China’s spies blamed over mass data theft
Chinese intelligence services have been blamed for the most audacious, widespread data theft in history.
Chinese intelligence services have been blamed for the most audacious, widespread data theft in history, after state-directed hackers used invasive techniques to steal commercially sensitive data from nine of the world’s largest managed service providers and scores of their smaller clients.
Australia yesterday joined allies including the US and Britain in condemning China over the operation, which authorities said had been under way for more than a decade and involved a mix of freelance hackers and professional cyber spies employed by the Ministry of State Security.
Two Chinese nationals — Zhu Hua and Zhang Shilong — were indicted by the US District Court, Southern District of New York, over the operation, which was carried out under the name of Advanced Persistent Threat 10, the code name used by the group.
Australia’s response to the hacking revelations drew a terse reply from China’s Foreign Affairs Ministry, which issued a statement warning that countries should “stop deliberate defamation of China, so as not to damage their bilateral relations and co-operation in important areas”.
Western authorities allege that APT-10 had targeted dozens of sensitive industries including aviation, manufacturing, oil and gas exploration, IT, pharmaceutical technology and defence contractors.
In a first for Australia, Foreign Minister Marise Payne and Home Affairs Minister Peter Dutton named China as the architect of the operation and expressed “serious concern’’ over China’s violation of a 2017 agreement in which Beijing pledged to refrain from stealing sensitive Australian intellectual property.
“The sustained cyber intrusions by APT-10 were significant and focused on large-scale managed service providers,” the two ministers said.
“When it is in our interests to do so, Australia publicly attributes cyber incidents, especially those with the potential to undermine global economic growth, national security and international stability.’’
A managed service provider provides IT support and infrastructure for smaller companies that lack the scale, resources or know-how to do it themselves. They provide computer servers, storage, networking services and IT support for thousands of small and medium enterprises. As such, they are a honeypot for hackers.
In the US, at least 45 firms were hit and more than 100,000 US Navy personnel targeted. It was not clear how many firms in Australia had been hit.
Australia’s ambassador for cyber affairs, Tobias Feakin, said: “We are still assessing the scale of the data that has been taken but we know data has been stolen.’’
According to the US Justice Department, members of APT-10, including Mr Zhu and Mr Zhang, had been hacking foreign firms as early as 2006.
The two men are alleged to have worked for a company called Huaying Haitai Science and Technology Development Company, based in Tianjin, near Beijing. The company was effectively a front for the Chinese Ministry of State Security and for more than a decade carried out an audacious and widespread campaign of cyber theft on the ministry’s behalf.
The two men are alleged to have worked out of a non-descript office building where they kept regular nine-to-five hours.
“The APT-10 Group’s hacking operations evolved over time, demonstrating advances in overcoming network defences, victim selection and tradecraft,’’ the indictment read.
“Moreover, the APT-10 group utilised some of the same online facilities to initiate, facilitate and execute its campaigns during the conspiracy, reflecting the APT-10 group’s continuous and unrelenting effort, from in or about 2006 to up to and including in or about 2018, to steal technologies and other information of value to the conspiracy.’’
The operation relied heavily on “spear phishing’’ techniques that target specific employees with relevant or interesting emails that appear to hail from legitimate senders. The emails contain executable files that once downloaded, install spyware on the computer.
The APT-10 operation is said to have used key-stroke loggers to steal usernames and passwords as well as Trojans, malicious software providing a backdoor into a network.
The Morrison government’s decision to name and shame China in conjunction with Australia’s allies reflected a frustration at Beijing’s persistent cyber-hacking campaign, as well as a reticence on the part of some of the targeted companies to acknowledge the breach and work with authorities, for fear of commercial repercussions.
More Coverage
ISIS bride won’t let son return
Australian ISIS bride vows never to return, fearing jail and refusing to raise son in non-Islamic country.
Threat ‘to behead’ prisons chief
Jihadist Bourhan Hraichie sent a letter to the NSW Commissioner of Corrective Services threatening to “behead” him.