China Should Not Recklessly Hack, but Hack More Responsibly! By James Reed
China has been implicated in “reckless” over-the-top hacking, excited having their bird in the White House. But for peace, maybe the hacking needs to go back to more business-as-usual levels, rather that the industrial scale that it is now being conducted on, with sharp shooters being rung in to the CCP team?
“For years, China seemed to operate at the quieter end of the state-sponsored-hacking spectrum. While Russia and North Korea carried out hack-and-leak operations, launched massively disruptive cyberattacks, and blurred the line between cybercriminals and intelligence agencies, China quietly focused on more traditional—if prolific—espionage and intellectual property theft. But a collective message today from dozens of countries calls out a shift in China's online behavior—and how its primary cyber intelligence agency's trail of chaos increasingly rivals that of the Kim Regime or the Kremlin.
On Monday, the White House joined the UK government, the EU, NATO, and governments from Japan to Norway in announcements that spotlighted a string of Chinese hacking operations, and the US Department of Justice separately indicted four Chinese hackers, three of whom are believed to be officers of China's Ministry of State Security. The White House statement casts blame specifically on the MSS for a mass-hacking campaign that used a vulnerability in Microsoft's Exchange Server software to compromise thousands of organizations around the world. It also rebukes the ministry for partnering with contract organizations that engaged in for-profit cybercrime, turning a blind eye to or even condoning extracurricular activities like infecting victims with ransomware, using victim machines for cryptocurrency mining, and financial theft. "The PRC’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts," the statement reads.
That long list of digital sins represents a significant shift in Chinese hackers' modus operandi, much of which China watchers say can be traced back to the country's 2015 reorganization of its cyber operations. That's when it transferred much of the control from the People's Liberation Army to the MSS, a state security service that has over time become more aggressive both in its hacking ambitions and in its willingness to outsource to criminals.
"They go bigger. The number of hacks went down, but the scale went up," says Adam Segal, director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations, who has long focused on China's hacking activities. That's in no small part because the nongovernment hackers that the MSS works with don't necessarily obey the norms of state-sponsored hacking. "There does seem to be kind of greater tolerance of irresponsibility," Segal says.
The MSS has always preferred using intermediaries, front companies, and contractors over its own hands-on operations, says Priscilla Moriuchi, a nonresident fellow at Harvard's Belfer Center for Science and International Affairs. "This model in both HUMINT and cyber operations allows the MSS to maintain plausible deniability and create networks of recruited individuals and organizations that can bear the brunt of the blame when caught," says Moriuchi, using the term “HUMINT” to mean the human, non-cyber side of spying operations. "These organizations can be quickly burned and new ones established as necessary."
While those contractors offer the Chinese government a layer of deniability and efficiency, though, they also lead to less control of operators, and less assurance that the hackers won't use their privileges to enrich themselves on the side—or the MSS officers who dole out the contracts. "In light of this model, it is not surprising to me at all that MSS-attributed cyber operations groups are also conducting cybercrime," Moriuchi adds.
The White House statement as a whole points to a broad, messy, and in some cases unrelated collection of Chinese hacking activities. A separate indictment names four MSS-affiliated hackers, three of whom were MSS officers, all accused of a broad range of intrusions targeting industries around the world from health care to aviation.
"The Chinese track closely what the Russians do on coercive activity, and they're copying them."
James Lewis, CSIS
But more unusual than the data theft outlined in that indictment was the mass-hacking called out in Monday's announcement, in which a group known as Hafnium—now linked by the White House to China's MSS—broke into no fewer than 30,000 Exchange Servers around the world. The hackers also left behind so-called web shells, allowing them to regain access to those servers at will but also introducing the risk that other hackers might discover those backdoors and exploit them for their own purposes. That element of the hacking campaign was "untargeted, reckless, and extremely dangerous," wrote Dmitri Alperovitch, former CrowdStrike CTO and founder of Silverado Policy Accelerator, along with researcher Ian Ward, in a March blog post. At least one ransomware group appeared to try to piggyback off of Hafnium's campaign soon after it was exposed.
There's no clear evidence that the MSS' Hafnium hackers themselves deployed ransomware or cryptocurrency mining software on any of those tens of thousands of networks, according to Ben Read, director of cyberespionage analysis at the incident-response and threat-intelligence firm Mandiant. Instead, the White House's criticism of China's government for blurring cybercrime and cyberspying seems to be related to other, years-long hacking campaigns that more clearly crossed that line. In September of last year, for instance, the DOJ indicted five Chinese men who worked for an MSS contractor known as Chengdu 404 Network Technology—known in the cybersecurity industry by the name Barium before they were identified—all of whom stand accused of hacking dozens of companies around the world in a collection of operations that seemed to liberally mix espionage with for-profit cybercrime.”
https://www.reuters.com/technology/us-allies-accuse-china-global-cyber-hacking-campaign-2021-07-19/
“The United States and its allies accused China on Monday of a global cyberespionage campaign, mustering an unusually broad coalition of countries for an initiative angrily rejected by Beijing.
The United States was joined by NATO, the European Union, Australia, Britain, Canada, Japan and New Zealand in condemning the spying, which U.S. Secretary of State Antony Blinken said posed "a major threat to our economic and national security".
Simultaneously, the U.S. Department of Justice charged four Chinese nationals - three security officials and one contract hacker - with targeting dozens of companies, universities and government agencies in the United States and abroad. read more
China's foreign ministry spokesman Zhao Lijian said the accusation was "fabricated out of thin air" for political goals.
"China will absolutely not accept this," he told a regular news conference in Beijing on Tuesday. China does not engage in cyberattacks, and the technical details Washington has provided "do not constitute a complete chain of evidence", he said.
A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, called the accusations against China "irresponsible."
At an event about the administration's infrastructure plan, U.S. President Joe Biden told reporters: "My understanding is that the Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it. And maybe even accommodating them being able to do it."
White House spokeswoman Jen Psaki was later asked at her daily briefing why Biden did not directly blame the Chinese government in his response to a reporter's question.
"That was not the intention he was trying to project. He takes malicious cyber activity incredibly seriously," she said, adding that the White House did not differentiate between Russia and China when it comes to cyber attacks.
"We are not holding back, we are not allowing any economic circumstance or consideration to prevent us from taking actions ... Also we reserve the option to take additional action," she said.
While a flurry of statements from Western powers represents a broad alliance, cyber experts said the lack of consequences for China beyond the U.S. indictment was conspicuous. Just a month ago, summit statements by G7 and NATO warned China and said it posed threats to the international order.
Adam Segal, a cybersecurity expert at the Council on Foreign Relations in New York, called Monday's announcement a "successful effort to get friends and allies to attribute the action to Beijing, but not very useful without any concrete follow-up".
Biden did not blame the CCP for the hacking, because, well, he is, Beijing Biden, America’s first CCP president!
Comments