NBC News reported yesterday that, according to the US Secret Service, hackers linked to the Chinese government stole at least $20 million in COVID relief benefits, including unemployment payments in “over a dozen states”:

The theft of taxpayer funds by the Chengdu-based hacking group known as APT41 is the first instance of pandemic fraud tied to foreign, state-sponsored cybercriminals that the U.S. government has acknowledged publicly, but may just be the tip of the iceberg, according to U.S. law enforcement officials and cybersecurity experts.

The Secret Service considers APT41 to be a “Chinese state-sponsored, cyberthreat group that is highly adept at conducting espionage missions and financial crimes for personal gain.” Ominously, experts believe Chinese hackers “are still inside state information technology systems,” which are especially vulnerable to attack: “State agencies across the country continue to struggle against invisible online attackers, many lacking the proper funding and expertise to secure their online benefits systems.” 

Speaking on condition of anonymity, officials suggest that “other federal investigations of pandemic fraud also seem to point back to foreign state-affiliated hackers.” As I recently noted (“Did Russian Gangs Steal More from US Taxpayers Than We Gave Ukrainians to Defend Themselves?”), similar concerns apply to Russian involvement in unemployment benefits fraud:

One expert, Haywood Talcove of LexisNexis Risk Solutions, “estimates that at least 70% of the money stolen by impostors ultimately left the country, much of it ending up in the hands of criminal syndicates in China, Nigeria, Russia and elsewhere.” Talcove added, “These groups are definitely backed by the state.”

Republicans in Congress have taken notice of Russian and Chinese involvement in the unprecedented fraud inflicted on pandemic unemployment benefits. The late Rep. Jackie Walorski (R-IN) introduced a House resolution in July seeking clarity on how much foreign criminals stole. The legislation directs the Secretary of Labor to provide Congress all documents related to unemployment benefits that flowed to “criminal syndicates and fraudsters in foreign countries,” including in Russia and China. The current House Democratic majority rejected the resolution, but it will likely be revived under the new Republican majority, which has pledged to make oversight of pandemic fraud an investigative priority. 

Estimates of the scale of improper unemployment benefit spending during the pandemic currently start with at least $163 billion, according to the US Department of Labor’s Inspector General (IG), and only grow from there. Recent federal and state reports provide additional context behind the enormous—and still indefinite—losses:

• A September 30 audit report from the US Department of Labor’s IG found that, during the first six months of the pandemic, in four tested states an “estimated $30.4 billion of the $71.7 billion in PUA and FPUC benefits were paid improperly (42.4 percent).” PUA is the temporary federal Pandemic Unemployment Assistance program that was especially susceptible to fraud and FPUC is the temporary federal program that initially increased all unemployment benefit checks by $600 per week.
• An October 31 audit by Arizona’s Auditor General revealed that the Arizona Department of Economic Security “paid over $4.3 billion, or 37 percent, of federal CARES Act UI benefits during fiscal years 2020 and 2021 to alleged fraudsters who had stolen identities of 1.1 million unique claimants.” Fraudulent payments ranged up to $35,400 per claimant, according to the audit.
• A November 15 audit by the New York State Comptroller rebutted the New York Commissioner of Labor’s testimony that the department had prevented $36 billion in fraudulent claims. “Not only could we not verify the accuracy of the Department’s claims of $36 billion in fraudulent claims prevented, but, as Department officials stated, the Department cannot accurately determine how many fraudulent claims were actually paid and thus need to be recovered,” the audit stated.

Billions more have been lost under other pandemic relief programs, including the Paycheck Protection Program and the Economic Injury Disaster Loan program, with precious little recovered so far. Linda Miller, the former deputy executive director of the federal government’s Pandemic Response Accountability Committee, summarized the scale of the losses this way: “Whether it’s 350, 400 or 500 billion, at this point, the horse is out of the barn.”

The post Secret Service: Hackers Linked to the Chinese Government Stole at Least $20 Million in COVID Benefits appeared first on American Enterprise Institute – AEI.