Written by: Bogdan Patru
The United States is close to being the number one in the world when it comes to creating government cyber-weapons for spying and gaining access to systems.
Now, what happens if these tools of the trade are stolen and turned against them?
The hacking attacks in 2016 happen. Chinese intelligence agents got their hands on the National Security Agency’s hacking weapons, changed their targets, and attacked many private companies in The USA, Asia, and Europe.
This goes to show that the United States and the NSA, in particular, are starting to lose their grasp on their high-tech weaponry, the effects of which can already be surmised.
After a full investigation, researchers from Symantec came to the conclusion that the Chinese hackers didn’t exactly steal the computer codes. Rather, they captured them when the NSA tried to attack them.
Quite ironically, in fact, that on the cusp of their assault on the Chinese hackers, the NSA agents managed to lose control of the very computer codes that they used to perform the attack. This can only mean one thing – cyber-conflicts and cyberwarfare are unpredictable skirmishes with little to no rules, where the victor reigns supreme, regardless of their methods.
This brings one more question in anyone’s mind – is the US really able to keep track of the malware it uses to infiltrate enemy networks?
If not, then this creates a bigger threat since the original hacking tools would be reconfigured to attack their makers.
The grave consequences back in 2016 lead to some fierce debates on whether the US should continue to manufacture such malware if it’s not capable of holding on to it. If it serves as weaponry for the enemy, then it’s really nothing but self-sabotage.
The Chinese hacking group that hijacked NSA’s cyber-weaponry isn’t just the riff-raff that you hear about holding small businesses to ransom.
In fact, the NSA has been keeping tabs on them and trying to track them down. The New York Times received information that points out to the real dangers of this group, among the most threatening Chinese hackers to date.
They are responsible for multiple assaults on the US, most of them being highly-sensitive targets (generally, technology makers dealing in space, satellite, and nuclear propulsion techs), which they attacked with almost surgical precision. Clearly, they had detailed information and a well-defined plan of attack.
The last time The US lost control of its malware programs was when the Shadow Brokers stole them and dumped them on the internet. And the worse problem is that this group is still lurking in the shadows, with no one having any idea of who they are and what their exact goals are. Besides slapping Uncle Sam’s buttocks, that is.
Symantec found out that these Chinese state-sponsored hackers got their hands on a couple of the hacking tools even before the Shadow Brokers made their grand entrance. And over the last decade, many American intelligence agencies have had their cyber-arsenal infiltrated by criminal groups or other countries.
In this particular case, Symantec researchers have found out that once the Chinese obtained NSA’s malware, they started putting it to good use. As such, they managed to infiltrate a couple of scientific research organizations, educational institutions, and the computer networks of one American ally.
These cyber-incursions took place in Belgium, Luxembourg, Vietnam, the Philippines, and Hong Kong. The attack on a major telecommunications network quite probably gave the hackers access to thousands of other private companies.
The code names for private Chinese hacking contractors is Buckeye, and Buckeye was found to be responsible for these recent attacks. They are also referred to as APT3, meaning Advanced Persistent Threat.
Back in 2017, the Justice Department publicly announced the indictment of three Chinese hackers from the Buckeye group. Officially, things weren’t very specific on their international affiliation but a number of independent researchers found out that the group had a contract with the Chinese Ministry of State Security.
This is nothing new. In 2016, Chinese hackers were already running about, guns blazing, using the repurposed NSA tools Eternal Synergy and Double Pulsar. Five months later and the Shadow Brokers set loose the malware samples stolen from the NSA, which culminated in the massive collection of NSA exploits released in April 2017.
Symantec researchers theorize that the reason for China’s apparent neutrality in the wake of this attack is because they fear the US might have developed countermeasures against their own attacks. And they don’t want to openly reveal that they have knowingly stolen American tools unless they have a good reason to.
This potentially-crippling scenario should have been prevented by the Vulnerabilities Equities Process, a White House program implemented back during the Obama administration. Presumably, they were supposed to weigh the pros and cons of keeping the vulnerabilities stockpiled a secret, against the very real threat of having them hijacked by enemies.
With the Shadow Broker’s recent releases and attacks, The NSA was forced to hire Microsoft to patch their vulnerabilities, and they also had to shut down two counter terrorism operations.
Whether this is still the Buckeye group, despite their sudden disappearance from the world scene when their members were indicted, remains to be seen. They might have handed over the NSA tools to other groups since Europe and Asia have been attacked in the past months.
We’ll be keeping an eye on the situation. The entire world will, in fact.