- Advertisement -

- Advertisement -

OHIO WEATHER

China cyber operations exposed by ‘Name and shame’ campaign



China’s Ministry of State Security civilian intelligence is facing new global scrutiny following a coordinated U.S. and allied “name and shame” campaign this week to expose Beijing’s massive covert cyber operations.

Secretary of State Antony Blinken said on Monday the MSS, as the spy service is called, “fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.”

The Justice Department joined the effort, unsealing an economic espionage indictment against four Chinese hackers — three of them MSS officers — following a three-year investigation into global hacking operations.

The indictment provides new details on how MSS agents used a technology front company that prosecutors say conducted cyberattacks against the National Institutes of Health, seven U.S. universities, eight American companies, a Cambodian government ministry, two Saudi Arabian government ministries, a Malaysian high-speed rail company and a Malaysian political party.

The MSS Hainan operation set up the front company in 2011. Hainan Xiandun Technology Development Co. Ltd. recruited both cyber experts and linguists for cyber operations against the American government and private-sector companies.

The four Chinese indicted were identified as Ding Xiaoyang, Cheng Qingmin, Zhu Yunmin and Wu Shurong. Mr. Ding, Mr. Cheng and Mr. Zhu are said to be with the MSS.

Mr. Ding was first revealed as an MSS officer by the cybersecurity blog Intrusiontruth last year, based on advertisements he had placed on two Chinese university websites. One of the advertisements appeared on the Hainan University School of Foreign Languages web page and said Hainan Xiandun was recruiting English-language majors. “Party members and student cadres are preferred,” the ad noted.

According to the indictment, the MSS hackers used an array of malware and hacker techniques, such as fraudulent emails, to gain access to foreign computers and steal information. They also used a technique called “steganography” that allowed the intelligence agency to place stolen data inside of images to conceal the location on the internet.

In 2018, according to the indictment, the Hainan hackers moved stolen trade secrets and hydroacoustic data — useful in the development of submarines — to a GitHub account using steganographs of a koala bear and then-President Trump.

A senior Biden administration official this week also charged that MSS is employing contract nongovernmental Chinese hackers to pull off ransomware attacks for financial gain.

Expansion of cyber intelligence operations beyond data collection is a new wrinkle in the MSS playbook, one that the administration said included conducting a major global cyberattack program using a security flaw in the Microsoft Exchange Server software.

The Microsoft Exchange Server cyberattack was launched in January and targeted more than 300,000 computers, compromising some 30,000 networks for several months until the attack was uncovered and the software security hole patched.

The information gathered by the MSS is part of a major database consisting of files on tens of millions of people who will assist Beijing’s military and economic development. The MSS is China’s political police and spy service, and operates under the tight control of the ruling Communist Party.

“Over the last two decades there has been an extraordinary growth in China‘s Ministry of State Security capabilities and numbers of operations,” said Nicolas Eftimiades, a former Defense Intelligence Agency counterintelligence specialist on China. “That growth includes thousands of human intelligence operations, as well as extensive cyber collection.”      

The KGB model

The MSS central headquarters is in Beijing with a network of provincial state security departments and city and country state security bureaus.

The operations of the four Chinese hackers disclosed in this week’s indictment were under the Hainan provincial state security section, located on Hainan Island in the South China Sea. Another major provincial unit is the Shanghai state security whose extensive operations in the U.S. have been disclosed in other recent Justice Department prosecutions.

The MSS was modeled after the Soviet KGB spy service, which, like the MSS, was dedicated to preserving the rule of the Communist Party. The ministry emerged in 1983 from the Chinese Ministry of Investigation and elements of the Ministry of Public Security, another Chinese secret police agency.

According to its charter, the primary mission of the MSS is maintaining the “security of the state through effective measures against enemy agents, spies and counterrevolutionary activities designed to sabotage or overthrow China’s socialist system.” Beginning around 2001, MSS launched an “internet army” of people that used contractors that engaged in economic espionage and other cybercrime activity.

The MSS engaged in both non-military human spying and cyber espionage and main targets are U.S. intelligence agencies, the U.S. military, defense contractors and advanced technology companies.

The indictment of the MSS hackers is largely symbolic because the likelihood of a future prosecution in a U.S. court is limited. The hackers are believed to be in China and out of reach of U.S. law enforcement. Still, as in the past, the indictment and earlier prosecution actions have been used to declassify and shine a light on MSS activities.

The operations of the Chinese spies are outmatching American security defenses, experts say.

“U.S. counterintelligence services, especially the Department of Defense, are incapable of contending with this level and type of espionage lacking cohesive management, language skills, cultural awareness, training, and funding,” Mr. Eftimiades said.

Peter Mattis, a former U.S. intelligence official who has written on Chinese espionage, said Chinese intelligence is aggressive in pursuing secrets but was damaged for…



Read More: China cyber operations exposed by ‘Name and shame’ campaign

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.