This article in The New York Times (below) and the video of the Department of Justice make it increasingly clear that the Ministry of State Security, the Chinese equivalent of a combined FBI and CIA, is hacking into systems all over the world. It is also becoming increasingly clear that hacking is a central tool of the Chinese government as it seeks to create a China-centric world order. It is stealing technology on a massive basis but also penetrating companies and governments to discover their decision-making processes. Governments can complain about it but few are actually doing anything about it.
Supply chain attacks are particularly sophisticated and I wrote about them in The New Art of War. The hackers know that large defense and technology companies are sophisticated enough to use the most secure systems and to employ people to watch over the systems. But these companies depend on suppliers who, in turn, depend on other suppliers. At the base of the foodchain, smaller companies are not nearly as sophisticated as the big guys. So the Chinese know how to hack into the largely unprotected systems of sub-suppliers and take on the identity of those companies. They then communicate with larger and larger companies until they have penetrated into the inner sanctums of companies trying to protect their systems and their Intellectual Property.
Merely having press conferences and naming the perpetrators does nothing to solve the real problem. There is virtually no cost being extracted from the Chinese and they will continue to do this until we in the rest of the world start hardening our targets. It will be expensive but increasingly clear that we have national security vulnerabilities, which the Ministry of State Security is exploiting.
China-Backed Hackers Broke Into 100 Firms and Agencies, U.S. Says
By Katie Benner and
WASHINGTON — The Justice Department said on Wednesday that a group of hackers associated with China’s main intelligence service had infiltrated more than 100 companies and organizations around the world to steal intelligence, hijack their networks and extort their victims.
The United States government presented the allegations in a set of three indictments unsealed on Wednesday that showed the scope and sophistication of China’s attempts to unlawfully advance its economy and to become the dominant global superpower through cyberattacks. The indictments also said some of the hackers had worked with Malaysian nationals to steal and launder money through the video game industry.
“The Chinese government has made a deliberate choice to allow its citizens to commit computer intrusions and attacks around the world because these actors will also help the P.R.C.,” Deputy Attorney General Jeffrey A. Rosen said, referring to the People’s Republic of China in a news conference where he announced the charges.
The acting U.S. attorney for the District of Columbia, Michael R. Sherwin, said some of the perpetrators viewed their association with China as providing “free license to hack and steal across the globe.
The hackers, Zhang Haoran, Tan Dailin, Jiang Lizhi, Qian Chuan and Fu Qiang, targeted social media and other technology companies, universities, government agencies and nonprofits, according to the indictments.
They had such reach partly because they used a so-called supply chain attack that enabled them to break into software companies and embed malicious code in their products. Once those products were installed in other systems, the hackers could use the code that they had planted to break in. The attack described by Justice Department officials on Wednesday was among the first supply chain attacks publicly revealed in a U.S. indictment of Chinese nationals.
Some of the Chinese hackers also worked with two Malaysian businessmen to use video game platforms to steal from the companies and launder illegal proceeds. The businessmen, Wong Ong Hua and Ling Yang Ching, were arrested on Monday in Malaysia, officials said.
The criminal computer activity and the hackers had been tracked by cyberresearchers under the group names Advanced Persistent Threat 41, Barium, Winnti, Wicked Panda and Panda Spider, officials said.
“They compromised video game distributors to proliferate malware, which could then be used for follow-up operations,” said John Hultquist, the senior director of threat intelligence at the cybersecurity company Mandiant.
The hackers, Zhang Haoran, Tan Dailin, Jiang Lizhi, Qian Chuan and Fu Qiang, targeted social media and other technology companies, universities, government agencies and nonprofits, according to the indictments.
They had such reach partly because they used a so-called supply chain attack that enabled them to break into software companies and embed malicious code in their products. Once those products were installed in other systems, the hackers could use the code that they had planted to break in. The attack described by Justice Department officials on Wednesday was among the first supply chain attacks publicly revealed in a U.S. indictment of Chinese nationals.
Some of the Chinese hackers also worked with two Malaysian businessmen to use video game platforms to steal from the companies and launder illegal proceeds. The businessmen, Wong Ong Hua and Ling Yang Ching, were arrested on Monday in Malaysia, officials said.
The criminal computer activity and the hackers had been tracked by cyberresearchers under the group names Advanced Persistent Threat 41, Barium, Winnti, Wicked Panda and Panda Spider, officials said.
“They compromised video game distributors to proliferate malware, which could then be used for follow-up operations,” said John Hultquist, the senior director of threat intelligence at the cybersecurity company Mandiant.