates that the probability of eventual entry after multiple attempts on a single trip in the 1990s is close to one, indicating almost no deterrence in the earlier period. One piece of evidence in support of this is data on the voluntary return rate, which refers to the percentage of individuals apprehended at the border who are released back to their home country without going through formal removal proceedings and not being subjected to further penalties. Voluntary returns are thus not “punished” and thus are less likely to be deterred from trying to cross the border in the future, compared with individuals who are subjected to stronger penalties. The voluntary return rate has fallen in recent years, from 98% between 2000 and 2004 to 84% between 2005 and 2010. Thus, at least based on this measure deterrence efforts have increased. However, this does not conclusively demonstrate that deterrence was lower in earlier years and it remains a possibility that it was higher, which would tend to reduce our estimates of the number of undocumented immigrants. In conclusion we note that although there is much uncertainty about the border apprehension rate, it would have to be very high, above 60% for earlier years, in order to generate estimates of the 2015 population of undocumented immigrants in the range of the current widely accepted estimate of just over 11 million (this is based on analyzing our model using the conservative estimate values for all other parameters). This seems implausible based on our reading of the literature.

Population outflows

Population outflows are broken into four categories: (I) voluntary emigration; (II) mortality; (III) deportation; and (IV) change of status from unauthorized to lawful.

(I) Voluntary emigration rates are the largest source of outflow and the most uncertain based on limited data availability. It is well accepted that voluntary emigration rates decline sharply with time spent in the country [16]; thus we employ separate emigration rates for those who have spent one year or less in the U.S., 2-10 years, or longer. We use the following values for our conservative estimate. First, for those who have spent one year or less we assume a voluntary emigration rate of 40%. This estimate is based on data for the first-year visa overstay exit rate (the fraction of overstayers who left the country within one year from the day their visa expired) for 2016 [17], which is in the lower thirty percent range (the rate for 2015 is similar). We note that the rate for visa overstayers is very likely a substantial overestimate for illegal border crossers, who are widely viewed as having a lower likelihood of exiting in the first year, especially in more recent years [12]. The 40% first-year emigration rate that we assume is well above the standard values in the literature [4, 12, 16, 18], which range from 1% to 25%. Hence this assumption contributes to making our estimate of the number of undocumented immigrants in the country a conservative one. For years 2-10 we assume a rate of 4% per year. This is the upper bound among estimates in the literature, which lie between 0.01 to 0.04 [4, 16, 18]. Lastly, for years 10 and above, published estimates of the emigration rate typically fall around 1%; we set this rate to 1% per year in line with these estimates. Note that given the extremely high 40% emigration rate that we assume for those who have only been in the country for one year or less, overall annual emigration rates in our model simulation are significantly higher than those found in the literature or government sources. To further enhance the conservatism of our model, we assume that all undocumented immigrants present at the beginning of 1990 have been here for only one year. Read the whole report here.

Hezbollah Financier Arrested in Tri-Border Area

Posted on by

(New York, NY) – Prominent Hezbollah financier Assad Ahmad Barakat, designated as a global terrorist by the U.S., was arrested Saturday in the border region between Brazil, Argentina, and Paraguay.

photo and more details here.

Barakat is wanted by Paraguayan authorities for identity theft and by Argentine authorities for money laundering on behalf of Hezbollah. He operated Hezbollah’s financial network in the Tri-Border Area (TBA) of South America, and owned several businesses that conducted money laundering activities to generate funds for the terrorist group. Barakat, who has close ties with Hezbollah’s leadership, was the group’s chief of military operations and fundraising in the TBA in the 1990s.

The U.S. Department of the Treasury designated “Assad Ahmad Barakat” as a Specially Designated Global Terrorist pursuant to Executive Order (E.O.) 13224 on June 10, 2004.

Assad Ahmad Barakat is a U.S.-designated key Hezbollah financier who has operated in the Tri-Border Area (TBA) of South America––the region that straddles the borders of Paraguay, Brazil, and Argentina.* Barakat, who has close ties with Hezbollah’s leadership, was the group’s chief of military operations and fundraising in the TBA in the 1990s.* He operated Hezbollah’s financial network in the region, and owned several businesses of his own that conducted money laundering activities to generate funds for the group.* Barakat was indicted by Paraguay in 2001, and served a six-and-a-half-year prison sentence in the country after he was arrested in Brazil in 2002.* He was released from Paraguayan custody in 2009.* He is wanted by Paraguayan authorities for identity theft and by Argentine authorities for money laundering on behalf of Hezbollah in an Argentine casino. In September 2018, Brazilian police arrested Barakat near the Paraguayan and Argentine borders.*

In the mid-1980s, Barakat immigrated from Lebanon to Paraguay to escape the Lebanese Civil War.* He soon began operating several businesses based in Ciudad del Este, Paraguay, including Apollo Import Export and Mondial Engineering and Construction, through which he conducted money laundering schemes to generate funds for Hezbollah.* Barakat also operated additional businesses based in Lebanon, Chile, and the United States, at times with the assistance of his brothers Hatem and Hamzi.* He also collected funds for Hezbollah by pressuring Lebanese shopkeepers in the TBA to pay a quota to the group under threat of putting their family members on a “Hezbollah blacklist.”* Barakat regularly sent large sums of money to the group in Lebanon and Iran and even personally carried funds to Lebanon, traveling with a Paraguayan passport as of 2000.*

In addition to his direct fundraising roles, Barakat reportedly served as the deputy financial director of a mosque in Brazil, as the deputy for another Hezbollah financial official, Ali Muhammad Kazan, and eventually as the primary liaison in the TBA for Hezbollah’s Secretary General Hassan Nasrallah.* He was also reportedly one of two individuals in charge of distributing counterfeit U.S. currency in the TBA.* As of 2001, Barakat reportedly traveled to Lebanon and Iran annually to meet with Hezbollah’s leadership.*

*** Born in Lebanon, his Place of residence is Foz do Iguacú, Brazil; Iquique, Chile; Ciudad del Este, Paraguay (as of 2006) currently in Brazilian custody.

Barakat was also involved in planning Hezbollah’s military operations. He was an organizer and key financier of Hezbollah’s 1994 bombing of the AMIA Jewish community center in Buenos Aires that killed 85 people and injured over 300.* Barakat relayed information to Hezbollah’s leadership about Arabs in the TBA who traveled to the United States or Israel. He regularly hosted and attended meetings with other senior Hezbollah leaders in the TBA, such as one meeting in Brazil in the fall of 2000 at which they discussed potential assassination plots. Authorities later discovered videos on Barakat’s personal computer of violent Hezbollah military operations in Lebanon.*

In 2001, Paraguay indicted Barakat on charges of association, abetment of crime, and tax evasion, and an international warrant was issued for his arrest. In response, Barakat fled the TBA that October.* However, he was arrested by Brazilian authorities in Foz do Iguaçu, Brazil, on June 22, 2002, and extradited to Paraguay that December, where he served a six and a half-year prison sentence.*

Barakat was designated as a Specially Designated Global Terrorist by the U.S. Department of the Treasury on June 10, 2004. Two of his businesses, Casa Apollo and Barakat Import Export Ltda., were also designated at the time for their involvement in generating support for Hezbollah.*

Barakat was released from Paraguayan custody in 2009, though Paraguay reportedly lost track of his whereabouts since.* According to the Brazilian Federal Police, Barakat continued to operate on behalf of Hezbollah in Argentina, Brazil, and Chile. Argentine police accused him of money laundering at a casino in the Argentine city of Puerto Iguazu. In August 2018, Brazil’s supreme court authorized Barakat’s arrest after Paraguay issued an arrest warrant. On September 21, 2018, Brazilian police announced they had arrested Barakat in Foz do Iguaco, Brazil, near the border with Paraguay and Argentina. It remains unclear whether or to where he may be extradited.

 

Massive Social Security Fraud, 40 Million Americans

Posted on by

Last week, the Immigration Reform Law Institute (IRLI) revealed massive identity fraud by illegal aliens in the United States, potentially affecting nearly 40 million Americans.

In April of this year, IRLI filed a Freedom of Information Act (FOIA) lawsuit against the Social Security Administration (SSA) seeking records related to the Obama-era decision to halt sending “no-match” letters to employers. According to the Justice Department’s website, a “no-match” letter is a “written notice issued by the SSA to an employer, usually in response to an employee wage report, advising that the name or Social Security number (SSN) reported by the employer for one or more employees does not “match” a name or SSN combination reflected in SSA’s records.” The long-held practice of sending the letters had been used to prevent fraud through the use of stolen SSN data by illegal aliens and other criminals.

Days after former President Obama implemented the Deferred Action for Childhood Arrivals (DACA) amnesty program, his administration announced the decision to stop sending “no-match” letters to employers. This decision led to a thriving SSN black market where illegal aliens are drawn to obtain an American’s information for employment. The SSN of children have proven to be especially valuable as they can be used undetected for years. However, when these children reach adulthood and begin to apply for college, car loans, credit cards, or other needs, many learn they have criminal records attached to their identities.

Specifically, IRLI’s investigation uncovered that from 2012 to 2016, there were a whopping 39 million instances where names and SSNs on W-2 tax forms did not match the legitimate Social Security records. Additionally, over $409 billion was added to the Earnings Suspense File (ESF), which holds any uncredited wages that cannot be correctly matched in the SSA’s database.

Previously, the SSA has estimated that seventy-five percent of illegal aliens possess a SSN— either one stolen from an American citizen, or legal resident, or one that has been made up entirely. Not only is this practice troublesome from an immigration law standpoint, but can actually be quite problematic for Americans, or legal residents, who have their SSNs stolen. In addition to receiving Internal Revenue Service (IRS) letters and audits accusing them of having income they are not claiming or having their benefits blocked, reconciling a compromised identifier is estimated to cost thousands of dollars and take years of effort.

The Trump administration did announce this summer that it would begin resuming notice letters to employers and third-part providers informing them of any mismatches. However, it is truly up to Congress to rectify this situation for all parties involved.

In July, House Judiciary Committee Chairman Bob Goodlatte (R-VA) introduced the bipartisan AG and Legal Workforce Act (H.R. 6417) – legislation that would mandate E-Verify, the effective web-based program that ensures a legal workforce. Furthermore, the legislation would protect against identity theft by requiring the Social Security Commissioner to notify individuals whose SSN demonstrates a pattern of unusual use; as well as assist Americans who believe their identity may have been stolen or used fraudulently.

Congress is required to protect American citizens and their interests above all else. It would be shrewd for them to remember that before the November midterms.

Hat tip.

Meanwhile:

The Trump administration will admit no more than 30,000 refugees to the U.S. in the coming year, Secretary of State Mike Pompeo said, down from the current cap of 45,000.

Pompeo announced the lowered ceiling during a press conference Monday at the Department of State headquarters in Foggy Bottom.

Pompeo said the 30,000 cap “must be considered in the context of the many other forms of protection and assistance offered by the United States” and should not be “sole barometer” to measure the country’s humanitarian efforts.

The hawkish turn demonstrates President Donald Trump’s willingness to push hard-line immigration policies in the run-up to the November midterm elections — even after his controversial “zero tolerance” border enforcement policy led to thousands of family separations and a court order to reunify parents and children.

Equifax had Evidence of Chinese Espionage Before the Hack

Posted on by

Fascinating that there is always more to the story. Remember, this was/is confidential and personal data. Further, Alibaba is a Chinese international holding company that is a counterpart to Amazon and specializes in artificial intelligence based in Hangzhou, China.

The General Accounting Office issued a report on Equifax. The GAO analysis detailed the steps Atlanta-based Equifax has taken since the breach to prevent similar attacks in the future. Last year, hackers had found a vulnerability in Equifax servers that gave them access to customer login credentials.

The report said the hackers hid in Equifax’s system for more than two months and mined data for credit card numbers, drivers licenses and social security numbers. The breach led the agency to make $200 million in security upgrades.

WSJ: Two years before Equifax Inc. stunned the world with the announcement it had been hacked, the credit-reporting company believed it was the victim of another theft, only this time at the hands of Chinese spies, according to people familiar with the matter.

In the previously undisclosed incident, security officials feared that former employees had removed thousands of pages of proprietary information before leaving and heading to jobs in China. Materials included code for planned new products, human-resources files and manuals.

Equifax went to the Federal Bureau of Investigation and the Central Intelligence Agency. Investigators from the company and the FBI came to view events at Equifax as potentially a huge theft of data—not of consumers’ personal data, as happened with the subsequent 2017 hacking of Equifax’s files, but of confidential business information.

Equifax security officials briefed the then-chief executive, Richard Smith, at a fall 2015 meeting, spreading high stacks of paper across the length of the boardroom table. The voluminous printouts represented what they feared was stolen. Adding to suspicions, the Chinese government had recently asked eight companies to help it build a national credit-reporting system.

At one point, Equifax grew so worried it began building a way to monitor the computer activity of all of its ethnic-Chinese employees, according to people familiar with the investigation. The resource-heavy project, which raised legal concerns internally, was short-lived.

Some investigators believed Equifax’s intense focus on the matter contributed to a delay in the company’s understanding the extent of the 2017 hack of consumers’ information, an event that hammered Equifax’s stock, cost some executives their jobs, including Mr. Smith, and damaged the company’s reputation.

Ultimately, the previously undisclosed investigation undertaken by the FBI stalled. The FBI wanted to pursue a criminal case, believing the theft of trade secrets costs the U.S. hundreds of billions of dollars a year, with China the leading offender, said people familiar with the investigation. Equifax began to worry about legal exposure and how onerous the inquiry could become, according to these people, and eventually reduced its cooperation with law enforcement.

That left many of the questions raised by the investigation, both about Equifax and about China, unresolved.

This account of the events at Equifax is based on people familiar with the investigation.

Equifax, in a written statement, said it became aware in 2015 of “efforts by a former employee to obtain company information, and launched an internal investigation into his activities.” The company “brought the investigation to the attention of U.S. law enforcement authorities and cooperated with the federal agencies,” Equifax said.

“Although this individual had improperly obtained proprietary Equifax information,” the statement said, “the information we determined was accessed was general in nature and not material or harmful to Equifax, consumers or our business clients.” Equifax said the company has “no evidence to suggest that consumer data or other personal information was compromised, or that this individual targeted this type of information.”

Equifax didn’t address in its statement whether it thought other employees were involved. A person familiar with the company’s thinking disputed the notion that Equifax reduced its cooperation with law enforcement in a probe it had itself triggered.

Representatives of the FBI and CIA declined to comment. The Chinese Embassy in Washington didn’t respond to requests for comment.

One of the former employees Equifax and the FBI investigated in connection with a possible business-information theft was Daniel Zou, who worked in Toronto. The company he joined in China was Ant Financial, a fast-growing financial-technology affiliate of Alibaba Group Holding Ltd. , founded by billionaire Jack Ma.

Both Ant and Mr. Zou denied any involvement in taking proprietary Equifax data. Alibaba referred questions to Ant.

Ant, based in Hangzhou, China, said it “has never used Equifax code, scripts or algorithms in the development of its own products and services.”

Mr. Zou, in a sworn statement provided by his lawyer, said, “I deny that I worked with or consulted with a network of Equifax colleagues to steal Equifax code for Ant Financial or that I provided any such code to Ant Financial.”

Interviewed by The Wall Street Journal in Washington, Mr. Zou, a 35-year-old Chinese-born Canadian citizen who graduated from the University of Toronto, repeated his denial and said that learning from the Journal of Equifax’s suspicions had been “a nightmare.”

Those suspicions arose in 2015, a few months after Mr. Zou left his job as an Equifax product manager to join Ant’s new credit-scoring business, which is known as Sesame Credit in English. Ant was among the companies asked by China’s central bank to develop credit-scoring services. Sesame launched its service in January 2015, several months before Mr. Zou came aboard.

Equifax’s data-loss prevention system, which guards against sensitive information leaving the corporate network, flagged the activities of Mr. Zou, according to people familiar with the investigation. The system alerted that an employee might have taken data off the network, and initially registered it as benign, they said.

Mr. Zou said in his interview with the Journal that, according to his understanding of how the system works, it would warn the person removing the data on the spot. He said he never received such a warning. Equifax declined to say whether that is how the system works or whether Mr. Zou received a warning.

At the same time, Equifax officials also had suspicions about a different employee, in another city. Equifax’s security chief, Susan Mauldin, approached the FBI with a question: What would it look like if we were being targeted by China?

FBI officials told her that in one common technique, a group makes plans to visit a company’s office to pitch a partnership, then at the last minute replaces delegation members with spies.

Around this time, a delegation from a Chinese business visited Equifax and swapped out some members at the last minute, fueling Equifax’s suspicions it was a target.

Company security officials decided to examine Mr. Zou’s computer activity. They discovered he had printed out thousands of pages of company information. The material related to the way credit scores are obtained, what different pieces of data mean and how to apply algorithms to assess troves of data, according to the people familiar with the investigation. They said some was information that could help explain products Equifax was working on.

At around the same time they were examining Mr. Zou’s systems, investigators discovered what they believed to be a major infiltration campaign. They found that other employees had sent code to their personal email accounts and uploaded it to software-development platforms others could access.

According to the people familiar with the probe, the investigators, by talking to Equifax employees and examining email accounts and LinkedIn messages sent to them, saw indications that recruiters purporting to represent Ant affiliate Alibaba had offered to triple salaries for certain ethnically Chinese Equifax employees—and provided instructions on specific Equifax information they should bring along if they jumped ship.

The investigators saw, as well, that Mr. Zou had searched the Equifax human-resources system to look up data analytics teams in the U.S. He had printed out contact information for many ethnic-Chinese employees, according to people familiar with the probe. They said some of those employees told colleagues they were later contacted by recruiters who claimed to be working on behalf of Alibaba.

The investigators found notes on Chinese messaging service WeChat in which another group of Equifax employees in North America, using their company-issued phones, arranged off-hours meetings to discuss work projects and left the company soon after, saying they were going to Ant or Sesame for big raises.

Ant said Mr. Zou is the only former Equifax employee it has hired since it began collecting employment history information in 2011. Ant said Mr. Zou began at its credit-scoring business in May 2015. It listed a five-figure starting salary for Mr. Zou and said he wasn’t promised any large bonuses.

Ant said it didn’t “directly or indirectly through third-party recruiters” encourage job applicants to steal Equifax information. Ant prohibits employees and recruiters from requesting such activity, the company said, adding that third-party recruiters aren’t authorized to make job offers on its behalf.

Ant said it hadn’t been contacted by Equifax or any government investigators about such matters. After receiving an inquiry from the Journal about Mr. Zou, Ant said, it investigated his information-technology activities and found no evidence he had ever provided Ant with any Equifax code, scripts or algorithms.

Mr. Zou said he worked in marketing and didn’t have access to Equifax code, algorithms and other proprietary information; never took any to Ant; wasn’t asked to; and never encouraged others to.

“I deny that I searched an internal Equifax human resources database to recruit Equifax employees to join Ant Financial,” Mr. Zou said in the sworn declaration provided by a lawyer. “I further deny that I printed contact information for ethnic-Chinese Equifax employees as part of an effort to recruit such employees to join Ant Financial.”

In the Journal interview, Mr. Zou said, “I think [where] this might come from is that during my time at Equifax I had a habit of sending work-related documents to my own email so that I could work at home. If any of those contain [any] of what they call the alleged proprietary information, right after I left Equifax and before I went back to China, I deleted them all. And I did not share that with anybody.”

If investigators were alarmed by his email practices, Mr. Zou said, “I think that’s a huge misunderstanding.”

Mr. Zou also said he printed out employee contact information for projects that required him to work with global colleagues. “Equifax Canada did not want to reinvent the wheel from beginning,” he said, “so my job was to piggyback the success case” from the company’s U.S., U.K. and Latin American regions.

He said he disposed of all the documents before moving to China and joining Ant, and he denied targeting any ethnicity. “If you search a data analytics team, the likelihood is high that you will reach a Chinese employee,” he said.

Mr. Zou said he had never been contacted by Equifax or any government authorities about data theft, and learning he was suspected caused him “emotional turmoil.”

Although Equifax had gone to the FBI—and although the bureau was eager to pursue the matter—Equifax officials by the middle of 2016 had grown wary of providing more information to federal investigators.

Equifax worried that doing so could trigger requirements under securities law for disclosure of material information, said the people familiar with the investigation. They said Equifax also was concerned that handing over access to its entire network, including international operations, as the FBI had requested, could run afoul of obligations in some countries where Equifax operates.

Around the middle of 2016, Equifax told its internal investigators to comply with any potential subpoenas but to stop proactively providing information to law enforcement, said the people familiar with the investigation.

The person familiar with Equifax who disputed the notion the company directed employees to be uncooperative said: “As the investigation progressed, we did ask that requests for information be passed through our legal office to ensure we were adhering to standard legal protocols.”

Equifax continued to monitor certain employees through 2016 and 2017. It eventually confronted several ethnically Chinese employees over activities found in its investigation, who left before the company took further action, according to people familiar with the probe.

FBI officials in Atlanta got the impression from Equifax’s then-CEO, Mr. Smith, and legal staff that the company didn’t believe it generally had information valuable enough to be the target of a major Chinese campaign.

Mr. Smith told colleagues even if thieves had taken code, they didn’t have Equifax’s consumer data, which meant the theft wouldn’t pose a competitive threat. Moreover, Equifax didn’t see a material impact on current operations because the information that appeared to have been stolen related to products in development, not to existing ones.

The U.S. attorney’s office in Atlanta ultimately determined it didn’t have evidence the suspected thefts were directed by the Chinese government, a top priority for law enforcement. The prosecutors decided they wouldn’t pursue a case against any individual, since Equifax wasn’t eager to do so, and since what former employees were suspected of taking was corporate information, rather than anything directly affecting U.S. consumers.

The U.S. attorney’s office declined to comment.

Then, in September 2017, came blockbuster news from Equifax: the disclosure that a hacking of its files had exposed highly sensitive personal data on more than 140 million Americans.

Equifax had learned six months earlier, in March 2017, of a software vulnerability, but waited months to fully check its encrypted traffic to see whether it had been breached. Only in July 2017 did Equifax realize the hack had exposed personal information, including Social Security numbers and dates of birth, of nearly half the U.S. population.

This delay was partially due to Equifax’s failure to resolve a dispute between its technology and information-security staffs at a time when top security people were focused on possible infiltration from China, in the opinion of some of the people familiar with the investigation.

The person familiar with Equifax’s thinking said the hack involved both human error and technological failure, and Equifax has been forthcoming about the causes.

In the weeks following the disclosure of that giant 2017 breach, Mr. Smith resigned, as did Ms. Mauldin and Equifax’s chief information officer, David Webb. All either couldn’t be reached or didn’t respond to requests for comment.

In January 2018, Chinese officials rolled out a state-backed credit-scoring company and gave Ant Financial an 8% stake.

Mr. Zou has returned to Canada. Ant transferred him from Sesame Credit to its Alipay international business unit in Hangzhou in mid-2017. On June 1 of this year, he moved to Alipay Canada in Vancouver.