Written by: Bogdan Patru
The United States is close to being the number one in the world when it comes to creating stealthy cyber-weapons for hacking purposes. Now, what happens if these tools of the trade are stolen and turned against them?
The hacking attacks in 2016 happen. At that time, some Chinese intelligence agents got their hands on the National Security Agency’s hacking weapons, changed their targets, and attacked many private companies in Asia and Europe, as well as many American allies.
This goes to show that the United States and the NSA, in particular, are starting to lose their grasp on their high-tech weaponry, the effects of which can already be surmised.
After a full investigation has been conducted and after looking at the timing of the attacks, the researchers from Symantec have come to the conclusion that the Chinese hackers didn’t exactly steal the computer codes. Rather, they captured them when the NSA tried to attack them.
Quite ironically, in fact, that on the cusp of their assault on the Chinese hackers, the NSA agents managed to lose control of the computer codes that they used to perform the attack. This can only mean one thing – cyber-conflicts and cyberwarfare are unpredictable skirmishes with little to no rules, where the victor reigns supreme, regardless of their methods.
This brings one more question in anyone’s mind – is the US really unable to keep track of the malware it uses to infiltrate enemy networks? If so, then this creates a bigger threat since the original hacking tools would be reconfigured to attack their makers.
The grave consequences back in 2016 lead to some fierce debates on whether the US should continue to manufacture such performant high-tech malware computer codes if it’s not capable of holding on to it. If it serves as weaponry for the enemy, then it’s really nothing but self-sabotage.
The Chinese hacking group that hijacked NSA’s cyber-weaponry isn’t just the riff-raff that you stumble upon after a few hours of circling around the Deep Web. In fact, the NSA has been keeping tabs on them and trying to track them down. The New York Times received information that points out to the real dangers of this hacking group, among the most threatening Chinese hackers to date.
They are responsible for multiple assaults on the US, most of them being highly-sensitive targets (generally, technology makers dealing in space, satellite, and nuclear propulsion techs), which they attacked with almost surgical precision. Clearly, they had detailed information and a well-defined plan of attack.
The last time the US had been wrestled control of their malware programs was when the Shadow Brokers stole them and dumped them on the internet. And the worse problem is that this group is still lurking in the shadows, pun intended, with no one having any idea of who they are and what their exact goals are. Besides slapping Uncle Sam’s buttocks, that is.
Those same hacking tools that were declassified by the Shadow Brokers were used by Russia and North Korea in catastrophic global attacks. However, it appears that this time, China’s acquisition of the NSA’s cyber-weaponry has nothing to do with the elusive hacking group.
Which does nothing but further fuel the fire. This means that there is yet one more adversary capable of stealing mass-destruction cyber-tools from the US, and they’ve just proven their mettle.
In fact, Symantec found out that these Chinese state-sponsored hackers got their hands on a couple of the hacking tools even before the Shadow Brokers made their grand entrance. And over the last decade, many American intelligence agencies have had their cyber-guns stolen by criminal groups or other countries.
In this particular case, Symantec researchers have found out that once the Chinese obtained NSA’s malware, they started putting it to good use. As such, they managed to infiltrate a couple of scientific research organizations, educational institutions, and the computer networks of one American government ally.
All these cyber-incursions took place in Belgium, Luxembourg, Vietnam, the Philippines, and Hong Kong. The attack on a major telecommunications network quite probably gave the hackers access to thousands of other private companies.
The code names for private Chinese hacking contractors is Buckeye, and Buckeye was found to be responsible for these recent attacks. They are also referred to as APT3, meaning Advanced Persistent Threat.
Back in 2017, the Justice Department publicly announced the impeachment of three Chinese hackers from the Buckeye group. Officially, things weren’t very specific on their international affiliation but a number of independent researchers found out that the group had a contract with the Chinese Ministry of State Security.
This is nothing new. In fact, in 2016, Chinese hackers were already running about, guns blazing, using the repurposed forms of the NSA tools, Eternal Synergy, and Double Pulsar. Five months later and the Shadow Brokers set loose the radioactive malware samples stolen from the NSA, which culminated in the massive collection of NSA exploits released in April 2017.
Symantec researchers theorize that the reason for China’s apparent neutrality in the wake of this attack is because they fear the US might have developed countermeasures against their own attacks. And they don’t want to openly reveal that they have knowingly stolen American tools unless they have a good reason to.
This potentially-crippling scenario should have been prevented by the Vulnerabilities Equities Process, a White House program implemented back during the Obama administration. Presumably, they were supposed to weigh the pros and cons of keeping the vulnerabilities stockpiled a secret, against the very poignant risk of having them hijacked by enemies like China and repurposed as weapons of wanton destruction.
With the Shadow Broker’s recent releases and attacks, NSA was forced to hire Microsoft to patch their vulnerabilities, and they also had to shut down two counterterrorism operations.
Whether this is still the Buckeye group acting up, despite their sudden disappearance from the world scene when their members were indicted, remains to be seen. They might have handed over the NSA tools to other groups since Europe and Asia have been attacked the last September.
We’ll be keeping an eye on the situation. The entire world will, in fact.