Xtra News Community 2
March 29, 2024, 02:26:39 am
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Welcome to Xtra News Community 2 — please also join our XNC2-BACKUP-GROUP.
 
  Home Help Arcade Gallery Links BITEBACK! XNC2-BACKUP-GROUP Staff List Login Register  

How Chinese hackers turned the tables on U.S. Government hackers…

Pages: [1]   Go Down
  Print  
Author Topic: How Chinese hackers turned the tables on U.S. Government hackers…  (Read 230 times)
0 Members and 2 Guests are viewing this topic.
Kiwithrottlejockey
Admin Staff
XNC2 GOD
*
Posts: 32232


Having fun in the hills!


« on: May 07, 2019, 08:46:16 pm »


from The New York Times…

How Chinese Spies Got the N.S.A.'s Hacking Tools,
and Used Them for Attacks


The latest case of cyber-weapons escaping American control raises questions
about the United States' expensive and dangerous digital arsenal.


By NICOLE PERLROTH, DAVID E. SANGER and SCOTT SHANE | Monday, May 06, 2019

The server room at Symantec in Culver City, California. The company provided the first evidence that Chinese state-sponsored hackers had acquired some of the National Security Agency's cyber-tools before other hackers. — Photograph: Michal Czerwonka/for The New York Times.
The server room at Symantec in Culver City, California. The company provided the first evidence that Chinese
state-sponsored hackers had acquired some of the National Security Agency's cyber-tools before other hackers.
 — Photograph: Michal Czerwonka/for The New York Times.


CHINESE intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia, a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal.

Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers — like a gunslinger who grabs an enemy's rifle and starts blasting away.

The Chinese action shows how proliferating cyber-conflict is creating a digital wild West with few rules or certainties, and how difficult it is for the United States to keep track of the malware it uses to break into foreign networks and attack adversaries' infrastructure.

The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the world's most high-tech, stealthy cyber-weapons if it is unable to keep them under lock and key.

The Chinese hacking group that co-opted the N.S.A.'s tools is considered by the agency's analysts to be among the most dangerous Chinese contractors it tracks, according to a classified agency memo reviewed by The New York Times. The group is responsible for numerous attacks on some of the most sensitive defense targets inside the United States, including space, satellite and nuclear propulsion technology makers.

Now, Symantec's discovery, unveiled on Monday, suggests that the same Chinese hackers the agency has trailed for more than a decade have turned the tables on the agency.

Some of the same N.S.A. hacking tools acquired by the Chinese were later dumped on the internet by a still-unidentified group that calls itself the Shadow Brokers and used by Russia and North Korea in devastating global attacks, although there appears to be no connection between China's acquisition of the American cyber-weapons and the Shadow Brokers' later revelations.

But Symantec's discovery provides the first evidence that Chinese state-sponsored hackers acquired some of the tools months before the Shadow Brokers first appeared on the internet in August 2016.

Repeatedly over the past decade, American intelligence agencies have had their hacking tools and details about highly classified cyber-security programs resurface in the hands of other nations or criminal groups.

The N.S.A. used sophisticated malware to destroy Iran's nuclear centrifuges — and then saw the same code proliferate around the world, doing damage to random targets, including American business giants like Chevron. Details of secret American cyber-security programs were disclosed to journalists by Edward J. Snowden, a former N.S.A. contractor now living in exile in Moscow. A collection of C.I.A. cyber-weapons, allegedly leaked by an insider, was posted on WikiLeaks.

“We've learned that you cannot guarantee your tools will not get leaked and used against you and your allies,” said Eric Chien, a security director at Symantec.


The National Security Agency headquarters in Maryland. — Photograph: Patrick Semansky/Associated Press.
The National Security Agency headquarters in Maryland. — Photograph: Patrick Semansky/Associated Press.

Now that nation-state cyber-weapons have been leaked, hacked and repurposed by American adversaries, Mr. Chien added, it is high time that nation states “bake that into” their analysis of the risk of using cyber-weapons — and the very real possibility they will be reassembled and shot back at the United States or its allies.

In the latest case, Symantec researchers are not certain exactly how the Chinese obtained the American-developed code. But they know that Chinese intelligence contractors used the repurposed American tools to carry out cyber-intrusions in at least five countries: Belgium, Luxembourg, Vietnam, the Philippines and Hong Kong. The targets included scientific research organizations, educational institutions and the computer networks of at least one American government ally.

One attack on a major telecommunications network may have given Chinese intelligence officers access to hundreds of thousands or millions of private communications, Symantec said.

Symantec did not explicitly name China in its research. Instead, it identified the attackers as the Buckeye group, Symantec's own term for hackers that the Department of Justice and several other cyber-security firms have identified as a Chinese Ministry of State Security contractor operating out of Guangzhou.

Because cyber-security companies operate globally, they often concoct their own nicknames for government intelligence agencies to avoid offending any government; Symantec and other firms refer to N.S.A. hackers as the Equation group. Buckeye is also referred to as APT3, for Advanced Persistent Threat, and other names.

In 2017, the Justice Department announced the indictment of three Chinese hackers in the group Symantec calls Buckeye. While prosecutors did not assert that the three were working on behalf of the Chinese government, independent researchers and the classified N.S.A. memo that was reviewed by The New York Times made clear the group contracted with the Ministry of State Security and had carried out sophisticated attacks on the United States.

A Pentagon report about Chinese military competition, issued last week, describes Beijing as among the most skilled and persistent players in military, intelligence and commercial cyber-operations, seeking “to degrade core U.S. operational and technological advantages.”

In this case, however, the Chinese simply seem to have spotted an American cyber-intrusion and snatched the code, often developed at huge expense to American taxpayers.

Symantec discovered that as early as March 2016, the Chinese hackers were using tweaked versions of two N.S.A. tools, called Eternal Synergy and Double Pulsar, in their attacks. Months later, in August 2016, the Shadow Brokers released their first samples of stolen N.S.A. tools, followed by their April 2017 internet dump of its entire collection of N.S.A. exploits.

Symantec researchers noted that there were many previous instances in which malware discovered by cyber-security researchers was released publicly on the internet and subsequently grabbed by spy agencies or criminals and used for attacks. But they did not know of a precedent for the Chinese actions in this case — covertly capturing computer code used in an attack, then co-opting it and turning it against new targets.

“This is the first time we've seen a case — that people have long referenced in theory — of a group recovering unknown vulnerabilities and exploits used against them, and then using these exploits to attack others,” Mr. Chien said.


The National Security Agency headquarters in Maryland. — Photograph: Sait Serkan Gurbuz/Reuters.
The National Security Agency headquarters in Maryland. — Photograph: Sait Serkan Gurbuz/Reuters.

The Chinese appear not to have turned the weapons back against the United States, for two possible reasons, Symantec researchers said. They might assume Americans have developed defenses against their own weapons, and they might not want to reveal to the United States that they had stolen American tools.

For American intelligence agencies, Symantec's discovery presents a kind of worst-case scenario that United States officials have said they try to avoid using a White House program known as the Vulnerabilities Equities Process.

Under that process, started in the Obama administration, a White House cyber-security coordinator and representatives from various government agencies weigh the trade-offs of keeping the American stockpile of undisclosed vulnerabilities secret. Representatives debate the stockpiling of those vulnerabilities for intelligence gathering or military use against the very real risk that they could be discovered by an adversary like the Chinese and used to hack Americans.

The Shadow Brokers' release of the N.S.A.'s most highly coveted hacking tools in 2016 and 2017 forced the agency to turn over its arsenal of software vulnerabilities to Microsoft for patching and to shut down some of the N.S.A.'s most sensitive counter-terrorism operations, two former N.S.A. employees said.

The N.S.A.'s tools were picked up by North Korean and Russian hackers and used for attacks that crippled the British health care system, shut down operations at the shipping corporation Maersk and cut short critical supplies of a vaccine manufactured by Merck. In Ukraine, the Russian attacks paralyzed critical Ukrainian services, including the airport, Postal Service, gas stations and A.T.M.s.

“None of the decisions that go into the process are risk free. That's just not the nature of how these things work,” said Michael Daniel, the president of the Cyber Threat Alliance, who previously was cyber-security coordinator for the Obama administration. “But this clearly reinforces the need to have a thoughtful process that involves lots of different equities and is updated frequently.”

Beyond the nation's intelligence services, the process involves agencies like the Department of Health and Human Services and the Treasury Department that want to ensure N.S.A. vulnerabilities will not be discovered by adversaries or criminals and turned back on American infrastructure, like hospitals and banks, or interests abroad.

That is exactly what appears to have happened in Symantec's recent discovery, Mr. Chien said. In the future, he said, American officials will need to factor in the real likelihood that their own tools will boomerang back on American targets or allies. An N.S.A. spokeswoman said the agency had no immediate comment on the Symantec report.

One other element of Symantec's discovery troubled Mr. Chien. He noted that even though the Buckeye group went dark after the Justice Department indictment of three of its members in 2017, the N.S.A.'s repurposed tools continued to be used in attacks in Europe and Asia through last September.

“Is it still Buckeye?” Mr. Chien asked. “Or did they give these tools to another group to use? That is a mystery. People come and go. Clearly the tools live on.”


__________________________________________________________________________

Nicole Perlroth covers cyber-security for The New York Times. She is the recipient of several journalism awards for her reporting on efforts by the Chinese government to steal military and industrial trade secrets. Her profile, written for The N.Y. Times, of a security blogger was optioned by Sony Pictures. Her discovery of Chinese military hackers in a dusty backroom office server in a Wisconsin welding shop was optioned for a television series by The Weinstein Company. A Bay Area native, Ms. Perlroth covered venture capital at Forbes Magazine before joining The New York Times in 2011. She is the author of the forthcoming book “This Is How They Tell Me The World Ends” with Penguin/Portfolio. She is a guest lecturer at the Stanford Graduate School of Business and a graduate of Princeton University and Stanford University.

David E. Sanger is a national security correspondent and a senior writer. In a 36-year reporting career for The New York Times, he has been on three teams that have won Pulitzer Prizes, most recently in 2017 for international reporting. His newest book, The Perfect Weapon: War, Sabotage and Fear in the Cyber Age,’ examines the emergence of cyberconflict as the primary way large and small states are competing and undercutting each other, changing the nature of global power. He is also the author of two New York Times best sellers on foreign policy and national security: The Inheritance: The World Obama Confronts and the Challenges to American Power, published in 2009, and Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, published in 2012. For The N.Y. Times, Mr. Sanger has served as Tokyo bureau chief, Washington economic correspondent, White House correspondent during the Clinton and Bush administrations, and chief Washington correspondent. Mr. Sanger spent six years in Tokyo, writing about the emergence of Japan as a major American competitor, and then the country's humbling recession. He wrote many of the first articles about North Korea's emerging nuclear weapons program. Returning to Washington, Mr. Sanger turned to a wide range of diplomatic and national security issues, especially issues of nuclear proliferation and the rise of cyberconflict among nations. In reporting for The Times and Confront and Conceal, he revealed the story of Olympic Games, the code name for the most sophisticated cyberattack in history, the American-Israeli effort to sabotage Iran's nuclear program with the Stuxnet worm. His journalistic pursuit of the origins of Stuxnet became the subject of the documentary “Zero Days” which made the short list of Academy Award documentaries in 2016. With his Times colleague Bill Broad, he also described, in early 2017, a parallel cybereffort against North Korea. Mr. Sanger was a leading member of the team that investigated the causes of the Challenger disaster in 1986, which was awarded a Pulitzer in national reporting the following year. A second Pulitzer, in 1999, was awarded to a team that investigated the struggles within the Clinton administration over controlling technology exports to China. He has also won the Weintal Prize for diplomatic reporting for his coverage of the Iraq and Korea crises, the Aldo Beckman prize for coverage of the presidency, and, in two separate years, the Merriman Smith Memorial Award, for coverage of national security issues. “Nuclear Jihad” the documentary that Mr. Sanger reported for Discovery/Times Television, won the duPont-Columbia Award for its explanation of the workings of the A. Q. Khan nuclear proliferation network. That coverage was also a finalist for a Pulitzer. A 1982 graduate of Harvard College, Mr. Sanger was the first senior fellow in The Press and National Security at the Belfer Center for Science and International Affairs at Harvard. With Graham T. Allison Jr., he co-teaches Central Challenges in American National Security, Strategy and the Press at the Kennedy School of Government.

Scott Shane is a reporter in the Washington D.C. bureau of The New York Times, where he has written about national security and other topics. He was part of teams that won Pulitzer Prizes in 2017 for coverage of Russia's hacking and other projections of power abroad and in 2018 for reporting on Russian interference in the 2016 presidential election and its connections to the Donald Trump campaign and administration. His 2015 book, Objective Troy: A Terrorist, A President and the Rise of the Drone, examines the life and death of the late American-born radical Islamic cleric Anwar al-Awlaki, who was killed in a drone strike in Yemen in 2011 at the orders of President Obama. It won the Lionel Gelber Prize, awarded each year to the best book in English on foreign affairs. In addition to the debate over terrorism and targeted killing, he has written on the Russian cyber attack on the 2016 election, Hillary Clinton and the intervention in Libya, Saudi influence on global Islam, the National Security Agency and Edward Snowden's leaked documents, WikiLeaks and confidential State Department cables, and the Obama administration's prosecution of leaks of classified information. Other stories have explored interrogation and torture, the anthrax investigation, the government's secret effort to reclassify historical documents and the explosion in federal contracting. His work with his colleagues at The N.Y. Times has twice been a Pulitzer finalist: on interrogation in 2007 and on recruiting by the Islamic State in Iraq and Syria in 2015. From 1983 to 2004, Mr. Shane was a reporter for The Baltimore Sun, covering beats ranging from courts to medicine and writing articles on brain surgery, schizophrenia, a drug corner, guns and crime and other topics. He was Moscow correspondent from 1988 to 1991 and wrote a book on the Soviet collapse, Dismantling Utopia: How Information Ended the Soviet Union, which the Los Angeles Times described as “one of the essential works on the fall of the Soviet Union.” In 1995, he co-wrote a six-part explanatory series of articles on the National Security Agency, the first major investigation of the N.S.A. since James Bamford's 1982 book The Puzzle Palace. His series on a public health project in Nepal won the nation's top science-writing award from the American Association for the Advancement of Science in 2001. Mr. Shane lives in Baltimore with his wife, Francie Weeks, who teaches English to foreign students. They have three children.

• A version of this article appears in The New York Times on Tuesday, May 7, 2019, on Page A9 of the New York print edition with the headline: “How Chinese Spies Got N.S.A.'s Hacking Tools, and Went on the Attack”.

__________________________________________________________________________

Related to this topic:

 • N.S.A. Contractor Arrested in Biggest Breach of U.S. Secrets Pleads Guilty

 • Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core

 • Malware Case Is Major Blow for the N.S.A.


https://www.nytimes.com/2019/05/06/us/politics/china-hacking-cyber.html
Report Spam   Logged

If you aren't living life on the edge, you're taking up too much space! 

Share on Facebook Share on Twitter

Im2Sexy4MyPants
Absolutely Fabulously Incredibly Shit-Hot Member
*
Posts: 8271



WWW
« Reply #1 on: May 08, 2019, 10:07:03 pm »

thanks, Obama

so China has Hillarys emails

Report Spam   Logged

Are you sick of the bullshit from the sewer stream media spewed out from the usual Ken and Barby dickless talking point look a likes.

If you want to know what's going on in the real world...
And the many things that will personally effect you.
Go to
http://www.infowars.com/

AND WAKE THE F_ _K UP
Kiwithrottlejockey
Admin Staff
XNC2 GOD
*
Posts: 32232


Having fun in the hills!


« Reply #2 on: May 09, 2019, 12:51:57 pm »


I think it's fucking hilarious.

American government spooks attempt to hack into Chinese government computers.

Chinese government hackers capture the hacking stuff sent their way by American government hackers and turn the tables back on America and America's allies.

Like I said, “fucking hilarious!!”
Report Spam   Logged

If you aren't living life on the edge, you're taking up too much space! 

Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by EzPortal
Open XNC2 Smileys
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum


Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.061 seconds with 15 queries.