Tag Archives: cyber-hacking

US Names And Shames Chinese Hackers

LI XIAOYU AND Dong Jiazhi, the two hackers in Guangzhou accused by the United States of stealing trade secrets from hundreds of companies, attempting to steal coronavirus research and providing email passwords of known dissidents and religious leaders to the authorities, are unlikely ever to get their day in a US federal court, and be quite happy for that.

Their indictment, handed down by a federal grand jury in Spokane, Washington earlier this month, was made public on July 21, an exercise in naming and shaming as the Trump administration sustains its relentless drumbeat of accusations against Beijing for the theft of US intellectual property.

In this particular case, the finger of opprobrium is also being pointed at the Guangdong State Security Department of the Ministry of State Security, on whose behalf Li and Dong were allegedly working, when they were not, as the indictment lays it out, blackmailing some victims on their own account.

The same day there was an effort in the US Congress to introduce legislation to sanction hackers who try to steal coronavirus-related research. An attempt to tack it on to the National Defense Authorization Act failed, but it is likely to see the light of day again as a stand-alone bill.

The mood among US lawmakers in the run-up to the presidential election in November is hardening against China, with US Secretary of State Mike Pompeo visiting London and Copenhagen, to get more of the same there.

Update: The US government has ordered Beijing to close its consulate in Houston, Texas by Friday. It is unclear if the decision is directly related to the hacking charges, but a US State Department spokesperson cited a need to protect American intellectual property and information.

1 Comment

Filed under China-U.S.

Trump Ups Pressure On China Over Cyberhacks

Screenshot of FBI wanted poster for four alleged members of the PLA Fourth Department's 54th Research Institute in connection with the hack of the credit rating agency Equifax in 2017.

A REMINDER THAT the greatest deal in the history of the universe, or whatever US President Donald Trump called his Phase One trade deal with China, did not touch on one of the United States’ biggest beefs with Beijing, cybertheft.

Four alleged members of the PLA’s 54th Research Institute have been charged in the United States in connection with the cyberattack on the US credit rating company Equifax in 2017. Personal data of 147 million Americans and some UK and Canadian citizens were stolen in what was one of the largest data breaches in history.

The four were named as Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei. Their whereabouts are unknown at it is highly unlikely they will ever appear before a US court.  The 54th Research Institute is based in Hebei and is overseen by the PLA’s Fourth Department, the military’s electronic and information warfare arm, including offensive cyber operations.

At a news conference announcing the nine-count indictment, US Attorney General William Barr called out other alleged cyberattacks by Chinese agents including on health insurer Anthem and the federal Office of Personnel Management reported in 2015, as well as a 2018 hack of the hotel chain Marriott.

US intelligence services believe that the Chinese government has been systematically accumulating personal information on US citizen and data-mining it for compromising details about individuals, including those in government and military service and academia, who could then be susceptible to blackmail and, thus, be potential recruits as spies. Washington also fears that this profiling exercise could also expose US intelligence agents working abroad.

Beijing has denied any such hacks and intentions.

When the Obama administration indicted five suspected PLA hackers in 2014 for allegedly breaking into the computer systems of several US manufacturing companies, it led to an agreement by China to cut back its cybertheft from US firms. Given the strained level of US-China relations tody, whether the Trump administration could get similar temporary relief if that is its aim in making this latest indictment public, is a different matter.

Leave a comment

Filed under China-U.S., Defence

Sony Cyber Attack: The China Connection

IT WAS, PERHAPS, only a matter of time before China was dragged publicly into the war of words between the U.S. and North Korea over Pyongyang’s alleged cyber attack on Sony Corp. in retaliation for the company’s provocative Hollywood comedy about a plot to assassinate North Korean leader Kim Jong Un. China is North Korea’s main onramp to the internet. North Korea runs the overwhelming majority of its telecoms traffic through Chinese state-owned telco China Unicom. Its own networks are limited, as are its telecoms connections to its other outlet to the world, Russia. To get its cyber warriors even close to the internet backbone, Pyongyang stations some of them over the border in China.

Now Washington has reportedly asked Beijing to rein in Pyongyang’s use of Chinese routers and servers for cyber attacks, including expelling North Korean hackers based in China — a request Beijing has met with polite silence or neutral platitudes. The Sony incident is another Pyongyang embarrassment it could do without — even if it doesn’t mind a company with one foot in Hollywood and the other in Japan being embarrassed even more. Yet it is not going to open that particular can of worms. And especially not in public.

Cyber warfare is almost as sensitive a topic in Beijing as even a fictional assassination attempt on the Beloved Leader is in Pyongyang. Washington has repeatedly accused Beijing of hacking into U.S. companies, charges Beijing has repeatedly denied, saying it is a victim of cyber attacks not a perpetrator. But for both countries’ cyber warfare has become the “fifth dimension” of defence, adding to land, sea, air and space military operations.

Pyongyang, for the record, has also denied that it cyber attacked Sony. It has demanded a joint investigation with the U.S., following that up with a predictable burst of typical bombastic rhetoric.

So far, Beijing has walked a fine line over the Sony incident. It has condemned both the movie as being culturally arrogant and cyber attacks and terror threats. But, it is equally aware that the U.S. has become more forceful this year in pressing cyber-attack allegations against Beijing. In May, Washington broke new ground in bilateral relations by bringing its first cyber-spying case against China, charging five Chinese army officers in May with hacking into U.S. companies. The following month a Chinese businessman was charged with hacking into the computer systems of U.S. defence contractors, including Boeing.

For North Korea’s part, it could now return to the U.S.’s list of state sponsors of terrorism, from which it was removed in 2008 after agreeing to verification of its nuclear sites. The incident has also thrown a spotlight on Unit 121 of North Korea’s military intelligence agency. This is an elite if shadowy group of cyber warriors, some of whom are based in the Chilbosan hotel, a Chinese-North Korean joint venture in Shenyang in Liaoning  province. Estimates of their number vary from a few hundred to several thousand.

Little is known definitively about the group outside its own circles. What there is comes from defectors from several years ago. In truth, not much if anything new about it has been learned lately despite Unit 121 being written about relatively widely in the Western press since the Sony attack. A sign of how active it is is that North Korea has reputedly carried out more cyber attacks than another nation. Denial of service attacks on South Korea are its weapon of choice, but it is believed to have hacked about in the U.S., penetrating both the U.S. Department of Defense and U.S.-based companies. Part of its brief is to cause North Korea’s enemies monetary loss.

Some note similarities between the Sony attack and a broad based hack of South Korean banking and media companies last year widely believed to be the work of Unit 121. If it was responsible for the cyber hack of Sony, as charged, that would mark its boldest and most sophisticated attack to date.

With or without Beijing’s help, U.S. President Barack Obama has promised “proportionate” retaliation for what he has called an act of “cyber vandalism.” It is difficult to know what that might be. The hermit kingdom’s internet isolation has long offered Unit 121 an unlikely degree of protection. There isn’t much internet infrastructure in North Korea against which to retaliate; there are barely a dozen web sites using the country’s domain, .kp, all state run. Washington’s best bet is to get China to lean on its ally — which isn’t much of a bet at all.

Update: The internet went down in North Korea for nine and a half hours on Dec. 22 after more than a day of increasingly instability, suggesting an onslaught of denial-of-service attacks.  It could also be a result of a power failure, accidental or because someone pulled the plug. On either score, China has said it wasn’t its doing. The U.S. has declined to make comment. Well, both would, wouldn’t they — and hacktavist groups are just as likely suspects.

Leave a comment

Filed under China-Koreas, China-U.S., Defence

The Preemptive Cyber-Strike Edges Nearer

China-based North Korean hackers were behind a $6 million cyber-heist from an online gaming system, according to South Korean police (via JoongAng Daily). Not quite on the scale of the five-year long cyber attacks against 72 countries and organizations since 2006 that the U.S. security software firm McAfee revealed earlier this week without directly accusing China of being it’s origin though that has been the common assumption that has taken hold. This Bystander does wonder, albeit without a shred of evidence, if there might be a least a dotted line connecting the two, perhaps a little freelancing being tolerated on the side. The North Koreans were hired by a South Korean crime gang, but in whose pay were they in China in the first place? The report quoted above suggests they might be connected to Office 39, the North Korean agency that manages slush funds and generates foreign exchange for the Pyongyang leadership. In any event, they are some pretty grubby hired hands.

Regardless, as the victims of the larger operations ranged from the governments of the U.S., South Korea, Taiwan, Vietnam and India to organizations such as the UN and the International Olympic Committee and firms in the defense and high-tech industries, the attacks are likely to bolster the efforts in those countries to increase their both national and commercial cyber-defense capabilities. And, assuming the virtual world follows the real one, to raise calls in some quarters for retaliatory and preemptive strikes against, and we choose our words deliberately here, states believed to sponsor or harbor what will doubtless be called cyber-terrorists.

Update: Here is one such call by Richard Clarke, former head of U.S. cybersecurity.

Leave a comment

Filed under China-Koreas, China-U.S., Defence