It seems like every time cybersecurity experts turn around, China is standing right behind them. The country has been accused (and caught) in numerous hacking attempts against multiple targets and the most recent hacks against US held journalism sites has just been added to the country’s shady cyber resume.
Very recently, numerous US journalism cites that cover China found themselves in the crosshairs. The New York Times, The Washington Post, and The Wall Street Journal all have reported that Chinese hackers have been infiltrating their networks (perhaps for years) and stealing information from them. This isn’t the first time that China has been in the news about cyberwarfare and hacking and we’ve been seeing the country appear on the radar for training hackers, for being the source of hack attempts against government and commercial interests, as well as just being a nuisance in cyberspace in general.
From the WSJ article,
Chinese hackers for years have targeted major U.S. media companies with hacking that has penetrated inside newsgathering systems, several people familiar with the response to the cyberattacks said. Tapping reporters’ computers could allow Beijing to identify sources on articles and information about pending stories. Chinese authorities in the past have penalized Chinese nationals who have passed information to foreign reporters.
Journal sources on occasion have become hard to reach after information identifying them was included in emails. However, Western reporters in China long have assumed that authorities are monitoring their communications and act accordingly in sensitive cases.
Of course, foreign correspondents and journalists in foreign countries expect that the governments of those countries are watching them—however, this behavior extends far beyond that and for the U.S. news outfits in question each one suffered vast infiltration of their computer networks by Chinese hackers with the intent of surveillance. China is already extremely well known for their Great Firewall of China, laws criminalizing anti-government dissent, and violent suppression of criticism.
The era of cyberwarfare means a greater need for cybersecurity of oft- surveilled classes
It’s obvious that security pundits pointing at China and their involvement with US journalism are not crying wolf. China has been repeatedly and demonstrably been seen being part of international cybersecurity upsets and has been using cyberwarfare against its neighbors and enemies for quite some time.
The motives for a foreign government to watch journalists who might be prying into their inner workings is obvious and they have both the means and the opportunity to pull this off.
Outfits such as The New York Times, The Washington Post, and The Wall Street Journal may need to look into government-grade cybersecurity for their internal networks and their on-the-street journalists—especially those who work with information about foreign governments. No doubt they will never be able to be less-infiltrated. In fact, chances are good that personnel working for these companies already are the weakest link—surveillance of news agencies by foreign powers has existed from before the Internet.
The proliferation of devices, readily available Internet, software exploits, and malware (not to mention government-funded malware like Flame and Red October) has just made it a lot easier to gather information without needing a person in the field.
In fact, expect there to be surveillance malware sneaking its way into news agencies in the near future that Trojans in through smartphones or onto PCs and laptops simply with the intent to act as a listening device. Very few hackers needed, and it could easily be insinuated into a poorly protected network via a person who works in the office (either as an actual accomplice or someone who works on news about China reading a carefully crafted website or opening a PDF.)
China responds: “We had nothing to do with it! China held IPs doesn’t mean Chinese hackers!”
Monday, The People’s Daily—the official newspaper of China’s ruling Communist Party—severely rejected claims of China’s involvement in all the above hacks. Echoing vehement objections to the reporting by the government, The People’s Daily noted: “Even those with little understanding of the Internet know that hacking attacks are transnational and concealable.”
Adding, “IP addresses simply do not constitute sufficient evidence to confirm the origins of hackers.”
While this is true, if Chinese IP addresses are part of the investigation and they’re just proxies for the real hackers, it means China is doing a terrible job policing their own networks.
Chinese Embassy spokesman Geng Shuang condemned allegations of Chinese cyberspying. “It is irresponsible to make such an allegation without solid proof and evidence,” he said. “The Chinese government prohibits cyberattacks and has done what it can to combat such activities in accordance with Chinese laws.” He said China has been a victim of cyberattacks but didn’t say from where.
At this point it’s a forgone conclusion that the hackers are indeed Chinese. The IP addresses originate from China and the information sought after involves US media covering China. What remains to be questioned is if this is government-sanctioned hacking (or better: how much?)
FBI and other agencies have been studying these attacks for years and they appear to be carried out by numerous different groups, using different tactics, and having potentially different goals. Some of the infiltrations appear to be sophisticated—such as those revealed last week—while others seem to be thoughtless probing and automatic defense testing. It’s unknown if all the infiltrations together originate from the same group even if they all tie back to China.
No doubt, the extent of the infiltration and what US media will do about it is still on the table.
However, when it comes to the response of the US government, the apparent and obvious Chinese hand in these attacks is only going to further raise suspicions and move a lot more words before we know everything there is to know.