No announcement yet.

Chinese Corporate & Commercial Espionage, Copyright Theft etc

  • Filter
  • Time
  • Show
Clear All
new posts

  • Chinese Corporate & Commercial Espionage, Copyright Theft etc

    For years, China has systematically looted American trade secrets. Here's the messy inside story of how DC got Beijing to clean up its act for a while.

    KEVIN AND JULIA Garratt had spent nearly all of their adult lives in China. A devout Christian couple in their fifties with an entrepreneurial streak, they operated a café called Peter’s Coffee House, a popular destination in the city of Dandong, according to Trip*Advisor.

    DANDONG IS A sprawling border town that sits just across the Yalu River from North Korea. For tourists and expats, the Garratts’ coffee shop—just a short walk from the Sino-*Korean Friendship Bridge—was a hub of Western conversation and comfort food. “After time in North Korea a decent cup of coffee was one of those things I was really looking forward to,” one Australian tourist wrote in early 2014. “Peter’s was a perfect place.”

    The Garratts had come to China from Canada in the 1980s as English teachers. They lived in six different Chinese cities over the years, raising four children along the way, before settling in Dandong. From their perch near the border, they helped provide aid and food to North Korea, supporting an orphanage there and doing volunteer work around Dandong itself. The Garratts had a strong social network in the city, so it didn’t seem odd to either of them when they were invited out to dinner by Chinese acquaintances of a friend who wanted advice on how their daughter could apply to college in Canada.

    The meal itself, on August 4, 2014, was formal but not unusual. After dinner, the Garratts got into an elevator that took them from the restaurant down to a lobby. The doors opened onto a swarm of bright lights and people with video cameras. The Garratts initially thought they’d stumbled into a party of some kind, maybe a wedding. But then some men grabbed the couple, separated them, and hustled them toward waiting cars. Everything happened fast, and very little made sense. As the vehicles pulled away, neither Kevin nor Julia had any idea that it was the last they’d see of one another for three months.

    It wasn’t until the two arrived at a police facility that they each realized they were in real trouble. And it wasn’t until much later still that the couple would understand why they had been taken into custody. After all, before their detainment, they’d never even heard of a Chinese expat living in Canada named Su Bin.

    WHEN THE GARRATTS first arrived in China, in 1984, the country was still transitioning away from collective farms. Shanghai had only just opened up to foreign investment; the future megacity Shenzhen still had just a few hundred thousand inhabitants. Over the ensuing three decades, the couple would watch as China hurtled from eighth-largest economy in the world to second-largest, powered, famously, by mass migrations of people into new industrial cities and the erection of a vast manufacturing and export sector. But especially in the later years of the Garratts’ career as expats, the country’s growth was also propelled by a more invisible force: a truly epic amount of cheating.

    China has become one of the world’s most advanced economies overnight in no small part through the rampant, state-sponsored theft of intellectual property from other countries. This extended campaign of commercial espionage has raided almost every highly developed economy. (British inventor James Dyson has complained publicly about Chinese theft of designs for his eponymous high-end vacuums.) But far and away its biggest targets have been the trade and military secrets of the United States. From US companies, Chinese hackers and spies have purloined everything from details of wind turbines and solar panels to computer chips and even DuPont’s patented formula for the color white. When American companies have sued Chinese firms for copyright infringement, Chinese hackers have turned around and broken into their law firms’ computer systems to steal details about the plaintiffs’ legal strategy.

    Each theft has allowed Chinese companies to bypass untold years of precious time and R&D, effectively dropping them into the marathon of global competition at the 20th mile. China’s military has gotten a leg up too. Coordinated campaigns by China’s Ministry of State Security and the People’s Liberation Army have helped steal the design details of countless pieces of American military hardware, from fighter jets to ground vehicles to robots. In 2012, National Security Agency director Keith Alexander called it the “greatest transfer of wealth in history,” a phrase he has regularly repeated since.

    And yet, despite a great deal of restlessness in the ranks of law enforcement and intelligence agencies, the United States was, for years, all but paralyzed in its response to Chinese hacking. China simply denied any hand in the thefts, professing to take great umbrage at the idea. American diplomats were skittish about upsetting a sensitive bilateral relationship. And American companies, in turn, were often inclined to play dumb and look the other way: Even as they were being robbed silly, they didn’t want to jeopardize their access to China’s nearly 1.4 billion consumers.

    John Carlin, who served as assistant attorney general for national security during the Obama administration, recalls one meeting with executives from a West Coast company whose intellectual property was being stolen by Chinese hackers. The executives even projected that, in seven or eight years, the stolen IP would kill their business model; by that point, a Chinese competitor would be able to undercut them completely with a copycat product. But the company’s general counsel still didn’t want the government to step in and take action. “We are going to be coming back to you and complaining,” the general counsel said. “But we’re not there yet.”

    Finally, between 2011 and 2013, the US began to reach a breaking point. Private cybersecurity firms released a string of damning investigative reports on China’s patterns of economic espionage; the US government started to talk more publicly about bringing charges against the country’s hackers. But it was far from clear how any government or company might successfully turn back the tide of Chinese incursions. President Obama pressed the issue of cyberthefts in his first meeting with President Xi in 2013, only to be met with more denials.

    This is the story of how the US finally achieved some leverage over China to bring a stop to more than a decade of rampant cybertheft, how a Canadian couple became bargaining chips in China’s desperate countermove, and how the game ended happily—only to start up again in recent months with more rancor and new players.

    ON MONDAY, MAY 19, 2014, nearly three months before the Garratts were whisked away into the Dandong night, the US Justice Department called a press conference at its headquarters in Washington, DC. Attorney general Eric Holder took the podium to announce charges against five hackers for breaking into the systems of several US companies, including U.S. Steel, Westinghouse, and a renewable-energy outfit called SolarWorld. The FBI had mocked up a bunch of “Wanted” posters, which made it strikingly clear that the hackers all shared an employer: the Chinese army. Two of the men were even pictured in their crisp dress uniforms.

    The press conference marked the first time the US had ever indicted individual foreign agents for cyber intrusions. It made front-page headlines across the country, instantly bumping the issue of Chinese economic espionage off the back burner of public consciousness. But the news came with an inevitable caveat: “The move by the Justice Department was almost certainly symbolic,” The New York Times wrote, “since there is virtually no chance that the Chinese would turn over the five People’s Liberation Army members named in the indictment.”

    A few days later, Carlin and a Justice Department prosecutor named Adam Hickey were flying back from a meeting with the victims of the PLA hackers. At the Pittsburgh airport, Carlin lamented the obvious: None of the hackers would face a US courtroom anytime soon. Everyone at the Justice Department knew it would take more than a single “name and shame” campaign to change the calculus of Chinese behavior; the US needed to apply pressure on multiple fronts, perhaps building up to a threat of sanctions. Now that they’d made their opening gambit, prosecutors needed a next move, preferably one that would actually put someone in handcuffs. Sitting in the terminal Carlin said, “The next case, we need a body.”

    Hickey smiled. “Actually, I’ve got a case I want to talk to you about,” he said.

    THE FBI REMAINS cagey today about where and how the conspirators first appeared on the agency’s radar. The bureau will say only that it opened its investigation after seeing emails between them. Reading between the lines, the case likely began with intercepts from the NSA, passed through the intelligence community from Fort Meade to the FBI. Eventually, in late summer 2012, a trove of emails between three Chinese agents landed on the desk of supervisory special agent Justin Vallese, who runs a squad of cyber agents in the FBI’s Los Angeles field office.

    “From day one, we knew it was bad,” Vallese says. “The contents of those emails are pretty explosive.”

    One message, which bore an attachment entitled “C-17 Project Reconnaissance Summary,” appeared to suggest a broad outline of the project therein: a successful, long-term effort by hackers to steal the design secrets of one of America’s most advanced cargo aircraft, the C-17 military transport.

    A $202 million-per-unit craft developed by Boeing, the C-17 had been one of the most expensive military planes ever developed by the US Air Force, costing more than $31 billion to create in the 1980s and ’90s. Since its completion, the C-17 had become a key means of delivering troops, vehicles, and supplies to the front lines of the wars in Afghanistan and Iraq, as well as delivering humanitarian supplies the world over. It’s also used to transport the president’s armored limousines around the globe.

    American intelligence agencies knew that, for years, the Chinese had been struggling to build their own large cargo plane, a necessary tool for any modern military that wants to project its power over a large area. Now Beijing was evidently making some headway—by raiding Boeing’s trade secrets to build what was essentially a Chinese version of the C-17.

    Right away, the FBI alerted Boeing to the intrusions. (Boeing declined to comment on this story.) After that, agents in Los Angeles began wading through encrypted attachments and translating each message from Chinese. The emails would ultimately give them an incredibly detailed picture of the inner workings of a Chinese espionage operation. Not only that, they realized, it might also give them a chance to actually arrest someone. Two of the conspirators—the ones who did the actual hacking—were out of reach in China. But the third was a successful businessman named Su Bin, and he was based right here in North America, just a three-hour flight from the agents’ offices in LA.

    Su, who in the West went by Stephen, owned an 80-employee Chinese aviation-technology firm called Lode-Tech and, according to The Globe and Mail, had a comfortable $2 million house in Richmond, British Columbia. He had two kids, both born in Canada; his wife had been a gynecologist, and his oldest son went to college in Switzerland. In 2012, he was interviewed by The Wall Street Journal as part of a story about wealthy Chinese decamping for the West. He said he was the son of an army officer and that he had made millions as an aerospace entrepreneur. He told the Journal that he found the rules of the West less restrictive. “Regulations [in China] mean that businessmen have to do a lot of illegal things,” Su said at the time.

    From what the agents could reconstruct, the hacking conspiracy had begun as early as 2009. Su’s contributions as a spy, the agents realized, were intimately tied to his work as an entrepreneur. “Su Bin was what we’d call in the traditional espionage world a spotter—someone who would tee up targets for a nation-state,” explains Luke Dembosky, one of the prosecutors overseeing the case. Through Lode-Tech, Su had a deep network of industry contacts, and his team’s espionage began with mining his knowledge of the field: He would direct his hacker colleagues toward particularly interesting engineers and corporate personnel in the aerospace industry. Then the hackers likely used basic techniques—standard phishing emails—to attempt to penetrate company executives’ email accounts and, from there, access restricted corporate networks.

    According to court records, once the hackers got inside a network—through “painstaking labor and slow groping,” as they put it—they went back to Su Bin. They would send him lists of the files they’d uncovered; he would then highlight in yellow the most valuable documents that they should exfiltrate, guiding them through what they were uncovering. (Investigators came to enjoy the secret irony in Lode-Tech’s tagline, printed in big letters on its website: “We will track the world’s aviation advanced technology.”)

    It was tedious work. Some of the file directories ran to thousands of pages; in one dump of nearly 1,500 pages, Su meticulously highlighted 142 files that seemed most likely to be useful to his Chinese Army contacts—files with names like C17Hangar Requirements 112399.pdf and Critical Safety Item(CSI) Report_Sep2006.pdf. In another 6,000-page *directory, he picked out the 22 most promising file folders—hitting on one that FBI agents later calculated contained more than 2,000 files related to the C-17.

    ALL TOLD, ACCORDING to their own accounting, Su and his two Chinese partners stole 630,000 files related to the C-17, totaling about 65 GB of data. “We safely, smoothly accomplished the entrusted mission in one year, making important contributions to our national defense scientific research development and receiving unanimous favorable comments,” the team wrote.

    The C-17 wasn’t the hacker’s only target; they filched information about other aircraft as well. Investigators believe they pillaged 220 MB of data related to the F-22 Raptor, as well as files related to the F-35, including its flight test protocols, which Su carefully translated into Chinese. The thefts would be critical to helping the Chinese understand—and copy—the world’s most advanced multirole fighter plane, which had cost $11 billion to develop.

    The more they dug, the more the agents realized what a uniquely valuable conspirator Su Bin was, perhaps even sui generis as a spy. He was conversant with the aerospace community, and he spoke English, Chinese, and the technical jargon of aviation in both languages, able to translate the complex world of industrial design schematics, plans, and handbooks. “I don’t know how many Su Bins there are,” Vallese says.

    Su’s hacking effort provided a staggering return on investment for the Chinese government: According to court documents, the operation cost China around $1 million—an absolute pittance compared to the decades of engineering knowledge, military technology, and construction details that Su and his team were able to steal from Boeing and the US Air Force. The team’s overseers ran such a tight ship that Su griped in an email about the difficulty of getting *reimbursed for expenses.

    According to court documents, the hackers covered their tracks by pinballing stolen files through a sophisticated international server network, with machines planted in the US, Singapore, and Korea. They carefully disguised documents as they stole them, so as to circumvent the internal intrusion alarms at Boeing. Then they were careful to move their digital contraband through at least three foreign countries, ensuring that at least one had unfriendly relations with the United States, to throw pursuers off China’s scent. Ultimately, the files would be deposited on machines near Hong Kong and Macau.

    There, officials would pick them up and transfer them back to China—in person, further covering all tracks between the United States and China. But the evidence the FBI had collected left no doubt that the ultimate customer was the Chinese military—and that Su Bin’s partners were members of the military themselves. While the two hackers in China have not been charged publicly, the US government knows who they are; according to court records, investigators intercepted an email that one of the hackers had received with a copy of his own ID card, which included his photo, name, and date of birth. Similarly, emails the FBI traced to the other hacker, one with the subject line “boss,” included photos of both men in Chinese military uniforms.

    By late spring 2014, around the time Carlin was sitting in the Pittsburgh airport with Hickey, the FBI had assembled everything it needed to make a case against Su Bin; as it happened, the timing coincided with the Justice Department’s newfound desire to charge someone with Chinese espionage. “We were fortunate to get Su into a place where there was an interest and an appetite for an arrest,” Vallese says. “We had the right subject and had the ability to put hands on him.”

    To actually arrest Su, the FBI needed the cooperation of Canadian authorities. Once again, timing may have worked in the case’s favor. Around the same time when the FBI was asking for the Royal Canadian Mounted Police’s help in detaining Su Bin, according to The Globe and Mail, Canada was responding to a massive attack by state-sponsored Chinese hackers who had penetrated the network of its National Research Council, which leads the country’s research and development efforts. (China denied the accusation.) Given the chance to help break up a Chinese hacking ring, authorities north of the border were perhaps unusually motivated to help. In any case, they said yes.

    By June 2014, the investigative teams knew that Su Bin was planning to leave the country for China—though no one knew for how long. They decided that now was the time to act. A few days before his scheduled trip, Canadian authorities pulled Su Bin over and arrested him.

    Right away, China knew that one of its most valuable intelligence assets had been caught. While the “Wanted” posters and Eric Holder’s indictment of five military hackers had certainly made an impression on Beijing, Carlin says that the follow-up case against Su Bin—which actually brought a spy into custody—helped shape the Chinese response even further.

    “The Su Bin case, all but unnoticed by the public, had a large impact on Chinese thinking,” says Carlin, who has coauthored with me a new history of the government’s approach to cyberthreats. “In the space of barely a month, the United States had taken overt steps against two major Chinese economic espionage operations.”

    Vallese says the FBI expected it would be an ordeal to get Su Bin back from Canada. International extraditions, even from close partners and allies, are always complicated. “We weren’t under any impression this was going to be easy,” Vallese says.

    As Su Bin prepared for his initial court appearances, China quickly decided to send a not-so-subtle message to Canada. To make America’s northern neighbor think twice about allowing the extradition of Su Bin to the United States, it appears the Ministry of State Security had Kevin and Julia Garratt invited to dinner in Dandong.

    AFTER THEIR DETENTION, the Garratts found themselves caught in China’s Kafkaesque justice system, interrogated regularly but with nothing to confess. Their family retained James Zimmerman, an American lawyer with the firm Perkins Coie, who had spent nearly two decades working in Beijing. He began to piece together the case against the couple.

    The Chinese government, he realized, was leveling charges against Kevin Garratt that were almost a mirror image of the US charges against Su Bin. The Chinese Foreign Ministry told The New York Times that the Garratts were being investigated for stealing intelligence “about Chinese military targets and important national defense research projects, and engaging in activities threatening to Chinese national security.” As if that weren’t menacing enough, on February 19, 2016, China amended the indictment against Kevin to include more serious charges.

    The “evidence” against Kevin, though, appeared mainly to be that he had a history of taking fairly unremarkable photographs in public places—going to Tiananmen Square, say, and filming the soldiers marching around and raising the flag, Zimmerman says. “Getting caught up with China’s politically driven criminal justice system can be a bleak, depressing experience,” Zimmerman says. “Due process in China is a different animal than in most Western judicial systems. While the investigators are not allowed to torture the suspects, mistreatment is a matter of definition.” He spent months shuttling back and forth between meetings with the Chinese Ministry of Foreign Affairs, the Ministry of Commerce, and Canadian embassy officials. “My goal was to plead to them that this case was not good for China given the dearth of evidence and the potential for a public backlash.” Later, Kevin Garratt would precisely recall the outline of the cell he shared with as many as 14 prisoners in China: “About 12 paces by five and a half.”

    But even if the diplomatic aftermath of Su Bin’s hacking operation was spinning wildly out of control, the operation’s military objective was just coming to fruition. In November 2014, while Su Bin and the Garratts sat behind bars, the Chinese rolled out their own knockoff military cargo plane at an annual air show in Zhuhai. At the show, the Xian Y-20—codenamed Kunpeng after a mythical ancient Chinese bird capable of flying long distances—was parked across the tarmac from an American C-17. Aviation enthusiasts noted how similar the two planes looked, right down to the design of their tail fins. The Chinese plane had met its American doppelgänger, just feet apart.

    TO ANYONE MONITORING the traffic of Chinese cyberthefts, the one-two punch of the PLA indictments and the Su Bin arrest seemed to make a real difference. “Since mid-2014, we have seen a notable decline in China-based groups’ overall intrusion activity against entities in the US and 25 other countries,” the cybersecurity firm FireEye concluded in one report. Many inside the government had worried that the Justice Department’s newly aggressive stance would backfire. But as it turned out, it was the Garratts who suffered the negative repercussions; otherwise the indictments and Su Bin’s arrest seemed to have compelled China to put the brakes on its hacking.

    Because the sky hadn’t fallen, the Obama administration felt emboldened to keep pushing harder. China, they figured, saw its economic espionage—like all espionage—via the lens of cost-benefit analysis. With the indictment and arrest of Su Bin, the Americans felt that they had begun to change one side of that equation—and now it was time for them to up the ante. President Xi was scheduled to make his first state visit to Washington at the end of September 2015. In the weeks leading up to the visit, the Obama administration set out to bring the tensions between the two nations to a head.

    In August 2015, The Washington Post ran an article warning that the US government was getting ready to issue sanctions targeting China for its hacking. In September, President Obama addressed a group of business leaders: “We are preparing a number of measures that will indicate to the Chinese that this is not just a matter of us being mildly upset but is something that will put significant strains on the bilateral relationship if not resolved. We are prepared to take some countervailing actions in order to get their attention.” Other officials, including national security adviser Susan Rice, pressed the message behind closed doors: China’s behavior had to change.

    The warnings, both public and private, got through. Just days before Xi’s visit, Beijing dispatched a large, high-level delegation to Washington. “The Chinese saw they had a big potential embarrassment brewing,” Justice Department deputy assistant attorney general Luke Dembosky recalls. No one on the Chinese side wanted Xi’s first state visit to become a showdown over cybersecurity. “They had to let the air out of the balloon.”

    The conversations, which included Department of Homeland Security secretary Jeh Johnson and White House cybersecurity coordinator Michael Daniel, began with a firm message from the Americans: Don’t even bother denying this is your typical behavior. Let’s move past that. For days, the negotiations were tense and stilted. But finally, on the night before the delegation was set to return home, the Chinese called the White House for a final set of talks. “I was all set to go home, and I got a call at 6:30: ‘Can you be at the White House at 8?’ ” Dembosky recalls.

    It turned out to be too late to arrange access to the White House, so the groups met at the Omni Shoreham Hotel instead, perched on the edge of Rock Creek Park. Aides from the White House, the Justice Department, the Department of Homeland Security, and the State Department, among others, talked through the night with the much-larger Chinese delegation. All of them were aware that the Chinese had a deadline to make their 7:30 am flight home. “It was one of the most constructive dialogs I’ve ever been part of. For a brief moment, the stars were aligned. They were highly motivated to do the right thing,” Dembosky says. By morning, they’d worked out an agreement for the two presidents to sign later in Washington.

    A few days later, on September 25, 2015, Barack Obama and Xi Jinping met privately. As Obama recapped the meeting to the press, he said he had “raised once again our very serious concerns about growing cyberthreats to American companies and American citizens. I indicated that it has to stop. The United States government does not engage in cyber-economic espionage for commercial gain.” Then the president made an announcement in the Rose Garden that many US leaders had never thought they’d hear: “Today, I can announce that our two countries have reached a common understanding on the way forward. We’ve agreed that neither the US or the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage. In addition, we’ll work together, and with other nations, to promote international rules of the road for appropriate conduct in cyberspace.” The breakthrough was later endorsed by the G-20, the rough equivalent of the first arms-control agreement ever reached in cyberspace.

    “We did see the behavior of the Chinese change. I had been cynical about the agreement, but I was wrong,” Carlin recalls. “China, at least in a narrowly defined box, had agreed to a new cyber norm. Consistent with their agreement, they largely ceased state-sponsored hacking that targeted a private US company for the direct economic benefit of a Chinese competitor.”

    THE WORLD’S TWO largest superpowers had broken new ground, but the travails of the Garratts and Su Bin dragged on. Julia had been released on bail but was ordered to stay in China, and in January 2016 the Chinese government announced it would try Kevin for espionage. “Chinese authorities also found evidence that implicates Garratt in accepting tasks from Canadian espionage agencies to gather intelligence in China,” the Xinhua news agency reported.

    Behind the scenes, though, the Chinese acknowledged that the charges were absurd—and that there was an easy path for the Garratts’ release, says the couple’s lawyer. As Zimmerman told The New York Times, “The Chinese made it clear that the Garratt case was designed to pressure Canada to block Su Bin’s extradition to the US.”

    But in February 2016, Su Bin himself foiled China’s bargaining position. He waived extradition, deciding he would go freely to the US to face charges. His lawyer later told a US court that Su Bin knew that his extradition proceedings might last longer than the time he’d serve in a US prison.

    FBI agents flew to Vancouver and prepared to take custody of Su; Vallese and several colleagues waited next to the FBI’s Gulfstream jet as a Canadian police motorcade pulled onto the tarmac. “Su was in the backseat of the SUV, sandwiched between two Canadian law enforcement officers,” Vallese recalls. “All of us got chills.”

    On the flight back to California, Vallese says the talk among the agents and Su turned to aviation. He complimented the FBI’s plane. Making chitchat, one of the agents asked him if he had a favorite jet. “Not the C-17,” Su deadpanned.

    On March 22, 2016, Su Bin pleaded guilty. His 35-page agreement was perhaps the most detailed firsthand explanation of China’s spying apparatus ever released in public. “It was the first time we’d had that kind of success—the first time we’d had someone owning their part in an intrusion like this,” Vallese says. Su Bin declined to speak publicly, though, in court: “I lost my words now,” he said at his sentencing, where a judge handed him 46 months in federal prison and ordered him to pay a $10,000 fine. With time served, he was released in October 2017.

    The case against the Garratts rapidly unraveled in the wake of Su Bin’s decision to waive extradition. Julia was able to leave China in May 2016, and Kevin was released that September, though he had to pay nearly $20,000 in fines and penalties—money that had been partly designated for a North Korean orphanage project and other aid work.

    This spring, FBI director Christopher Wray stated in public what people in cybersecurity circles had been seeing for a while: China is back to its old tricks. It is once again infiltrating US computer systems and stealing information at a massive scale. “There’s no country that’s even close,” Wray told NBC News in March this year. “We’re talking about big damages,” President Trump recently told Reuters. “We’re talking about numbers that you haven’t even thought about.”

    “There’s been a massive pickup in the last year and a half,” says Dmitri Alperovitch, cofounder of the cybersecurity firm CrowdStrike.

    For a variety of reasons, the 2015 truce between China and the United States didn’t hold—in a way, it’s because both countries have ceased to acknowledge it.

    Donald Trump’s trade war against China has largely been couched as a way to punish China for its years of rampant intellectual property theft. And the official documents that make a case for that war have made scant mention of the progress that the Obama administration made. “After years of unsuccessful US-China dialogs, the United States is taking action to confront China,” wrote the US Trade Representative’s office, disregarding the quite successful dialog that took place at the Omni Shoreham hotel in 2015. If the US isn’t going to acknowledge that things ever got better, what incentive does China have to keep on good behavior?

    At the same time, Chinese hacking may be on the rise again for reasons that are quite internal to Beijing. Between 2005 and 2014, the main force behind China’s campaign of cybertheft was the People’s Liberation Army. In turn, after the outing of the five PLA soldiers in 2014, that agency bore most of the embarrassment and blame for China’s weakened hand in negotiations with the US. Since 2016, for a host of reasons, the army has had its wings clipped politically by President Xi, both through a reorganization and through anticorruption drives that have seen numerous government officials sidelined, imprisoned, and, in at least one case, even sentenced to death.

    Into the vacuum left behind by the PLA, the Chinese Ministry of State Security—a powerful agency that combines elements of the CIA, the FBI, and the NSA—has apparently stepped in and become China’s new central office for cybertheft. “The PLA have stepped back significantly, but the MSS and their affiliated contractors have stepped into that void,” Alperovitch says.

    These new hackers with the Ministry of State Security have evidently learned from the PLA’s mistakes. “They’ve gotten steadily better,” Alperovitch says. “They’re thinking much harder about how to be more stealthy.” After all, no Chinese hacker wants to be the next one splashed across an FBI “Wanted” poster.
    Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!

  • #2

    IN 2013, CYBERSECURITY firm Mandiant published a blockbuster report on a state-sponsored hacking team known as APT1, or Comment Crew. The Chinese group achieved instant infamy, tied to the successful hacks of more than 100 US companies and the exfiltration of hundreds of terabytes of data. They also vanished in the wake of being exposed. Now, years later, researchers from security firm McAfee say they’ve found code based on APT1–associated malware cropping up in a new set of attacks.

    Specifically, McAfee has found malware that reuses a portion of the code found in an implant called Seasalt, which APT1 introduced sometime around 2010. Lifting and repurposing pieces of malware is not an unusual practice, especially when those tools are widely available or open source. Look no further than the rash of attacks based on EternalBlue, the leaked NSA tool. But source code used by APT1, McAfee says, never became public, nor did it wind up on the black market. Which makes its reappearance something of a mystery.

    “When we picked up the samples and we found code reuse for Comment Crew,” says McAfee chief scientist Raj Samani, “all of a sudden it was like an ‘oh shit’ moment.”

    Attack Zones
    McAfee says it has seen five waves of attacks using the remixed malware, which it calls Oceansalt, dating back to May of this year. The attackers crafted spearphishing emails, with infected Korean-language Excel spreadsheet attachments, and sent them to targets who were involved in South Korean public infrastructure projects and related financial fields.

    “They knew the people to target,” Samani says. “They had identified the targets that they needed to manipulate into opening these malicious documents.”

    Victims who opened those documents unwittingly installed Oceansalt. McAfee believes the malware was used for initial reconnaissance, but had the ability to take control both of the system it infected and any network that device connected to. “The access that they had was quite significant,” says Samani. “Everything from getting full insight into the file structure, being able to create files, delete files, being about to list processes, terminate processes.”

    While the initial attacks focused on South Korea—and appear to have been instigated by people fluent in Korean—they at some point spread to targets in the United States and Canada, focusing especially on the financial, health care, and agricultural industries. McAfee says it’s not aware of any obvious ties between the impacted companies and South Korea, and that the move West may have been a separate campaign.

    McAfee does note some differences between Oceansalt and its precursor. Seasalt, for instance, had a persistence method that let it remain on an infected device even after a reboot. Oceansalt does not. And where Seasalt sent data to the control server unencrypted, Oceansalt employs an encoding and decoding process.

    Still, the two share enough code that McAfee is confident in the connection. It’s far less certain, though, about who’s behind it.

    Who Done It?
    It’s hard to overstate just how capable APT1 was, and how unprecedented Mandiant’s insights were at the time. “APT1 were extraordinarily prolific,” says Benjamin Read, senior manager for cyberespionage analysis at FireEye, which acquired Mandiant in 2014. “They were one of the highest in terms of volume. But volume can also allow you to build a pattern of life. When you’re doing that much stuff, you’re going to have slip-ups that expose some of the backend.”

    It’s probably not accurate to say that APT1 disappeared after the Mandiant report. It’s just as likely that the unit’s hackers continued to work for China under a different guise. But it is true, Read says, that the tactics, the infrastructure, and specific malware associated with the group haven’t seen the light of day in those five years.

    It’s tempting to think, perhaps, that McAfee’s find means that APT1 is back. But attribution is hard under any circumstances, and Oceansalt is no smoking gun. In fact, McAfee sees a few distinct possibilities as to its provenance.

    “Either it’s the re-emergence of this group, or potentially you’re looking at state-to-state collaboration with regards to a major espionage campaign, or somebody’s trying to point the finger at the Chinese,” says Samani. “Either one of those three scenarios is quite significant.”

    Despite a mounting hacking threat from China, McAfee’s own report considers it “unlikely” that Oceansalt actually marks the return of APT1. Even assuming those hackers are still active somewhere in the Chinese system, why return to tools that had previously been exposed?

    Then there’s the possibility that an actor has somehow acquired the code, either directly from China or through other unknown means. “It is possible, very possible, that this was potentially an intended collaboration. Or the source code has been stolen, or something along those lines as well. In some way, shape, or form, that code got into the hands of another threat actor group that is fluent in Korean,” says Samani.

    An intriguing possibility, and also hard to pin down. Similarly, the “false flag” option—that a hacking group wants to create cover by making it look like China is responsible—isn’t without precedent, but there are easier ways to mask your activities.

    “The place we do see a lot of this, a lot of espionage groups use open source or publicly available tools,” says FireEye’s Read. “It means you don’t have to develop custom stuff, and it’s harder to link things based on malware. It can obfuscate what’s behind it, without implying it’s someone else specifically.”

    That there are no good answers around Oceansalt only adds to the intrigue. In the meantime, potential targets should be aware that a long-abandoned malware appears to have returned, creating brand new problems for its victims.
    Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


    • #3
      Picking flowers in foreign lands to make honey in China

      CNN report - Chinese army scientists exploiting Western universities, report says

      Main publication - Picking flowers, making honey
      Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


      • #4
        Huawei's 5G ambitions suffer another big setback

        London (CNN Business)Huawei's dream of becoming a global leader in 5G mobile networks has suffered another blow.

        UK telecoms group BT (BT) confirmed on Wednesday that it would not buy equipment from the Chinese tech company for the core of its next generation wireless network. The company also said it would remove existing Huawei technology from the heart of its 4G network within two years.

        A spokesperson for BT said the decision was taken to align its mobile phone business, which it acquired from EE in 2016, with long-standing company policies that have excluded Huawei from its core networks.

        The Chinese company, which sells smartphones and telecommunications equipment around the world, is facing increased scrutiny in the United States and other countries, where officials have warned of potential national security risks from using Huawei products.

        A spokesperson for BT would not comment on whether the exclusion of Huawei was due to security concerns. The company said it will still keep Huawei as an "important equipment provider outside the core network," using its equipment in areas that are considered "benign," such as masts or telecom towers.

        BT's announcement, which was first reported by the Financial Times, is the latest example of Western countries following a lead set by the United States.

        "We have a long-running program to replace Huawei equipment in the mobile core for 3G and 4G," BT said in a statement, adding that the same principles will be applied to its core infrastructure for 5G.

        "As a result, Huawei have not been included in vendor selection for our 5G core," it said.

        Britain's most senior spy used a rare speech earlier this week to warn that the United Kingdom and its allies are in a technological arms race with their adversaries.

        Alex Younger, head of the Secret Intelligence Service (also known as MI6), was quoted by the BBC as saying the United Kingdom will need to "decide the extent to which we are going to be comfortable with Chinese ownership of these technologies and these platforms."

        Younger's warning follow reports that the United States is urging its allies to stop using Huawei telecommunications equipment because the Chinese company poses a security threat.

        A British government oversight panel that monitors Huawei's activities in the United Kingdom warned earlier this year that it can provide only "limited assurance" that telecoms equipment provided by Huawei poses no threat to national security.

        The Financial Times reported last week that the UK government has warned telecoms companies to consider their suppliers carefully as they build 5G networks.
        Huawei said it "understands and supports" BT's move, describing it as "normal and expected."

        "Huawei has been working with BT for almost 15 years," it said in a statement. "Since the beginning of this partnership, BT has operated on a principle of different vendors for different network layers."

        The Chinese company added that it will continue working with BT and noted that its "products and solutions serve customers in more than 170 countries and regions."

        Huawei is largely shut out of the US market, where it has repeatedly come under fire from lawmakers and government officials who accuse it of working under the influence of the Chinese government.

        It says it's a private company owned by its employees. It told CNN Business last month that its equipment is trusted by 46 of the world's 50 largest telecommunications companies.

        But security agencies are particularly worried about Huawei's involvement in future 5G networks, because of the rise of connected devices, smart homes and the internet of things.

        New Zealand and Australia have also prevented telecoms companies from using Huawei equipment for their 5G mobile networks.
        Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


        • #5
          Japan to bar Huawei, ZTE from government procurement contracts: sources

          TOKYO (Reuters) - Japan plans to ban government purchases of equipment from China’s Huawei Technologies Co Ltd and ZTE Corp (0763.HK) (000063.SZ), a person with direct knowledge and a person briefed on the matter told Reuters on Friday.

          The Yomiuri newspaper, which first reported the news, said the government was expected to revise its internal rules on procurement as early as Monday in a bid to prevent intelligence leaks and cyber attacks.
          Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


          • #6
            US pushes allies to fight Huawei in new arms race with China
            Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


            • #7
              US files charges against China's Huawei and CFO Meng Wanzhou

              Why America's fight with Huawei matters
              Last edited by Oracle; 29 Jan 19,, 16:28.
              Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


              • #8
                Mobile network operator's body GSMA considers crisis meeting over Huawei
                Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


                • #9
                  Will Chinese firm's stake in Reddit normalise censorship?
                  Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


                  • #10
                    Huawei ready to tackle extra security to stay in 5G kit race

                    Poland arrested a Chinese employee of Huawei and a former Polish security official in January on spying allegations. Huawei said the next day that the employee had been fired.
                    Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


                    • #11
                      Chinese customers accuse Spanish bank BBVA of racism

                      Europe is racist. Chinese businesses should quit Europe, and all Chinese living, studying, merry-making should come back and stay in prosperous China. They should all quit the Americas and Canada, and all other places I didn't mention. China is already a superpower, and in another 5 years will replace America as the numero uno sole power in terms of military and economy. The CPC would then need all these people to transition China into a power never seen in this world in the last 10,000 years.

                      Without Huawei's 5G tech, Europe and the rest of the world will slip back to the dark age, while the Chinese will be communicating with extraterrestrial life forms from distant planets. And in time, China's dream of colonizing the Qing planetary system would take place. All of these developments, however, would need the support of His Majesty Xi Xingping and his party the CPC, which has announced to transform China from a one party authoritarian regime, into a multi-party socialist state, where all Chinese have an equal say in its affairs.
                      Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


                      • #12
                        Elite U.S. school MIT cuts ties with Chinese tech firms Huawei, ZTE

                        (Reuters) - The Massachusetts Institute of Technology has severed ties with Huawei Technologies and ZTE Corp as U.S. authorities investigate the Chinese firms for alleged sanctions violations, the school said on Wednesday.

                        MIT is the latest top educational institution to unplug telecom equipment made by Huawei and other Chinese companies to avoid losing federal funding.

                        "MIT is not accepting new engagements or renewing existing ones with Huawei and ZTE or their respective subsidiaries due to federal investigations regarding violations of sanction restrictions," Maria Zuber, its vice president for research, said in a letter on its website.

                        Collaborations with China, Russia and Saudi Arabia would face additional administrative review procedures, Zuber added.

                        “The institute will revisit collaborations with these entities as circumstances dictate,” she said.

                        Britain’s Oxford University stopped accepting funding from Huawei this year.

                        “We’re disappointed by MIT’s decision, but we understand the pressure they’re under at the moment,” Huawei said on Thursday. The company denies the allegations of the U.S. government.

                        “We trust the U.S. judicial system will ultimately reach the right conclusion,” Huawei said.

                        ZTE did not respond to a Reuters request for comment.

                        Representatives for Zuber and Richard Lester, an associate provost at MIT who also signed the letter, referred questions about details such as how much research was likely to be affected to MIT spokespeople, who did not immediately respond.

                        In a letter to MIT faculty at the start of the current school year, Lester wrote that in cases where U.S. and Chinese interests are in direct conflict, MIT would prioritize its home country.

                        Meng Wanzhou, Huawei’s chief financial officer and daughter of its founder Ren Zhengfei, was arrested in Canada in December at the request of the United States on charges of bank and wire fraud in violation of U.S. sanctions against Iran.

                        She denies wrongdoing.

                        U.S. sanctions forced ZTE to stop most business between April and July last year after Commerce Department officials said it broke a pact and was caught illegally shipping U.S.-origin goods to Iran and North Korea. The sanctions were lifted after ZTE paid $1.4 billion in penalties.

                        In Beijing, the Foreign Ministry referred questions to the two companies, but said Chinese firms were required to abide by local laws.

                        “At the same time, we ask that governments in countries where they are based provide a just, fair, and nondiscriminatory environment,” its spokesman, Geng Shuang, told a news briefing on Thursday.

                        Chinese telecoms equipment makers have also been facing mounting scrutiny, led by the United States, amid worries Beijing could use their equipment for spying. The companies, however, have said the concerns are unfounded.
                        Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


                        • #13
                          Huawei laptop 'backdoor' flaw raises concerns

                          A flaw in Huawei Matebook laptops, found by Microsoft researchers, could have been used to take control of machines, the Times has reported.

                          The "sophisticated flaw" had probably been introduced at the manufacturing stage, one expert told BBC News.

                          Huawei is under increasing scrutiny around the world over how closely it is tied to the Chinese government.

                          The company, which denies any collusion with Beijing, corrected the flaw after it was notified about it in January.

                          Prof Alan Woodward, a computer security expert based at Surrey University, told BBC News the flaw had the hallmarks of a "backdoor" created by the US's National Security Agency to spy on the computers of targets.

                          That tool was leaked online and has been used by a wide variety of hackers, including those who are state-sponsored and criminal gangs.

                          "It was introduced at the manufacture stage but the path by which it came to be there is unknown and the fact that it looks like an exploit that is linked to the NSA doesn't mean anything," Prof Woodward said.

                          "It could be organised crime gangs, which are increasingly interfering with the supply chain, or it could be someone playing geo-politics to discredit Huawei.

                          "There is no evidence that the company has done anything malicious or any evidence they were under pressure from the state."

                          The question remains, however, according to Prof Woodward: "How did the software engineering processes allow this on?

                          "This is not going to help their case or reduce people's concerns," he said.

                          The British intelligence community last week said that it could offer only "limited assurances" that long-term security risks from Huawei could be managed.

                          Prof Woodward said: "Huawei is critical to 5G, which in turn will be critical to a whole range of things, including future cities and autonomous cars.

                          "Disrupting this network could cause huge disruptions to society and I can see why people are worried about Huawei supplying this technology.

                          "They are headquartered in a country that has coercive laws and has made it clear that companies have to co-operate with the government and keep that secret."
                          Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


                          • #14
                            For a growing number of Chinese students, the doors to America are closing


                            China’s Spying Poses Rising Threat to U.S.
                            Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!


                            • #15
                              For a growing number of Chinese students, the doors to America are closing


                              China’s Spying Poses Rising Threat to U.S.
                              Politicians are elected to serve...far too many don't see it that way - Albany Rifles! || Loyalty to country always. Loyalty to government, when it deserves it - Mark Twain! || I am a far left millennial!