China Turns to Insiders in Latest Move to Win Economic Cyber War

China Turns to Insiders in Latest Move to Win Economic Cyber War

In what should be a surprise to no one, Chinese hackers have been attempting to steal technology data from U.S. firms for years.

Source: U.S. Department of Justice

The details: Intelligence officers from an arm of the China’s Ministry of State Security (MSS) worked from 2010 through, at least, 2015 to compromise computers and systems of aircraft manufacturers to steal commercial aviation technology data. Chinese hackers went after companies in the United States and France to gain proprietary intellectual property related to the manufacture of next-generation turbofans.

The operation was conducted specifically by the Jiangsu Province Ministry of State Security (JSSD), according to a release by the Department of Justice. The hackers conducted intrusion into companies that manufactured parts of the turbofan jet engine in Arizona, Massachusetts, Oregon and California. Chinese intelligence officers were also able co-opt Chinese nationals working at a French manufacturer as employees of a French aerospace company to install malware on the company’s systems.

Why it matters: At the time, a Chinese manufacturer was working on its own plans for a turbofan jet engine, which would be made in China. Unlike Russian hackers, whose goal is primarily to sow chaos around the world, Chinese hackers have long been motivated by the state to obtain trade secrets from foreign technology firms.

According to the DoJ, the JSSD hackers used a variety of techniques:

China’s JSSD intelligence officers and hackers working at their direction masterminded a series of intrusions in order to facilitate intrusions and steal non-public commercial and other data.  The hackers used a range of techniques, including spear phishing, sowing multiple different strains of malware into company computer systems, using the victim companies’ own websites as “watering holes” to compromise website visitors’ computers, and domain hijacking through the compromise of domain registrars.

The first alleged hack began no later January 8, 2010, when members of the conspiracy infiltrated Capstone Turbine, a Los-Angeles-based gas turbine manufacturer, in order to steal data and use the Capstone Turbine website as a “watering hole.”

Multiple Chinese intelligence officers have been indicted. The case will be prosecuted by the United States Attorney’s Office in the Southern District of California.

The Hacker perspective:

Randori cofounder David “Moose” Wolpoff says:

“It’s not news that the Chinese are wholesale thieving our intellectual property. Actually, it’s kind of one of my pillars of security stupidity. For some reason, Americans keep thinking in terms of ‘cyber war’ whereas Russia seems to act in terms of information war (social disruption and unrest) and China is acting in terms of economic war.

Insider threat, such as the intrusion into the French aerospace company, is a big deal. So it’s nice to see it be a prominent feature in the indictments. The bad news is: if you’ve got family in China or Russia, that means those nation states can put pressure on you. From a ‘business risk’ lens, it’s a good example of why thinking about “cyber security” in a vacuum isn’t likely to work. China’s objective isn’t in the hacking, per se, but rather in the privileged data it can obtain. So, stopping ‘the hacking’ itself probably shouldn’t be the objective of a defender.

It’s important to know what you are trying to protect. China is coming after you to steal something, you’d be surprised how many organizations haven’t done the exercise to know what that something is.”

*** This is a Security Bloggers Network syndicated blog from Code Red authored by Dan Rowinski. Read the original post at: