Chinese Spies Got the NSA's Hacking Tools, and Used Them For Attacks (nytimes.com) 104
Chinese intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia [Editor's note: the link may be paywalled; alternative source], a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal. From a report: Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers -- like a gunslinger who grabs an enemy's rifle and starts blasting away. The Chinese action shows how proliferating cyberconflict is creating a digital wild West with few rules or certainties, and how difficult it is for the United States to keep track of the malware it uses to break into foreign networks and attack adversaries' infrastructure.
The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the world's most high-tech, stealthy cyberweapons if it is unable to keep them under lock and key. The Chinese hacking group that co-opted the N.S.A.'s tools is considered by the agency's analysts to be among the most dangerous Chinese contractors it tracks, according to a classified agency memo reviewed by The New York Times. The group is responsible for numerous attacks on some of the most sensitive defense targets inside the United States, including space, satellite and nuclear propulsion technology makers. Now, Symantec's discovery, unveiled on Monday, suggests that the same Chinese hackers the agency has trailed for more than a decade have turned the tables on the agency.
The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the world's most high-tech, stealthy cyberweapons if it is unable to keep them under lock and key. The Chinese hacking group that co-opted the N.S.A.'s tools is considered by the agency's analysts to be among the most dangerous Chinese contractors it tracks, according to a classified agency memo reviewed by The New York Times. The group is responsible for numerous attacks on some of the most sensitive defense targets inside the United States, including space, satellite and nuclear propulsion technology makers. Now, Symantec's discovery, unveiled on Monday, suggests that the same Chinese hackers the agency has trailed for more than a decade have turned the tables on the agency.
world's most high-tech, stealthy cyberweapons (Score:5, Insightful)
Re:world's most high-tech, stealthy cyberweapons (Score:5, Insightful)
Which is exactly why we should never make products with a government back door.
Even if we to trust our government, for self control on access to this backdoor. The people who we don't trust can get in as well.
Re: world's most high-tech, stealthy cyberweapons (Score:1)
And why all bugs should be reported to the developers and fixed...
Re: (Score:2, Insightful)
Yep! (Score:3, Insightful)
Our own government chooses to sit on exploits and weaponize them, which leaves us all at risk (and makes the risk even worse when the government's own tools get hacked). 100% fail, if not treason.
They think they need means of intrusion in order to protect us from crime. Current evidence shows that the medicine is worse than the disease, here. We need more focus on defence (individual, corporate, government, etc). Fix the damn bugs!
Need to hack into criminal networks? Use social engineering attacks, jus
Re: (Score:2, Insightful)
Exactly my first thought. A reminder for ALL scenarios where a phrase contains "it will only be used by police/LEO/gov".
Re: (Score:1)
A reminder for ALL scenarios where a phrase contains "it will only be used by police/LEO/gov".
To be fair, it was used by a gov. Just not our gov.
Re: world's most high-tech, stealthy cyberweapons (Score:1)
It was used by our government, and they left the weapon behind.
Re: (Score:2)
The government has the ability to put a gag-order on anything anyone knows. The People of the world no longer trust each other, so when your buddy says, "You know, back doors exist in all software and hardware", you won't believe them because 'how would they even know?'
Back doors exist in all software and hardware. Those that write software and/or build hardware are forced to keep quiet about it. Just accept it and move on.
Re: (Score:2, Insightful)
Re: (Score:1)
They might be generally stealthy, but all you need is one fail to have this happen. With a resourceful adversary that should be expected at any time.
Re:world's most high-tech, stealthy cyberweapons (Score:4, Interesting)
Re:world's most high-tech, stealthy cyberweapons (Score:5, Insightful)
It is like the old saying goes, if you uploaded it somewhere, it isn't private anymore.
You can't take over somebody's computer without transferring the code you want it to run, and once you've done that, copies might have been made.
"world's most high-tech, stealthy cyberweapons" is like "world's fastest, highest-flying pig."
Under normal conditions, the logs are all on the same machine that is being attacked, and can be dealt with. But if that is true or not depends only on the victim, it isn't something the attacker can control. The network traffic might all be getting logged, in which case, teasing out and replicating your toolkit is merely a matter of time.
Maybe fix the door on your own house first (Score:3, Insightful)
Re: (Score:3, Informative)
This whole policy of "let's hang onto these vulns instead of fixing the upstream projects" is starting to look pretty stupid now, isn't it?
(Not that it wasn't stupid before... we've just reached the "I told you so" point.)
Re:Maybe fix the door on your own house first (Score:5, Insightful)
It probably doesn't help that it is nearly impossible for America to build its own computer today.
America likes to build big things. We dropped the ball when we started to need small things, as we outsourced our designs to Asia to actually build.
Now our electronic infrastructure is heavily reliant on countries who do not share our interests. And I wonder how many products the NSA buys without actually doing a full test to see what goes in and out.
Re: (Score:1, Interesting)
Re: (Score:2)
It probably doesn't help that it is nearly impossible for America to build its own computer today.
Are there no fabs left stateside?? All you need is an SOC, mainboard, chassis and power supply; surely such a product could be built and brought to market within the US without having to clear ground for new chip fabs??
Re:Maybe fix the door on your own house first (Score:5, Informative)
It probably doesn't help that it is nearly impossible for America to build its own computer today.
Are there no fabs left stateside?? All you need is an SOC, mainboard, chassis and power supply; surely such a product could be built and brought to market within the US without having to clear ground for new chip fabs??
Sure, there are chip fabs. That's all. There are no mainboards made in the US anymore, and no company capable of doing it without expensive capital investment and a very long spin-up time. Intel shut their lines down a few years ago, Tyan shut theirs down a long time ago, and on down the list. Nor can you build a power supply in the US anymore. It contains components which are manufactured nowhere in the US. There are essentially no discrete electronics manufactured in the US anymore, so anything built out of resistors, capacitors, diodes, or small transformers can not be made with US components. You can't even get the fiberglass sheet used as board insulator from a US factory anymore.
Shit, you can't even directly use the output of the US chip fabs anymore. They etch the wafers in the US, then ship them overseas for packaging. Intel's chips are cut and packaged in Malaysia.
Re: (Score:1)
Sure, there are chip fabs. That's all. There are no mainboards made in the US anymore, and no company capable of doing it without expensive capital investment and a very long spin-up time. Intel shut their lines down a few years ago, Tyan shut theirs down a long time ago, and on down the list. Nor can you build a power supply in the US anymore. It contains components which are manufactured nowhere in the US. There are essentially no discrete electronics manufactured in the US anymore, so anything built out of resistors, capacitors, diodes, or small transformers can not be made with US components. You can't even get the fiberglass sheet used as board insulator from a US factory anymore.
There are still companies that manufacture high quality electronics in the USA, include laser trimmed scope probes, printed circuit boards, and microwave components. In some cases, the best components in the world are being made in the USA.
What is true is that none of these companies has a large production capacity for commodity or bulk items - and converting their current manufacturing over to these items isn't cost effective since they would have to compete with overseas vendors that are already establis
Re: (Score:2)
It's possible to chew gum and walk at the same time.
Re: (Score:3)
Merely unlikely.
Re: (Score:2)
ROFL. Those evil Chinese! *shakes fist* (Score:3, Insightful)
How dare they hack us! With tools they took from us! That were meant for us to hack *them*!
You know: The kind that we declared not evil! Because it's us! And we are not the baddies! No siree! We just got them hacking tools to represent ... uum... maybe *freedom*, I guess? /s
Re: (Score:1)
All your base are belong to us! (Score:1, Funny)
Captain: What happen ?
Mechanic: Somebody set up us the bomb.
Operator: We get signal.
Captain: What !
Operator: Main screen turn on.
Captain: It's you !!
CATS: How are you gentlemen !!
CATS: All your base are belong to us.
CATS: You are on the way to destruction.
Captain: What you say !!
CATS: You have no chance to survive make your time.
CATS: Ha ha ha ha
Operator: Captain !!
Captain: Take off every 'ZIG'!!
Captain: You know what you doing.
Captain: Move 'ZIG'.
Captain: For great justice.
Re: (Score:1)
CATS: Ha ha ha
CATS: All your ZIG are belong to us too !!
CATS: All our l33t h4x0r have your control.
Captain: Oh SNAP !!
Re: (Score:1)
Re: (Score:3, Interesting)
OF COURSE they stole the technology, it's what Chi-Coms DO, steal technology!
Or bought it. Or traded something for it.
Re:like a janitor who grabs a mop & writes a s (Score:5, Insightful)
They say "the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers". So the NSA 'gave' it to the Chinese. It was a gift!
Re: (Score:2)
And that's not even a gunslinger, that would only be a bandit.
Same as it ever was... (Score:1)
https://images-na.ssl-images-a... [ssl-images-amazon.com]
Fair use (Score:4, Interesting)
the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers
That's known as "fair use", a.k.a. an eye for an eye" [wikipedia.org]. The best tactic against hypocrites.
The NSA is not on our side (Score:3, Insightful)
Re: (Score:2)
I see, so you are somehow clued into how effective these organizations are. Please enlighten us as to the methods you used to determine this.
Re: (Score:1, Insightful)
When they traded human intellegence (HUMINT) for signals intellegence (SIGINT), the three letter agencies betrayed us all. For instance,
-Russia warned them about the Boston Marathon bombers.
-The father of the Underwear Bomber warned them.
-The flight instructors warned them about the 911 terrorists.
Practically every terrorist has had someone who approached the three letter agencies with a warning, and were ignored.
At the same time, the three letter agencies are building the largest data capture facility tha
Re: (Score:2)
Most of these intelligence agencies are staffed with creepy people you would never want as your friends.
That depends entirely on whether you're talking about low-level schmucks (think TSA) hired to run chatbots or the high-IQ math types hired to write crypto; granted, most of the latter are somewhere 'on the spectrum' (i.e. awkward and/or potentially abrasive... with everyone) but the majority of them actually mean well (and thus always serve as a potential liability to the State, which can't exactly have their agents going around thinking for themselves).
not a lock and key problem (Score:2)
I don't see it as a "keeping it secure" issue. The more valuable an item, especially software which can be sold over and over again, (not like, say, the Hope Diamond, which someone people would notice had it gone missing) the greater the temptation to (a) sell it, or (b) use it as leverage in a trade. No matter how unbreakable and airgapped the systems are, there's always going to be a possibility of acquiring software through the humans who have access.
Should the NSA continue developing "hacking tools"?
NY Times definition of stealing is questionable (Score:2)
Per the article: "the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers"
So, how is this not stealing? I doubt the NSA gave the Chinese the code.
Re:NY Times definition of stealing is questionable (Score:4, Insightful)
Per the article: "the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers"
So, how is this not stealing? I doubt the NSA gave the Chinese the code.
They literally had to give the Chinese the [compiled] code in a certain sense, because they wanted to run it on their machines. The tools have two main parts: exploits and delivery system. The Chinese didn't get the delivery system, but they got the exploits, because the exploits were on their systems. Maybe they got them out of memory, maybe they shut the systems off and analyzed the disks on another machine, whatever, but they were able to get the exploit programs off of the affected systems.
Every time you use an exploit against a target, you risk alerting them to the exploit. It's entirely possible that some of the exploits the NSA knew about were in their time the results of attacks against targets in the USA by other malicious actors.
Re: (Score:2)
Re:NY Times definition of stealing is questionable (Score:5, Insightful)
Re: (Score:2)
Per the article: "the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers"
So, how is this not stealing? I doubt the NSA gave the Chinese the code.
Oh that's *totally* stealing! We should just march right over to the secret facility we deployed it to and under the power vested in us by international copyright *demand* our code back!
Re: (Score:1)
The use of the code in the wild is getting more complex.
Want to listen to China? Put a small version of the NSA/GCHQ in a container ship and sail that up a river in China.
Passive collection all the way that never got caught.
The problem now is the NSA is going active with its code changes and expects no other nations expert to have the skills to see the network changes?
The CIA is placing NSA code all over China?
CIA backed cults and fai
Back in the day... (Score:2)
..the US knew that the Soviets were trying to steal plans for missile tech (I think--it's been a while). The US planted a flaw which made it go boom. Soviets stole. Boom.
Be nice to see the 21st century equivalent.
Re: (Score:2)
There are persistent rumours that the trans-Siberian pipeline incident was caused by a logic bomb planted in code that was stolen: https://en.wikipedia.org/wiki/... [wikipedia.org] but that's widely thought to be a hoax. Commenters here talk about it happening with military technology, but they never seem to be able to supply concrete examples.
US Has the Most to Lose (Score:3)
The US is furthest ahead on utilizing the Internet for society and the economy, so every vulnerability the NSA hoards and keeps secret is more harmful than helpful to the US, because third-party exploitation is more damaging to the US than to other countries.
That makes the NSA's offensive operations harmful to the country, on net.
It's probably helpful for some politicians and bureaucrats, but a free people ought to be holding those types accountable. To the extent that they do not, they will suffer the consequences.
Govt's NOBUS philosophy is a failure (Score:2)
Works both ways (Score:2)
the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers
So it is fair to assume that the americans can "capture" other countries' hacking tools in the same way. As can any other country: France, Australia, Israel, N. Korea, England, Russia.
This calls into doubt any and all claims that software found on a hacked computer / site leads to a particular source. It seems just as likely that a "friendly" power planted tell-tale software after their own hacking efforts, simply in order to lay a false trail.
So now there can be no proof that an attack originated from
Re: (Score:2)
Sorry Ivan, but if you can track the way the use of something spread, it is just like tracking a biological infection spreading; you can often tell where it started.
Should the title of the post be reversed? (Score:1)
It should read..
"NSA attacks on the Chinese backfired on the US".. everything single point is caused by their mischief..
"When you tell them, stop making mischief on Earth. They say we are only peacemakers.. They are indeed mischief makers but they perceive it not" ~ Quran
The Nature of Weapons (Score:1)
Isn't it the nature of weapons to become obsolete almost as soon as they are used? A weapon is used, the adversary attempts to meet/beat it.
Why would this be any different?
Pot, Kettle... (Score:1)
We made them to spy on their country, not so they could spy on ours!
don't worry (Score:2)
don't worry, we can keep the secret key/backdoor to all your encrypted communications secure!