Cyber Warfare

December 28, 20183:51 PM ET
By: Greg Myre

A Justice Department poster shows two Chinese citizens suspected of carrying out an extensive hacking campaign directed at dozens of U.S. tech companies. U.S. law enforcement says such cases are on the rise as China seeks to become a world leader in advanced technologies by 2025.
Manuel Balce Ceneta/AP

To understand China’s espionage goals, U.S. officials say, just look at the ambitious aims the country set out in the plan “Made in China 2025.”

By that date, China wants to be a world leader in artificial intelligence, computing power, military technology, as well as energy and transportation systems. And that’s just a partial list.

“It’s guidance to the rest of government and the rest of their companies and to their people, that this is what we want to be the best in class at, and therefore you should organize your activities, whether they’re legal or illegal, to achieve that,” John Demers, assistant attorney general for the the National Security Division at the Justice Department, said in recent testimony before the Senate Judiciary Committee.

He said the recent legal cases against China show the country is aggressively trying to steal technology directly related to its stated goals.

Justice Department Charges Chinese Hackers In Bid To Curtail Cyber-Theft
“We don’t begrudge them their efforts to develop technologically, but you cannot use theft as a means to develop yourself technologically, and that’s what they’re doing in a number of areas,” said Demers.

This battle has been been going on for years and is heating up again, according to U.S. officials and analysts. It’s playing out across a broad landscape that involves most every tech industry.    [FULL  STORY]

Voice of America
Date: December 11, 2018
By: Reuters

NEW YORK — A senior U.S. intelligence official said on Tuesday that Chinese cyber activity in the United States had risen in recent months, targeting critical infrastructure in what may be attempts to lay the groundwork for future disruptive attacks.

“You worry they are prepositioning against critical infrastructure and trying to be able to do the types of disruptive operations that would be the most concern,” National Security Agency official Rob Joyce said at a Wall Street Journal cybersecurity conference.

Joyce, a former White House cyber adviser for President Donald Trump, did not elaborate. A spokeswoman for the NSA said Joyce was referring to digital attacks against the U.S. energy, financial, transportation and healthcare sectors.

The comments are notable because U.S. complaints about Chinese hacking have to date focused on espionage and intellectual property theft, not efforts to disrupt critical infrastructure.

China has repeatedly denied U.S. allegations it conducts cyber attacks.    [FULL  STORY]

Flashpoint linguists think the authors of WannaCry were native Chinese speakers

Taiwan News
Date: 2017/05/27
By: Keoni Everington, Taiwan News, Staff Writer

TAIPEI (Taiwan News) — Linguists at the dark web intelligence firm Flashpoint say the

Image of Chinese language ransom note sent by WannaCry malware. (Image from Kaspersky Lab)

Mandarin Chinese version of the ransom message sent by the WannaCry malware program was the only one composed by native speakers, indicating that it may have been made in China, not North Korea as previously suspected by antivirus company Symantec.

Flashpoint’s linguists analyzed ransom notes generated by WannaCry in 28 languages from Bulgarian to Vietnamese, and found that all had been generated by Google Translate, with the exception of English and Simplified and Traditional Chinese. However, the English message had grammatical errors indicating it was written by a non-native English speaker.

The Chinese messages, on the other hand, were composed at a native level and differed substantially from the other notes (including the English version) in content, format, tone, and length.

There are a number telltale traits in the ransom note that correspond to a native Chinese speaker. The typo “帮组” (bangzu) instead of “帮助” (bangzhu) meaning “help,” indicates that it was written with a Chinese-language input system that possibly involved keying in the mainland Chinese romanization system Pinyin, as the typo appears to result from failing to input the letter “h.”    [FULL  STORY]

A private industry IT security firm tells Fox News that personal data stolen over the span of several high-profile U.S. cyber breaches is being indexed by China’s intelligence service into a massive Facebook-like network.

According to CrowdStrike founder Dmitri Alperovitch, Chinese hackers are using information gained from the breaches of the U.S. Office of Personnel Management, as well as intrusions into the Anthem and CareFirst BlueCross BlueShield health insurance networks, to build a complete profile of federal employees in what the company calls a “Facebook of Everything.”

“That can now be used to embarrass you publicly and force you to work for the Chinese government,” Alperovitch told Fox News. “It’s, in effect, a private version of Facebook with much more detail about your life than even Facebook has that the Chinese now have access to.” Current and former intelligence officials echoed the assessment.     [FULL  STORY]

NBC News
Date: Sep 11 2015,
By: Reuters

China reacted angrily on Friday following a call by America’s top intelligence official for cyber security Clipboard01against China to be stepped up, and said the United States should stop “groundless accusations.”

Director of National Intelligence James Clapper said the United States must beef up cyber security against Chinese hackers targeting a range of U.S. interests to raise the cost to China of engaging in such activities. Clapper’s testimony adds pressure on Beijing over its conduct in cyberspace weeks before President Xi Jinping visits the United States.

China routinely denies any involvement in hacking and says it is also a victim.

“Maintaining cyber security should be a point of cooperation rather than a source of friction between both China and the United States,” Chinese Foreign Ministry spokesman Hong Lei told a daily news briefing.

“We hope that the U.S. stops its groundless attacks against China, start dialogue based on a foundation of mutual respect, and jointly build a cyberspace that is peaceful, secure, open and cooperative.”

The Obama administration is considering targeted sanctions against Chinese individuals and companies for cyber attacks against U.S. commercial targets, several U.S. officials have said.     [FULL  STORY]

Date: Jun 21, 2015
By: Jeremy Wagstaff

Security researchers have many names for the hacking group that is one of the suspects for the cyberattack

A sign marks the entrance to RSA's facility in Bedford, Massachusetts, in this March 28, 2014 file photo. REUTERS/Brian Snyder/Files
A sign marks the entrance to RSA’s facility in Bedford, Massachusetts, in this March 28, 2014 file photo. REUTERS/Brian Snyder/Files

on the U.S. government’s Office of Personnel Management: PinkPanther, KungFu Kittens, Group 72 and, most famously, Deep Panda. But to Jared Myers and colleagues at cybersecurity company RSA, it is called Shell Crew, and Myers’ team is one of the few who has watched it mid-assault — and eventually repulsed it.

Myers’ account of a months-long battle with the group illustrates the challenges governments and companies face in defending against hackers that researchers believe are linked to the Chinese government – a charge Beijing denies.

“The Shell Crew is an extremely efficient and talented group,” Myers said in an interview.Shell Crew, or Deep Panda, are one of several hacking groups that Western cybersecurity companies have accused of hacking into U.S. and other countries’ networks and stealing government, defense and industrial documents.The attack on the OPM computers, revealed this month, compromised the data of 4 million current and former federal employees, raising U.S. suspicions that Chinese hackers were building huge databases that could be used to recruit spies.     [FULL  STORY]
Submitted by charlie on Tue, Mar 31, 2015

On March 17th 2015, our websites and partner websites came under a DDoS attack (link is external). We had never been subjected to an attack of this magnitude before. This attack was unusual in nature as we discovered that the Chinese authorities were steering millions of unsuspecting internet users worldwide to launch the attack. We believe this is a major cyber-security and economic threat for the people of China.

How did that get there?

After calling on the Internet community for help and assistance, independent researchers with access to our log files discovered the following facts:

Millions of global internet users, visiting thousands of websites hosted inside and outside China, were randomly receiving malicious code which was used to launch cyberattacks against’s websites.

Baidu’s Analytics code (h.js) was one of the files replaced by malicious code which triggered the attacks. Baidu Analytics, akin to Google Analytics, is used by thousands of websites. Any visitor to any website using Baidu Analytics or other Baidu resources would have been exposed to the malicious code. A list of Baidu resources known to be used for the attack appears in the report (link is external).

That malicious code is sent to “any reader globally” without distinguishing that user’s geographical location, meaning that the authorities did not just launch this attack using Chinese internet users –  they compromised internet users and websites everywhere in the world.

The tampering takes places someplace between when the traffic enters China and when it hits Baidu’s servers. This is consistent with previous malicious actions and points to the Cyberspace Administration of China (CAC) being directly involved in these attacks.

More technical details of the attack can be read in a research report (link is external) titled “Using Baidu to steer millions of computers to launch denial of service attacks”.    [FULL  STORY]

Sign In

Reset Your Password