24 February 2015

China Is Still Top Target of NSA’s Computer Hackers

Chen Weihua
February 21, 2015

There has been plenty of talk lately by US officials on strengthening cyber security, but none of it touched on US cyber intrusion in other countries. 

On Monday, The New York Times reported that the United States has found a way to permanently embed surveillance and sabotage tools on computer hard drives and in networks it has targeted in China, Russia, Iran, Afghanistan and other countries closely watched by US intelligence agencies.

Citing a report by the Russian cyber security firm, Kaspersky Lab, the Times said the implants had been placed by what it called the “Equation Group,” which appears to be a veiled reference to the National Security Agency (NSA) and US Cyber Command.

The same story was covered by The Intercept, which said the malware has been used to infect thousands of computer systems and steal data in 30 countries around the world. Among the targets were a series of unnamed governments, telecom, energy and aerospace companies, as well as Islamic scholars and media organizations.

The report linked the techniques to those used in Stuxnet, the computer worm that disabled some 1,000 centrifuges in Iran’s nuclear-enrichment program. It was later revealed that Stuxnet was part of a program code-named Olympic Games and run jointly by Israel and the US, according to the Times.

Some of the implants burrow so deep into the computer systems that they infect the “firmware,” the embedded software that preps the computer’s hardware before the operating system starts. It is beyond the reach of existing antivirus products and most security controls, making it virtually impossible to wipe out, the Times quoted the Kaspersky report as saying.

In many cases, it also allows US intelligence agencies to grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet.

State Department spokeswoman Jen Psaki said on Tuesday that “we are not going to comment publicly on any allegations that the report raises, nor discuss any details.” Her words echoed exactly what NSA spokesman Vanee Vines told the Intercept.

The fact that NSA or State Department did not deny the allegations is telling.

On Tuesday, Chinese Foreign Ministry spokeswoman Hua Chunying said in Beijing that she has seen the report but was not aware of the specifics.

“The stance of the Chinese government on issues relating to cyber security is clear and consistent. We are against all forms of cyber attacks and activities creating hostility or confrontation in the cyber space,” she said. “We hope that all parties can act upon the spirit of mutual respect and mutual trust, enhance dialogue and cooperation in the cyber space, properly deal with cyber security issues and make joint efforts to safeguard peace and security of the cyber space.”

For long, China has felt that the US has been diverting attention by pointing fingers around the world, particularly at China.

On Feb 10, Lisa Monaco, assistant to the president for homeland security and counterterrorism, said at the Wilson Center in Washington that “at the state level, threats come from nations with highly sophisticated cyber programs, including China and Russia, and nations with less technical capacity but greater disruptive intent, like Iran and North Korea.”

Hua, the Chinese foreign ministry spokeswoman, replied on Feb 12 that “as a country boasting the most advanced cyber technology and the most solid cyber strength, the US should lead by example.”

“We hope the US can take more positive actions and do more things that are conducive to preserving mutual trust and cooperation of the cyber space,” she said.

The Chinese exercised restraint in May last year following the US Justice Department’s indictment of five People’s Liberation Army officers for alleged cyber theft of US trade secrets. Instead of retaliating by indicting five NSA leaders, it suspended a newly established bilateral working group on cyber security.

The Chinese also were angry at a report by US cyber security firm Mandiant in February 2013, charging a PLA unit in Shanghai with engaging in cyber espionage against the US, a charge China denied. Some Chinese believe the US government and special interest groups orchestrated the report.

China has long claimed to be a victim in cyber space. Many of the cyber attacks on China originated in the US, according to China’s Ministry of Defense.

This should not come as a surprise, as US President Barack Obama claimed in his Jan 17 speech on cyber security that “we will not apologize simply because our services may be more effective”.

The Kaspersky report is believed to reveal just a tip of the iceberg of the US’ gigantic cyber espionage.

Alan Rusbridger, editor of the British newspaper The Guardian, said in December 2013 that the revelations so far accounted for only 1 percent of the 58,000 files given to the newspaper by former NSA contractor Edward Snowden.

No comments: