Nicole perlroth
07/20/2021 10:51
Clarín.com
The New York Times International Weekly
Updated 07/20/2021 10:51 AM
Nearly a decade ago, the United States began naming and exposing China for an onslaught of online espionage, most of which was carried out via
low-level
phishing emails
against US companies for theft of data. intellectual property.
On Monday, the United States again accused China of cyberattacks.
But these attacks were very aggressive and reveal that China has become a
far more sophisticated and mature digital adversary
than the one that puzzled US officials a decade ago.
Anne Neuberger, deputy national security adviser for cyber and emerging technology, formally indicted the Chinese government.
Photo Pete Marovich / The New York Times.
The Biden administration's indictment of the cyber attacks, along with interviews with dozens of current and former US officials, show that China has
reorganized
its hacking operations in the intervening years.
Whereas previously it carried out relatively unsophisticated hacks of foreign companies, think tanks and government agencies, China is now perpetrating
stealth and decentralized digital assaults
on American companies and interests around the world.
The attacks that were carried out via poorly worded phishing emails by units of the People's Liberation Army are now carried out by an
elite satellite network
of contractors at front companies and universities working under the direction of the
Ministry of Defense.
China's
State Security
, according to US officials and the indictment.
While
phishing
attacks
continue, spy campaigns have gone underground and employ sophisticated techniques.
These include the exploitation of "zero days," or unknown security holes, in widely used programs such as
Microsoft's Exchange
email service
and
Pulse VPN
security appliances
,
which are harder to defend and allow hackers Chinese operate undetected for longer.
"What we've seen in the last two or three years is a level rise" from China, said
George Kurtz,
CEO of cybersecurity company
CrowdStrike
.
"What we've seen in the last two or three years is a level up" from China, said George Kurtz, CEO of CrowdStrike.
Photo Mike Blake / Reuters
"They operate more like a professional intelligence service than the
smash and grab
operators
we have seen in the past."
China has long been one of the biggest digital threats to the United States.
In a 2009 classified National Intelligence Estimate, a document representing the consensus of all
16
US
intelligence agencies
, China and Russia topped the list of US online adversaries.
However, China was considered to be the
most immediate
threat
due to the volume of its robberies in industrial trade.
But that threat is even more worrisome now due to China's renewed hacking operations.
Additionally, the Biden administration has turned cyber attacks - including ransomware attacks - into a major
diplomatic front
with superpowers like Russia, and the United States' relations with China have steadily deteriorated over issues such as
trade and technological supremacy.
China's role in hacking first came to the fore in 2010 with the attacks on
and the security company
RSA
, and again in 2013 with the hack of
The New York Times.
Those violations and thousands more prompted the Obama administration to target hackers from the Chinese People's Liberation Army in a series of indus- trial theft indictments in 2014.
A single unit of the Shanghai-based People's Liberation Army, known as
Unit 61398
, was responsible for hundreds - some estimate thousands - of breaches of US companies, the Times reported.
In 2015, Obama officials threatened to greet President
Xi Jinping
of China with a
sanctions
announcement
on his first visit to the White House, after a particularly aggressive breach of the US Office of Personnel Management.
In that attack, Chinese hackers seized
sensitive personal information
, including more than 20 million
fingerprints
, from Americans who had been granted a security clearance.
It didn't take long for White House officials to reach an agreement for China to stop hacking American companies and interests for the benefit of its industry.
During the 18 months of the Obama administration, security researchers and intelligence officials saw a
notable decline
in Chinese hacking.
After President
Donald Trump
took office and accelerated trade conflicts and other tensions with China, the hacking resumed.
In 2018, US intelligence officials had noticed a change:
Hackers from the People's Liberation Army had withdrawn and been replaced by operatives working at the behest of the
Ministry of State Security
, which handles China's intelligence, security and secret police.
The intellectual property hacks, which benefited China's economic plans, did not come from the PLA, but from a
more flexible
network
of front companies and contractors, including engineers working for some of the main technology companies in the country. country, according to intelligence officials and investigators.
It was unclear how exactly China was working with these loosely affiliated hackers.
Some cybersecurity experts speculated that engineers received cash to moonlight for the state, while others said that network members
had no choice but
to do what the state asked of them.
In 2013, a classified memo from the United States National Security Agency read:
"The exact affiliation with Chinese government entities is unknown, but their activities indicate a likely feeding of intelligence requirements from the Chinese Ministry of State Security."
On Monday, the White House provided more clarity.
In its detailed indictment, the United States accused China's Ministry of State Security of being behind an
aggressive assault
on
Microsoft's Exchange
email systems
this year.
The Justice Department separately accused
four Chinese nationals
of coordinating the hacking of trade secrets of companies in
aviation, defense, biopharmacy and other sectors.
According to the allegations, Chinese citizens operated from front companies, such as
Hainan Xiandun
, which the Ministry of State Security created to give Chinese intelligence agencies a plausible denial.
The indictment included a photo of one of the defendants, Ding Xiaoyang, an employee of Hainan Xiandun, receiving an
award
in 2018 from the Ministry of State Security for his work overseeing hacks by the front company.
The United States also accused Chinese universities of playing a pivotal role, recruiting students for front companies and running their key business operations, such as payroll.
The indictment also singled out Chinese hackers "affiliated with the government" for carrying out ransomware attacks that extort millions of dollars from companies.
Until now, the attention of ransomware attackers had mostly fallen on Russia, Eastern Europe, and North Korea.
Secretary of State
Antony Blinken
said in a statement Monday that China's Ministry of State Security "has fostered an ecosystem of paid criminal hackers who carry out both state-sponsored activities and cybercrime for their own financial gain."
China has also cracked down on research into widely used hardware and software vulnerabilities, which could benefit state surveillance, counterintelligence and cyber espionage campaigns.
Last week, it announced a new policy requiring Chinese security investigators to notify the state within two days when they find security holes, such as the "
zero days
" the country relied on to breach
security
systems. Microsoft Exchange.
The policy is the culmination of Beijing's five-year campaign to seize its own zero days.
In 2016, authorities abruptly shut down China's best-known private platform that reports on "zero days" and arrested its founder.
Two years later, the Chinese police announced that they would begin enforcing laws prohibiting "unauthorized disclosure" of
vulnerabilities.
That same year, Chinese hackers, who were a regular presence at large Western hacking conventions, stopped attending, by order of the state.
"If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit," Kurtz said of China.
"It is an
arms race
in cyberspace."
c.2021 The New York Times Company
Look also
"China is risen" ... and is hungry for competition
The problem is not China.
They are the big technology