Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...

“Store (Steal) Now—Decrypt Later”

Was the Chinese hack of the U.S. Treasury primarily a “Store Now—Decrypt Later” operation? Or, more aptly, a “STEAL Now—Decrypt Later” strategy?

The December 2024 breach of the U.S. Treasury Department, attributed to China, has been widely reported as an espionage operation targeting unclassified data.

According to The New York Times, the attackers exploited a vulnerability in BeyondTrust’s remote support software, enabling access to workstations and data.

Yet, I found it curious that no reporting considered the possibility that part of the hack could have been a “Store Now—Decrypt Later” operation.

Let’s explore why that possibility warrants serious attention.

What is Store Now—Decrypt Later?

“Store Now—Decrypt Later” (SNDL) refers to the strategy of collecting encrypted data today, intending to decrypt it once quantum computing technology matures.

Quantum computers, when fully developed, will likely render most current encryption obsolete, allowing adversaries to unlock vast troves of previously inaccessible information.

This strategy has been widely attributed to China, known for its long-term, strategic approach to espionage.

As one expert quoted in BBC reporting on the hack stated, “China traditionally takes a very long and strategic view of how they conduct their espionage and intelligence operations.”

The Treasury Hack: More Than Meets the Eye?

While the breach is reported to have targeted unclassified data, it’s improbable that everything accessed by the hackers was unprotected. Even if a significant portion of the stolen data was readily accessible, there’s a strong likelihood that some encrypted data was also collected.

Encryption remains a cornerstone of securing sensitive information within government institutions, meaning any robust operation like this would likely seize everything of potential value—encrypted or not.

The fact that the reporting emphasizes espionage rather than disruption—a hallmark of a data-gathering operation—further supports this theory.

As Richard Forno, assistant director of the University of Maryland, Baltimore County Cybersecurity Institute, stated in a BBC report, “It’s more generic information gathering: Let’s see what we can get into, and see what we can find.”

But what happens when they steal encrypted data? They store it.

The Quantum Advantage

An essential aspect of the SNDL strategy is its reliance on time. Encrypted data stolen today may be worthless in its current state but could become a goldmine once quantum computers achieve decryption capability.

A quote from The Economist underscores this chilling reality:

“Criminal groups are targeting intellectual property and other kinds of data that will keep their value years from now when they decrypt it. This means that as quantum computers scale, there will be ‘submarine decryptions’ of data troves that will surface unexpectedly, just like submarines in water.”

This long-term view aligns perfectly with China’s strategic approach. By systematically collecting encrypted data during operations like the Treasury breach, they position themselves to exploit future quantum breakthroughs, potentially gaining access to decades of sensitive communications, financial information, and intellectual property.

A Strategic Blind Spot

The reporting on the Treasury breach has largely framed it as a current threat, focusing on the immediate implications of the data stolen.

However, failing to consider the potential for SNDL tactics risks underestimating the long-term implications of such cyberattacks.

If quantum-resistant encryption methods are not adopted swiftly and widely, today’s encrypted data will be tomorrow’s open book.

This should serve as a wake-up call not only for the government but also for private organizations, which remain equally vulnerable to quantum-enabled decryption.

Conclusion

The hack of the U.S. Treasury may indeed have exploited a vulnerability in BeyondTrust’s software, enabling attackers to access unclassified data.

But the absence of evidence suggesting encrypted data was collected does not mean it wasn’t. Given the scale of the breach, it’s highly likely that encrypted files were part of the haul, waiting for the day quantum computing renders them accessible.

China’s long-term, strategic approach to espionage makes the “Store Now—Decrypt Later” hypothesis not only plausible but probable. This underscores the urgency of developing and implementing quantum-resistant encryption to secure sensitive data for the future.

As Richard Forno also stated in the BBC report, “China traditionally takes a very long and strategic view of how they conduct their espionage and intelligence operations…the US tends to be much more reactive and much more interested in immediate and visible results.”

If we fail to act, today’s secure files may become tomorrow’s treasure trove for adversaries with the patience to wait—and the technology to decrypt.

Additional Reading

Disclaimer

IPProbe.Global is a service to the professional IP community. While every effort has been made to check the information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPProbe.Global. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and is not intended to provide legal or other professional advice.

Did you find this post useful?
I agree to have my personal information transfered to MailChimp ( more information )
Join other IP protection professionals, i.e., investigators, attorneys, and brand protection specialists and receive updates straight to your inbox.
We hate spam. Your email address will not be sold or shared with anyone else.

Ron Alvarez is an IP investigations and protection consultant and writer in South Florida. He is a former NYPD lieutenant where he investigated robbery, narcotics, internal affairs, and fine art theft cases. Ron has since coordinated the private investigation of international fraud and money laundering cases, as well as IP-related investigations and research involving the four pillars of IP: copyright, patents, trademarks, and trade secrets. Ron is a graduate of the FBI National Academy and earned a B.A. in Government and Public Administration from John Jay College of Criminal Justice in Manhattan. He has written a number of articles for various investigative publications, as well as publishing "The World of Intellectual Property (IP) Protection and Investigations" in November 2021. In 2022 he published the revised edition of his first murder/mystery novel "Pilgrimage to Ruin" and in 2024 he published his Quantum spy thriller novel "Bird in the Cage."

0 comments on ““Store (Steal) Now—Decrypt Later”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...

Discover more from IP PROBE - Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading