Chinese Companies Now Authorized to Conduct Foreign Cyberattacks, Sell Access to Government (msn.com) 44
"The U.S. is absolutely facing the most serious Chinese hacking ever." That's what the Washington Post was told by a China-focused consultant at security company SentinelOne:
Undeterred by recent indictments alleging widespread cyberespionage against American agencies, journalists and infrastructure targets, Chinese hackers are hitting a wider range of targets and battling harder to stay inside once detected, seven current and former U.S. officials said in interviews. Hacks from suspected Chinese government actors detected by the security firm CrowdStrike more than doubled from 2023 to more than 330 last year and continued to climb as the new administration took over, the company said... Although the various Chinese hacking campaigns seem to be led by different government agencies and have different goals, all benefit from new techniques and from Beijing's introduction of a less constrained system for cyber offense, the officials and outside researchers told The Washington Post... Chinese intelligence, military and security agencies previously selected targets and tasked their own employees with breaking in, they said. But the Chinese government decided to take a more aggressive approach by allowing private industry to conduct cyberattacks and hacking campaigns on their own, U.S. officials said.
The companies are recruiting top hackers who discover previously unknown, or "zero-day," flaws in software widely used in the United States. Then the companies search for where the vulnerable programs are installed, hack a great many of them at once, and then sell access to multiple Chinese government customers and other security companies. That hacking-for-hire approach creates hundreds of U.S. victims instead of a few, making it hard to block attacks and to decide which were China's key targets and which were unintentionally caught in the hacks, an FBI official said, speaking on the condition of anonymity to follow agency practices... "The result of that incentive structure is that there is significantly more hacking...."
China has mastered the ability to move undetected through networks of compromised U.S. devices, so that the final connection to a target appears to be an ordinary domestic connection. That makes it easy to get around technology that blocks overseas links and puts it outside the purview of the National Security Agency, which by law must avoid scrutinizing most domestic transmissions. Beijing is increasingly focused on hacking software and security vendors that provide access to many customers at once, the FBI official said. Once access is obtained, the hackers typically add new email and collaboration accounts that look legitimate... Beyond the increased government collaboration with China's private security sector is occasional collaborating with criminal groups, said Ken Dunham, an analyst at the security firm Qualys.
The article notes that China's penetration of U.S. telecom carriers "is still not fully contained, according to the current and former officials." But in addition, the group behind that attack "has more recently shown up inside core communications infrastructure in Europe, according to John Carlin, a former top national security official in the Justice Department who represents some U.S. victims of the group." And documents leaked last year from a security contractor that works with the Chinese military and other government groups "described contracts and targets in 20 countries, with booty including Indian immigration data, logs of calls in South Korea, and detailed information on roads in Taiwan.
"It also detailed prices for some services, such as $25,000 for promised remote access to an iPhone, payment disputes with government customers and employee gripes about long hours..."
The companies are recruiting top hackers who discover previously unknown, or "zero-day," flaws in software widely used in the United States. Then the companies search for where the vulnerable programs are installed, hack a great many of them at once, and then sell access to multiple Chinese government customers and other security companies. That hacking-for-hire approach creates hundreds of U.S. victims instead of a few, making it hard to block attacks and to decide which were China's key targets and which were unintentionally caught in the hacks, an FBI official said, speaking on the condition of anonymity to follow agency practices... "The result of that incentive structure is that there is significantly more hacking...."
China has mastered the ability to move undetected through networks of compromised U.S. devices, so that the final connection to a target appears to be an ordinary domestic connection. That makes it easy to get around technology that blocks overseas links and puts it outside the purview of the National Security Agency, which by law must avoid scrutinizing most domestic transmissions. Beijing is increasingly focused on hacking software and security vendors that provide access to many customers at once, the FBI official said. Once access is obtained, the hackers typically add new email and collaboration accounts that look legitimate... Beyond the increased government collaboration with China's private security sector is occasional collaborating with criminal groups, said Ken Dunham, an analyst at the security firm Qualys.
The article notes that China's penetration of U.S. telecom carriers "is still not fully contained, according to the current and former officials." But in addition, the group behind that attack "has more recently shown up inside core communications infrastructure in Europe, according to John Carlin, a former top national security official in the Justice Department who represents some U.S. victims of the group." And documents leaked last year from a security contractor that works with the Chinese military and other government groups "described contracts and targets in 20 countries, with booty including Indian immigration data, logs of calls in South Korea, and detailed information on roads in Taiwan.
"It also detailed prices for some services, such as $25,000 for promised remote access to an iPhone, payment disputes with government customers and employee gripes about long hours..."
Re: (Score:2)
You are 120% wrong, as usual. The US has nothing like this, and will prosecute companies that try to do it:
But the Chinese government decided to take a more aggressive approach by allowing private industry to conduct cyberattacks and hacking campaigns on their own, U.S. officials said.
Re: (Score:2)
The difference is that the US keeps the hacking in government hands and restricted to authorized contractors. Not much of a difference, really.
Re: (Score:2)
The difference is that the US keeps the hacking in government hands and restricted to authorized contractors. Not much of a difference, really.
Completely different, a Chinese civilian in the US can be acting as an agent of their government under this reported new authorization. That's farming out to civilians as opposed to the keeping it inside government as you say.
And as usual you can't Google (Score:2)
Per the article the only difference is that China is being a little more honest about it
Took me 60 seconds to find that. I hope you're not part of America's cybersecurity infrastructure...
Re: (Score:2)
Next time, spend more than 60 seconds looking, because that doesn't say anything that helps your case.
Aaaand, why don't the gov't punish them for it? (Score:1)
Re: (Score:3, Insightful)
Liberals : don't be nationalist/racist
Buesiness: Don't disrupt my supply chain
Economists : free trade uber alles
You have to become an arch enemy of the entire mainstream to enter a cold war with China. This doesn't require strength, this requires madness. The administration is mad, unfortunately they have made trade balance their hill to die on.
Re: (Score:2)
Capitalists must be proud to see Commie China being forced to admit that outsourcing your hacking to private companies is the most efficient way.
Re: (Score:2)
see what they'll do.
You're aware they can backrupt the US government at will, right?
Re: (Score:3)
It would be mutual assured bankruptcy. The minute Chinese start selling off their T bills, USA would cancel them in whole at once. Such a step would make it difficult to ever finance the US budget deficit again, but it would also tear a massive hole into Chinese budget and finances, which likely bankrupts them as well. This may well be the reason, why China never played that card.
Looks like someone is looking... (Score:1)
...for a fat contract
Instead of promoting a fake cold war with China, maybe cooperation would be better
Re: (Score:2)
Cooperation ... so the US should invade Taiwan for them?
Re: (Score:2)
Re: (Score:2)
They just want to slowly economically and politically strangle them into submission.
So, instead of invading should the US cooperate in economic sanctions on Taiwan?
Re: (Score:2)
They just want to slowly economically and politically strangle them into submission.
They have a funny way of doing that by being one of Taiwan's largest trading partners.
I think China's strategy is to put enough military pressure on Taiwan to prevent it from formally declaring independence. They figure time will work for them and they can afford to play the long game. At least so long as Taiwan doesn't become a Ukraine-style threat as a base for military pressure on China. I think the anti-Chinese crusade in the US is to some extent a recognition of that. Time is on China's side and we ne
Re: Looks like someone is looking... (Score:2)
Sun Tzu Adjacent: if your enemy is destroying itself, do nothing. Just wait 5 years as the usa is sucked dry by the oligarchs.
Re: (Score:2)
They haven't invaded Taiwan in the past 75 years. Is there some reason to think they will in the near future?
Yes and no. The main reason to think that China might invade Taiwan is that they have always had that desire over since 1949. The only reason preventing that invasion in the past was a combination of the limitations of the PRC military, particularly the navy and air force, and the intervention of the US, both in terms of direct military presence and arms supply. Furthermore, the hoped for Soviet military support never materialized due to a Soviet preference to avoid a hot war with the US. China did try
Re: (Score:2)
Your list sort of makes the case why there is little, if any, chance China is going to invade Taiwan absent some major provocation. Taiwan is hardly important for domestic propaganda other than as a nationalist symbol. And they have adults running the country who are not likely to be deceived by their own propaganda.
You are talking about the situation 75 years ago when the Chinese government on Taiwan had the full backing of the Untied States and was at least as intent on invading the mainland to reunify C
Re: (Score:2)
If they help us invade Greenland, we'll help them invade Taiwan.
1. They don't need your help with invading Taiwan.
2. The terms of your contract are unacceptable. Placing the actions in this order would require them to TRUST Trump, the one thing he has demonstrated he isn't worth of.
3. the Axis of Upheaval (aka Quartet of Death or Axis of Chaos) is accepting new members?
CCP says a forceful reunification is an option (Score:2)
They haven't invaded Taiwan in the past 75 years. Is there some reason to think they will in the near future?
Other than the CCP says a forceful reunification is always an option? Other than building the military capability necessary to do so?
"BOTTOM LINE
China is systematically preparing for a forceful reunification campaign by redesigning and intensifying military and civilian-military measures such as military mobilization, amphibious capabilities, standardization of operations, and resource stockpiling.
The People’s Liberation Army’s expanded and improved military exercises around Taiwan since Au
Re: (Score:2)
Other than the CCP says a forceful reunification is always an option? Other than building the military capability necessary to do so?
So perhaps less likely than the US invading Greenland, but more likely than the US invading Canada?
Taiwan is last unconquered part of China (Score:2)
They haven't invaded Taiwan in the past 75 years. Is there some reason to think they will in the near future?
Taiwan is the last region of China the remains unconquered by the Communists. It is literally the remnants of the National Government of the Republic of China that ruled China until 1948. It was defeated on the mainland and fled to Taiwan where it relocated the capital of China to Taipei, Taiwan and still claimed authority over the mainland. This was recognized by the UN and various nations for a while. Then reality was recognized and a Two-China policy was held for a while. For diplomatic reasons a One-Chi
Re: (Score:2)
Taiwan is the last region of China the remains unconquered by the Communists.
You seem to accept that Taiwan is part of China. And you are right, the mainland Government does want to reunify the country. But whether they are willing to pay the price of resuming the civil war is doubtful. There simply is not enough at stake. They can afford to wait. On the other hand, if Taiwan declares permanent independence, they might act. Time is no longer on their side.
Future historians (Score:2)
Re: (Score:2)
Agreements, trade, theft, hacking, tariffs. I always wondered how insane future historians would consider us to be when reading about the times of today.
i suppose that that narrative will be predominantly shaped by whoever prevails, as usual. it might have little to do with real drivers and forces.
Re: (Score:2)
That includes Microsoft China, yes? (Score:3)
They just got found out being the sysadmins (!) for the US DoD cloud, and that would explain why China is making it now official.
They Smell Weakness (Score:3, Insightful)
They see the best opportunity to strike America in living memory. The national defense is being led by people with no experience in that domain, and a general lack of competence across the board. It sounds passe at this point, but the picks this round make the first the first Trump administration look like actual statesmen in comparison.
The guys there now are in way over their heads. They're going to get played in ways we haven't even thought of, and ways we'll never know.
You had me going there for a minute ;) (Score:2)
> That makes it easy to get around technology that blocks overseas links and puts it outside the purview of the National Security Agency, which by law must avoid scrutinizing most domestic transmissions
Modern-day Letter of Marque (Score:1)
If true, this is the modern-day version of a Letter of Marque, with the slight (cough cough) difference that the United States and China are neither technically at war (like N. and S. Korea) nor actually shooting at each other (like the various non-declared wars/hostilities the US has been involved in after WW2).
Are Chinese SW companies creating malware? (Score:1)
No More Access (Score:1)
Cut hem off .. (Score:1)
.. cut the wires, not just a firewall.