Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
China United States Technology

Chinese Spies Got the NSA's Hacking Tools, and Used Them For Attacks (nytimes.com) 104

Chinese intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia [Editor's note: the link may be paywalled; alternative source], a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal. From a report: Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers -- like a gunslinger who grabs an enemy's rifle and starts blasting away. The Chinese action shows how proliferating cyberconflict is creating a digital wild West with few rules or certainties, and how difficult it is for the United States to keep track of the malware it uses to break into foreign networks and attack adversaries' infrastructure.

The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the world's most high-tech, stealthy cyberweapons if it is unable to keep them under lock and key. The Chinese hacking group that co-opted the N.S.A.'s tools is considered by the agency's analysts to be among the most dangerous Chinese contractors it tracks, according to a classified agency memo reviewed by The New York Times. The group is responsible for numerous attacks on some of the most sensitive defense targets inside the United States, including space, satellite and nuclear propulsion technology makers. Now, Symantec's discovery, unveiled on Monday, suggests that the same Chinese hackers the agency has trailed for more than a decade have turned the tables on the agency.

This discussion has been archived. No new comments can be posted.

Chinese Spies Got the NSA's Hacking Tools, and Used Them For Attacks

Comments Filter:
  • by Errol backfiring ( 1280012 ) on Tuesday May 07, 2019 @11:14AM (#58552468) Journal
    If the Chinese could get hold of them so easily, I sincerely doubt their stealthiness.
    • by jellomizer ( 103300 ) on Tuesday May 07, 2019 @11:21AM (#58552500)

      Which is exactly why we should never make products with a government back door.
      Even if we to trust our government, for self control on access to this backdoor. The people who we don't trust can get in as well.

      • And why all bugs should be reported to the developers and fixed...

        • Re: (Score:2, Insightful)

          by Anonymous Coward
          Why software makers should be held legally liable. Why greed isn't working.
        • Yep! (Score:3, Insightful)

          by Anonymous Coward

          Our own government chooses to sit on exploits and weaponize them, which leaves us all at risk (and makes the risk even worse when the government's own tools get hacked). 100% fail, if not treason.

          They think they need means of intrusion in order to protect us from crime. Current evidence shows that the medicine is worse than the disease, here. We need more focus on defence (individual, corporate, government, etc). Fix the damn bugs!

          Need to hack into criminal networks? Use social engineering attacks, jus

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Exactly my first thought. A reminder for ALL scenarios where a phrase contains "it will only be used by police/LEO/gov".

        • by Anonymous Coward

          A reminder for ALL scenarios where a phrase contains "it will only be used by police/LEO/gov".

          To be fair, it was used by a gov. Just not our gov.

      • The government has the ability to put a gag-order on anything anyone knows. The People of the world no longer trust each other, so when your buddy says, "You know, back doors exist in all software and hardware", you won't believe them because 'how would they even know?'

        Back doors exist in all software and hardware. Those that write software and/or build hardware are forced to keep quiet about it. Just accept it and move on.

    • They might be generally stealthy, but all you need is one fail to have this happen. With a resourceful adversary that should be expected at any time.

    • by Aighearach ( 97333 ) on Tuesday May 07, 2019 @12:51PM (#58553018)

      It is like the old saying goes, if you uploaded it somewhere, it isn't private anymore.

      You can't take over somebody's computer without transferring the code you want it to run, and once you've done that, copies might have been made.

      "world's most high-tech, stealthy cyberweapons" is like "world's fastest, highest-flying pig."

      Under normal conditions, the logs are all on the same machine that is being attacked, and can be dealt with. But if that is true or not depends only on the victim, it isn't something the attacker can control. The network traffic might all be getting logged, in which case, teasing out and replicating your toolkit is merely a matter of time.

  • by nwaack ( 3482871 ) on Tuesday May 07, 2019 @11:14AM (#58552472)
    before trying to pick the lock on somebody else's, eh?
    • Re: (Score:3, Informative)

      by Anonymous Coward

      This whole policy of "let's hang onto these vulns instead of fixing the upstream projects" is starting to look pretty stupid now, isn't it?

      (Not that it wasn't stupid before... we've just reached the "I told you so" point.)

    • by jellomizer ( 103300 ) on Tuesday May 07, 2019 @11:32AM (#58552576)

      It probably doesn't help that it is nearly impossible for America to build its own computer today.
      America likes to build big things. We dropped the ball when we started to need small things, as we outsourced our designs to Asia to actually build.

      Now our electronic infrastructure is heavily reliant on countries who do not share our interests. And I wonder how many products the NSA buys without actually doing a full test to see what goes in and out.

      • It probably doesn't help that it is nearly impossible for America to build its own computer today.

        Are there no fabs left stateside?? All you need is an SOC, mainboard, chassis and power supply; surely such a product could be built and brought to market within the US without having to clear ground for new chip fabs??

        • by Areyoukiddingme ( 1289470 ) on Tuesday May 07, 2019 @05:26PM (#58554344)

          It probably doesn't help that it is nearly impossible for America to build its own computer today.

          Are there no fabs left stateside?? All you need is an SOC, mainboard, chassis and power supply; surely such a product could be built and brought to market within the US without having to clear ground for new chip fabs??

          Sure, there are chip fabs. That's all. There are no mainboards made in the US anymore, and no company capable of doing it without expensive capital investment and a very long spin-up time. Intel shut their lines down a few years ago, Tyan shut theirs down a long time ago, and on down the list. Nor can you build a power supply in the US anymore. It contains components which are manufactured nowhere in the US. There are essentially no discrete electronics manufactured in the US anymore, so anything built out of resistors, capacitors, diodes, or small transformers can not be made with US components. You can't even get the fiberglass sheet used as board insulator from a US factory anymore.

          Shit, you can't even directly use the output of the US chip fabs anymore. They etch the wafers in the US, then ship them overseas for packaging. Intel's chips are cut and packaged in Malaysia.

          • by Anonymous Coward

            Sure, there are chip fabs. That's all. There are no mainboards made in the US anymore, and no company capable of doing it without expensive capital investment and a very long spin-up time. Intel shut their lines down a few years ago, Tyan shut theirs down a long time ago, and on down the list. Nor can you build a power supply in the US anymore. It contains components which are manufactured nowhere in the US. There are essentially no discrete electronics manufactured in the US anymore, so anything built out of resistors, capacitors, diodes, or small transformers can not be made with US components. You can't even get the fiberglass sheet used as board insulator from a US factory anymore.

            There are still companies that manufacture high quality electronics in the USA, include laser trimmed scope probes, printed circuit boards, and microwave components. In some cases, the best components in the world are being made in the USA.

            What is true is that none of these companies has a large production capacity for commodity or bulk items - and converting their current manufacturing over to these items isn't cost effective since they would have to compete with overseas vendors that are already establis

    • by gtall ( 79522 )

      It's possible to chew gum and walk at the same time.

  • by Anonymous Coward on Tuesday May 07, 2019 @11:18AM (#58552490)

    How dare they hack us! With tools they took from us! That were meant for us to hack *them*!

    You know: The kind that we declared not evil! Because it's us! And we are not the baddies! No siree! We just got them hacking tools to represent ... uum... maybe *freedom*, I guess? /s

  • by Anonymous Coward

    Captain: What happen ?
    Mechanic: Somebody set up us the bomb.
    Operator: We get signal.
    Captain: What !
    Operator: Main screen turn on.
    Captain: It's you !!
    CATS: How are you gentlemen !!
    CATS: All your base are belong to us.
    CATS: You are on the way to destruction.
    Captain: What you say !!
    CATS: You have no chance to survive make your time.
    CATS: Ha ha ha ha
    Operator: Captain !!
    Captain: Take off every 'ZIG'!!
    Captain: You know what you doing.
    Captain: Move 'ZIG'.
    Captain: For great justice.

    • by Anonymous Coward

      CATS: Ha ha ha
      CATS: All your ZIG are belong to us too !!
      CATS: All our l33t h4x0r have your control.
      Captain: Oh SNAP !!

  • Fair use (Score:4, Interesting)

    by hackingbear ( 988354 ) on Tuesday May 07, 2019 @11:37AM (#58552598)

    the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers

    That's known as "fair use", a.k.a. an eye for an eye" [wikipedia.org]. The best tactic against hypocrites.

  • by FeelGood314 ( 2516288 ) on Tuesday May 07, 2019 @11:37AM (#58552600)
    Most of these intelligence agencies are staffed with creepy people you would never want as your friends. These are people who feel important knowing embarrassing secrets about anyone. They catch very few spies. They should be actually helping us but they are more of a hindrance. How many of us have worked in security and gotten a message from a domestic spy agency warning us that there is a potential vulnerability in our systems? I've never gotten one. I don't know any of my counter parts who have ever gotten one. I've even found vulnerabilities in standards and been blocked by British GCHQ in fixing them (electric meter certs in Great Britain are vulnerable to a hash collision attack that would have been trivial to prevent). At least NIST admits that they accidentally added something (for the third time) and removed it (requiring an API to reveal the random number used in EC-DSA signing in the FIPS certification process).
    • by gtall ( 79522 )

      I see, so you are somehow clued into how effective these organizations are. Please enlighten us as to the methods you used to determine this.

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        When they traded human intellegence (HUMINT) for signals intellegence (SIGINT), the three letter agencies betrayed us all. For instance,

        -Russia warned them about the Boston Marathon bombers.
        -The father of the Underwear Bomber warned them.
        -The flight instructors warned them about the 911 terrorists.

        Practically every terrorist has had someone who approached the three letter agencies with a warning, and were ignored.

        At the same time, the three letter agencies are building the largest data capture facility tha

    • Most of these intelligence agencies are staffed with creepy people you would never want as your friends.

      That depends entirely on whether you're talking about low-level schmucks (think TSA) hired to run chatbots or the high-IQ math types hired to write crypto; granted, most of the latter are somewhere 'on the spectrum' (i.e. awkward and/or potentially abrasive... with everyone) but the majority of them actually mean well (and thus always serve as a potential liability to the State, which can't exactly have their agents going around thinking for themselves).

  • I don't see it as a "keeping it secure" issue. The more valuable an item, especially software which can be sold over and over again, (not like, say, the Hope Diamond, which someone people would notice had it gone missing) the greater the temptation to (a) sell it, or (b) use it as leverage in a trade. No matter how unbreakable and airgapped the systems are, there's always going to be a possibility of acquiring software through the humans who have access.

    Should the NSA continue developing "hacking tools"?

  • Per the article: "the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers"

    So, how is this not stealing? I doubt the NSA gave the Chinese the code.

    • Per the article: "the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers"
      So, how is this not stealing? I doubt the NSA gave the Chinese the code.

      They literally had to give the Chinese the [compiled] code in a certain sense, because they wanted to run it on their machines. The tools have two main parts: exploits and delivery system. The Chinese didn't get the delivery system, but they got the exploits, because the exploits were on their systems. Maybe they got them out of memory, maybe they shut the systems off and analyzed the disks on another machine, whatever, but they were able to get the exploit programs off of the affected systems.

      Every time you use an exploit against a target, you risk alerting them to the exploit. It's entirely possible that some of the exploits the NSA knew about were in their time the results of attacks against targets in the USA by other malicious actors.

      • I seem to recall something similar happened involving Iran. They got hit with something malicious and then later re-purposed and re-launched it.
    • by Solandri ( 704621 ) on Tuesday May 07, 2019 @12:15PM (#58552840)
      It's an editing fail by the NYT. What they mean is the Chinese didn't use the stolen code released by Shadow Brokers. They stole it from the NSA directly, and were using it over a year before Shadow Brokers released it. The NYT article reads like it was over-edited - a overzealous editor who didn't really understand what they were editing probably trimmed down "code stolen by Shadow Brokers" to "steal the code" without realizing it made the sentence anbiguous. The Ars Technica article [arstechnica.com] is much more coherently written.
    • Per the article: "the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers"

      So, how is this not stealing? I doubt the NSA gave the Chinese the code.

      Oh that's *totally* stealing! We should just march right over to the secret facility we deployed it to and under the power vested in us by international copyright *demand* our code back!

    • by AHuxley ( 892839 )
      The US sites and contractors who make the code are still secure.
      The use of the code in the wild is getting more complex.
      Want to listen to China? Put a small version of the NSA/GCHQ in a container ship and sail that up a river in China.
      Passive collection all the way that never got caught.

      The problem now is the NSA is going active with its code changes and expects no other nations expert to have the skills to see the network changes?
      The CIA is placing NSA code all over China?
      CIA backed cults and fai
  • ..the US knew that the Soviets were trying to steal plans for missile tech (I think--it's been a while). The US planted a flaw which made it go boom. Soviets stole. Boom.
    Be nice to see the 21st century equivalent.

  • by bill_mcgonigle ( 4333 ) * on Tuesday May 07, 2019 @11:59AM (#58552714) Homepage Journal

    The US is furthest ahead on utilizing the Internet for society and the economy, so every vulnerability the NSA hoards and keeps secret is more harmful than helpful to the US, because third-party exploitation is more damaging to the US than to other countries.

    That makes the NSA's offensive operations harmful to the country, on net.

    It's probably helpful for some politicians and bureaucrats, but a free people ought to be holding those types accountable. To the extent that they do not, they will suffer the consequences.

  • This shows again, the failure of the government's Nobody But Us philosophy of cataloging back doors etc. and keeping them for use. One way or another they will find their ways into the hands of our adversary's. You can either make everyone more secure or nobody will be. Time for the NOBUS philosophy to go in the garbage can where it belonged to begin with. JMHO...
  • the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers

    So it is fair to assume that the americans can "capture" other countries' hacking tools in the same way. As can any other country: France, Australia, Israel, N. Korea, England, Russia.

    This calls into doubt any and all claims that software found on a hacked computer / site leads to a particular source. It seems just as likely that a "friendly" power planted tell-tale software after their own hacking efforts, simply in order to lay a false trail.

    So now there can be no proof that an attack originated from

    • Sorry Ivan, but if you can track the way the use of something spread, it is just like tracking a biological infection spreading; you can often tell where it started.

  • It should read..

    "NSA attacks on the Chinese backfired on the US".. everything single point is caused by their mischief..

    "When you tell them, stop making mischief on Earth. They say we are only peacemakers.. They are indeed mischief makers but they perceive it not" ~ Quran

  • Isn't it the nature of weapons to become obsolete almost as soon as they are used? A weapon is used, the adversary attempts to meet/beat it.
    Why would this be any different?

  • We made them to spy on their country, not so they could spy on ours!

  • don't worry, we can keep the secret key/backdoor to all your encrypted communications secure!

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...