Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label US-China. Show all posts

GhostNet: Why is the Prominent Cyberattack Still a Mystery


Among the tools used in modern warfare, Cyberespionage has made a prominent name. Cyberespionage can be used to propagate misinformation, disrupt infrastructure, and spy on notable people including politicians, government officials, and business executives. In order to prepare for physical or cyber threats, nations also engage in espionage.

While many countries actively engage in some form of warfare, the U.S. has a certain stance that China, in regard to cyberespionage, poses a significant threat. According to the United States cyber defense agency CISA, "China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks."

CISA further notes that cyberattacks based in China may also have an impact on U.S. oil and gas pipelines, as well as rail systems.

While this warning is just an overview, China is renowned for its highly advanced cyber operations. The infamous GhostNet spy system, which compromised more than 1,000 computers of military, political, economic, and diplomatic targets around the world, is largely believed to have been coordinated by the Chinese government. China was never formally blamed for the crime, though, for a number of political and legal reasons. The history of GhostNet is therefore still a mystery.

Cyber Espionage Network ‘GhostNet’

GhostNet first came to light when the office of the Dalai Lama in India invited a team of security researchers at the Munk Center for International Studies at the University of Toronto to check their computers for any indication of a hack. This prompted an inquiry that turned up a large cyberattack that had compromised 1,295 systems over the course of two years in 103 nations. The Munk Center and Information Warfare Monitor analysts released a thorough analysis in 2009 that provided insight into the extensive spying operation they called "GhostNet."

GhostNet distributed malware via emails with attachments and suspicious links. Once the malware was successfully downloaded on the victim’s system, it would take complete access to the computers, which further enabled hackers to search for and download files, and even control the victim’s external devices like webcams and microphones. 

Around 30% percent of the victims of GhostNet were of high-profile, such as foreign ministries of several nations in Southeast Asia, South Asia and Europe. Also, several international organizations were targeted, like ASEAN, SAARC, the Asian Development Bank, news organizations, and computers of NATO headquarters.

Who was Behind the GhostNet Attacks?

Researchers from GhostNet were successful in locating and connecting to the espionage network's command servers. Hainan Island in China was linked to a number of IP addresses that the attackers used to communicate with the compromised PCs. Four control servers in total were found by the investigation, three of which were in China. The fourth server was situated at an American web hosting business. Furthermore, five of the six detected command servers were found in mainland China, while the sixth was found in Hong Kong.

According to researchers, China is amongst the most obvious operators behind GhostNet, however, their reports did not directly point at the country since they were unable to provide any concrete proof of the Chinese government’s involvement. They noted that other nations could also be behind the attacks.  

CIA's AI Chatbot: A New Tool for Intelligence Gathering

The Central Intelligence Agency (CIA) is building its own AI chatbot, similar to ChatGPT. The program, which is still under development, is designed to help US spies more easily sift through ever-growing troves of information.

The chatbot will be trained on publicly available data, including news articles, social media posts, and government documents. It will then be able to answer questions from analysts, providing them with summaries of information and sources to support its claims.

According to Randy Nixon, the director of the CIA's Open Source Enterprise division, the chatbot will be a 'powerful tool' for intelligence gathering. "It will allow us to quickly and easily identify patterns and trends in the data that we collect," he said. "This will help us to better understand the world around us and to identify potential threats."

The CIA's AI chatbot is part of a broader trend of intelligence agencies using AI to improve their operations. Other agencies, such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), are also developing AI tools to help them with tasks such as data analysis and threat detection.

The use of AI by intelligence agencies raises several concerns, including the potential for bias and abuse. However, proponents of AI argue that it can help agencies to be more efficient and effective in their work.

"AI is a powerful tool that can be used for good or for bad," said James Lewis, a senior fellow at the Center for Strategic and International Studies. "It's important for intelligence agencies to use AI responsibly and to be transparent about how they are using it."

Here are some specific ways that the CIA's AI chatbot could be used:

  • To identify and verify information: The chatbot could be used to scan through large amounts of data to identify potential threats or intelligence leads. It could also be used to verify the accuracy of information that is already known.
  • To generate insights from data: The chatbot could be used to identify patterns and trends in data that may not be apparent to human analysts. This could help analysts to better understand the world around them and to identify potential threats.
  • To automate tasks: The chatbot could be used to automate tasks such as data collection, analysis, and reporting. This could free up analysts to focus on more complex and strategic work.

The CIA's AI chatbot is still in its early stages of development, but it has the potential to revolutionize the way that intelligence agencies operate. If successful, the chatbot could help agencies to be more efficient, effective, and responsive to emerging threats.

However, it is important to note that the use of AI by intelligence agencies also raises several concerns. For example, there is a risk that AI systems could be biased or inaccurate. Additionally, there is a concern that AI could be used to violate people's privacy or to develop autonomous weapons systems.

It is important for intelligence agencies to be transparent about how they are using AI and to take steps to mitigate the risks associated with its use. The CIA has said that its AI chatbot will follow US privacy laws and that it will not be used to develop autonomous weapons systems.

The CIA's AI chatbot is a remarkable advancement that might have a substantial effect on how intelligence services conduct their business. To make sure that intelligence services are using AI properly and ethically, it is crucial to closely monitor its use.

DoD Claims: China’s ICS Cyber Onslaught Aims at Gaining Strategic Warfare Advantages


According to the US Department of Defense (DoD), China's relentless cyberattacks on vital infrastructure are likely a precautionary measure intended to obtain a strategic advantage in the event of violent warfare.

The Cyber Strategy released earlier this week by DoD has mentioned an increase in the state-sponsored cybercrime from People's Republic of China (PRC), particularly against sensitive targets that could affect military responses. 

According to the agency, this is done in order to "to counter US conventional military power and degrade the combat capability of the Joint Force."

The DoD claims in their report that the PRC "poses a broad and pervasive cyberespionage threat," monitoring movements of individual beyond its borders, and further acquiring technology secrets, and eroding the capabilities of the military-industrial complex. However, the NSA cautioned that the operation goes beyond routine information collecting.

"This malicious cyber activity informs the PRC's preparations for war[…]In the event of conflict, the PRC likely intends to launch destructive cyberattacks against the US Homeland in order to hinder military mobilization, sow chaos, and divert attention and resources. It will also likely seek to disrupt key networks which enable Joint Force power projection in combat," the report stated.

An Increasing Chinese Focus on Military Degradation

The notion that cyber activities can signal impending military action is consistent with predictions made earlier this year in the wake of the Volt Typhoon attacks by Microsoft and others. With a series of compromises that targeted telecom networks, power and water controls, US military bases at home and abroad, and other infrastructure whose disruption would interfere with actual military operations, the Beijing-backed advanced persistent threat (APT) made national headlines in the US in May, June, and July.

However, the operational technology (OT) used by the victims has not yet been impacted by the compromises. But, CISA Director Jen Easterly warned at Black Hat USA in August that if the US gets involved in a potential invasion of Taiwan, the Chinese government may be positioning itself to launch disruptive attacks on American pipelines, railroads, and other critical infrastructure.

"This APT moves laterally into environments, gaining access to areas in which it wouldn't traditionally reside[…]Additionally, this threat actor worked hard to cover their tracks by meticulously dumping all extracted memory and artifacts, making it difficult for security teams to pinpoint the level of infiltration," says Blake Benson, cyber lead at ABS Group Consulting.

Taking into account the military-focused cyber activities that can potentially entail collateral damage to bystander business, there could also be a sort of ‘anti-halo effect’ at work, according to John Gallagher, vice president of Viakoo Labs at Viakoo.

"Virtually all exploits launched by nation-states 'leak' over to non-nation-state threat actors[…]That means organizations who depend on IoT/OT systems will be direct targets at some point to the same threats being launched against national critical infrastructure," warns Gallagher.  

U.S. Hunts Chinese Malware Halting Military Operations

 

The Biden administration is looking for malware that may jeopardise military and civilian power grids, communications systems, and water supplies, the New York Times reported. 

The malware, which is believed to have been installed by Chinese hackers linked to the People's Liberation Army, could try to sabotage and delay any response by the U.S. military should China take action against Taiwan, according to U.S. officials, who spoke to the Times. 

One congressional representative called the malware "a ticking time bomb" that might allow China to cut off communications, water, and power to military outposts. 

The official also stated that the malware may have an equivalent impact on ordinary Americans' homes and companies. 

The White House sent a statement last week in response to inquiries from the Times prior to the report's publication, but it avoided addressing China or the military bases specifically.

“The Biden administration is working relentlessly to defend the United States from any disruptions to our critical infrastructure, including by coordinating interagency efforts to protect water systems, pipelines, rail and aviation systems, among others,” stated Adam Hodge, acting spokesperson for the National Security Council. 

The report was published just two months after Microsoft revealed that the alleged Chinese hacking group Storm-0558 had gained access to email accounts belonging to approximately 25 organisations, including government agencies, in the United States in addition to official government email accounts in Western Europe. 

U.S. Secretary of State Antony Blinken and Wang Yi, China's top diplomat, met on the sidelines of the ASEAN Foreign Ministers' Meeting in Jakarta. Wang Yi brought up the Chinese cyber espionage attack that targeted emails from the U.S. government. 

Chinese hackers are believed to have targeted email accounts at the State Department and other government organisations in May. They were found right before Blinken's trip to Beijing in June, and they included Gina Raimondo's account. 

Since the normalisation of relations half a century ago, relations between the U.S. and China have never been worse. The two superpowers are at odds over Taiwan, access restrictions to high-tech semiconductor chips for China, and accusations of malicious online behaviour from both sides. 

The U.S. frequently accuses Beijing of cyber attacks against its agencies and infrastructure, and earlier this year, in a high-profile incident, it shot down a bus-sized balloon off the coast of South Carolina.

US House Panel Launches Probe Into China's US Gov Email Hack

 

The recent email system hacks at the Commerce and State departments, which China may have been engaged in, are the subject of an inquiry, the U.S. House of Representatives Oversight Committee revealed on Wednesday. 

Representative James Comer, chair of the committee, and the heads of two subcommittees sought staff briefings from Secretaries of State Antony Blinken and the Department of Commerce by August 9. 

"We are also concerned that this attack on federal agencies, including the email account of a senior U.S. government official such as yourself, reflects a new level of skill and sophistication from China’s hackers," the lawmakers Raimondo stated. 

A person with knowledge of the incident claims that Raimondo was one of a number of senior U.S. officials whose emails were stolen at the beginning of this year by a group Microsoft (MSFT.O) believed was based in China. 

In the midst of rising tensions between Beijing and Washington on a variety of issues, from trade to Taiwan, the disclosure that senior State and Commerce department officials' emails had been obtained by Chinese hackers last month sparked controversy. 

At least 20 additional organisations were affected by the breach, but it's unclear how severe it was. The American ambassador to China, Daniel Kritenbrink, reportedly had his email account hacked, according to The Wall Street Journal last month. 

Hundreds of thousands of emails were reportedly stolen in total, The Journal reported. 

Despite the alleged Chinese hacking, Raimondo stated last month that she still intended to travel to China this year. In spite of the fact that the trip is currently being planned, Raimondo told CNBC, "We do not justify any hacking or breach of our security." 

The Chinese embassy in Washington previously issued a statement in which it acknowledged the difficulty of determining the source of cyberattacks and issued a warning against making "groundless speculations and allegations."

Report: Possible Chinese Malware in US Systems a 'Ticking Time Bomb'

 

According to a report by The New York Times on Saturday, the Biden administration has raised concerns about China's alleged implantation of malware into crucial US power and communications networks. The officials fear this could act as a "ticking time bomb" capable of disrupting US military operations in the event of a conflict.

The malware, as reported by the Times, could potentially grant China's People's Liberation Army the capability to disrupt not only US military bases' water, power, and communications but also those of homes and businesses across the country. 

The main concern is that if China were to take action against Taiwan, they might utilize this malware to hamper US military operations.

This discovery of the malware has led to a series of high-level meetings in the White House Situation Room, involving top military, intelligence, and national security officials, to track down and eliminate the malicious code.

Two months prior to this report, Microsoft had already warned about state-sponsored Chinese hackers infiltrating critical US infrastructure networks, with Guam being singled out as one target. 

The stealthy attack, ongoing since mid-2021, is suspected to be aimed at hindering the United States in case of a regional conflict. Australia, Canada, New Zealand, and Britain have also expressed concerns that Chinese hacking could be affecting infrastructure globally.

The White House, in response, issued a statement that did not specifically mention China or military bases. The statement emphasized the administration's commitment to defend the US critical infrastructure and implement rigorous cybersecurity practices.

These revelations come at a tense moment in US-China relations, with China asserting its claim over Taiwan and the US considering restrictions on sophisticated semiconductor sales to Beijing.