China is an increasing threat in Cyber Security: Cyber Security Today for Monday, November 4, 2024 - Cybersecurity Today

Summary6 min read

Cybersecurity Today: China is an Increasing Threat in Cyber Security

Host: Jim Love
Release Date: November 4, 2024

Introduction

In the November 4, 2024 episode of Cybersecurity Today, host Jim Love delves into the escalating cybersecurity threats posed by China. While Russia and North Korea are frequently highlighted in discussions about hacking and espionage, China is emerging as a significant and growing threat in the cyber domain. Love introduces three compelling stories from recent events that underscore the risks emanating from China, including concerns from Silicon Valley, a revealing report on China’s infiltration of Canadian government systems, and the persistence of a Chinese-origin botnet.

“[...] China has an increasing threat in terms of cybersecurity.”
— Jim Love [00:02]

Chinese Espionage in Silicon Valley

Growing Espionage Activities

Jim Love begins by focusing on Silicon Valley, traditionally known as a hub of innovation but now also a hotspot for espionage. Amidst escalating geopolitical tensions, Chinese spies have intensified their operations within America's premier tech ecosystem, targeting leading companies such as Google, Tesla, and Apple.

“Silicon Valley has long been a breeding ground for innovation, but increasingly it's a breeding ground for espionage.”
— Jim Love [00:02]

Case Study: Lin Yading and Google

A prominent example highlighted is the case of Lin Yading, a Google employee charged with attempting to steal trade secrets. Lin allegedly downloaded over 500 files related to Google's AI technology and deceived colleagues to cover his tracks by scanning his access badge while he pitched to investors in China. The FBI intervened just before Lin was set to depart for Beijing, seizing his devices. Although Lin has pleaded not guilty, this incident is indicative of a broader pattern of corporate espionage.

“[...] Lin Yading, a Google employee who is caught red-handed trying to steal trade secrets to launch his own company in China.”
— Jim Love [00:02]

Broader Implications and Responses

The episode underscores that Lin’s case is merely the "tip of a very large iceberg," reflecting widespread Chinese corporate espionage targeting multiple tech giants. U.S. agencies have raised alarms about China’s urgent quest for advanced technology, driven by strict export controls on sectors like advanced chips and AI systems. The Ministry of State Security (MSS) in Beijing is reportedly employing clandestine methods to circumvent these restrictions, enabling the theft of proprietary information without significant investment in research and development.

“[...] virtually all PRC citizens who work in technology companies abroad are allowed by the MSS to steal proprietary information.”
— Jim Love [00:02]

Government and Corporate Countermeasures

In response to these threats, the U.S. has established the Disruptive Technology Strike Force to combat high-tech theft. Silicon Valley companies are enhancing their internal security measures, implementing more rigorous employee screening, and collaborating closely with federal authorities to safeguard their intellectual property and maintain the United States' technological leadership globally.

Infiltration of Canadian Government Systems

Extent of the Breach

Jim Love shifts focus to a startling revelation from Canada, where Chinese state-sponsored hackers have infiltrated government networks for five years. A report from the Canada Cyber Center, part of the Communication Security Establishment, attributes these intrusions to Chinese actors aiming to secure strategic economic and diplomatic advantages.

“Chinese hackers reportedly infiltrated Canadian government networks for five years, gaining access to sensitive information.”
— Jim Love [00:02]

Targeted Sectors and Methods

The hackers targeted a broad spectrum of government systems, including federal, provincial, and indigenous networks. Notably, members of the Inter Parliamentary Alliance on China, who have been critical of the Chinese Communist Party, were subjected to phishing attacks designed to implant trackers on their devices. The sectors of interest encompassed advanced robotics, quantum computing, 6G networks, Web3 technology, and aviation, with private organizations in these fields also falling victim.

“[...] members of the Inter Parliamentary alliance on China who have criticized the Chinese Communist Party were targeted in 2021 through phishing emails designed to plant trackers on their devices.”
— Jim Love [00:02]

Ongoing Risks and Government Warnings

While the Cyber Center has stated that all known federal government compromises have been resolved, there remains a lingering threat due to the extensive efforts hackers invested in understanding Canadian networks. Early in 2024, the Canadian government warned of multiple reconnaissance scans conducted by Chinese threat actors on various government bodies, political parties, and critical infrastructure, highlighting the persistent and evolving nature of these cyber espionage campaigns.

Persistent Chinese-Origin Botnet Threat

Overview of Covert Network 1658

The third story centers on a sophisticated botnet, initially identified as BotNet7777 in 2023 and now referred to by Microsoft as Covert Network 1658. This botnet comprises thousands of compromised TP-Link routers, cameras, and Internet of Things (IoT) devices. Its primary function is to execute evasive password spraying attacks on Microsoft Azure accounts, posing significant challenges for detection and mitigation.

“Microsoft notes that the botnet now averages around 8,000 active devices largely composed of hacked TP link routers.”
— Jim Love [00:02]

Technical Sophistication and Challenges

Covert Network 1658 employs several techniques to evade traditional security mechanisms:

IP Address Rotation: By continuously rotating the compromised routers’ IP addresses, the botnet masks login attempts across multiple sources.
Low Volume Attacks: Utilizing low-frequency login attempts helps avoid triggering security alerts.
Device Cycling: Each device within the botnet remains active for approximately 90 days before being replaced, complicating tracking and shutdown efforts.

These strategies make the botnet exceptionally resilient and difficult to dismantle, underscoring the need for enhanced security measures on IoT devices and increased vigilance from organizations utilizing cloud services like Azure.

“[...] hackers use low volume login attempts to avoid triggering traditional security alerts while frequently rotating IP addresses among the broad set of compromised small office home office devices.”
— Jim Love [00:02]

Implications for Multiple Sectors

The persistence of Covert Network 1658 indicates that any group leveraging this infrastructure can potentially launch widespread account takeover campaigns. This poses substantial risks across various sectors, emphasizing the critical importance of securing IoT devices and strengthening cloud service defenses to mitigate such threats effectively.

Conclusions and Future Outlook

Jim Love wraps up the episode by highlighting the relentless nature of China’s cyber threats and the multifaceted approach required to counter them. From corporate espionage in Silicon Valley to government system infiltrations in Canada and the enduring menace of sophisticated botnets, the landscape of cybersecurity threats is evolving rapidly.

“For Silicon Valley, this is not just about safeguarding intellectual property, it's about maintaining the US Position at the forefront of global technology.”
— Jim Love [00:02]

To maintain technological leadership and national security, continuous collaboration between private companies and federal authorities is imperative. Strengthening internal security protocols, conducting thorough employee screenings, and investing in advanced cybersecurity technologies are essential strategies in this ongoing battle against state-sponsored cyber threats.

As China's ambitions in the cyber realm grow, Silicon Valley's tech giants and government agencies alike face the daunting task of defending against espionage and cyberattacks on an unprecedented scale. The episode serves as a call to action for increased vigilance, robust security measures, and sustained efforts to protect critical technological assets from foreign adversaries.

For more insights and detailed discussions from this episode, visit technewsday.com or ca.pickyou.com.

Jim Love, your host, thanks you for listening to Cybersecurity Today.

Loading summary

Transcript1 lines

[00:03]
Jim Love
We get used to the daily dose of news about hacking from Russia and North Korea. But China has an increasing threat in terms of cybersecurity. And today we have a special edition with three stories that we found over the weekend that illustrate the risks coming from China. There's concerns from Silicon Valley. There's a stunning report on how deeply China has infiltrated the Canadian government systems and a botnet that just won't go away that has Chinese origins. This is Cybersecurity Today. I'm your host, Jim Love. Silicon Valley has long been a breeding ground for innovation, but increasingly it's a breeding ground for espionage. Amid an escalating geopolitical struggle, Chinese spies are stepping up their operations in America's tech hub, putting companies like Google, Tesla and Apple directly in their crosshairs. The most recent episode involved Lin Yading, a Google employee who is caught red handed trying to steal trade secrets to launch his own company in China. Ding, who worked at Google's California headquarters for four years, had covertly downloaded more than 500 files related to Google's AI technology. Investigators also discovered that Ding had deceived a colleague into scanning his access badge to make it look like he was in the office when he was actually in China pitching to investors. On January 6, a day before Ding was set to leave for Beijing, FBI agents raided his home and seized his devices. Ding has pleaded not guilty, but his case is just the tip of a very large iceberg. The FBI and other U.S. agencies are increasingly sounding the alarm on China's corporate espionage operations. American authorities claim that China's need for cutting edge technology has grown more urgent due to strict export controls on advanced chips and AI systems. As a result, China's Ministry of State Security has allegedly turned to clandestine methods to bridge the technology gap. Beijing's efforts have not just targeted Google. In recent years, individuals have been charged with stealing technology from companies including Tesla, Apple and IBM with the aim of transferring it back to China, often successfully. Virtually all PRC citizens who work in technology companies abroad are allowed by the MSS to steal proprietary information, according to Nigel west, an intelligent expert. He goes on to say, it's state sponsored theft and it's designed to give Chinese companies a competitive advantage without investing the time and money in R and D. West describes a systemic effort that is state backed, with Chinese nationals often facing no consequences if they take stolen technology home to exploit it for profit. Recently publicized incidents are highlighting an intensifying battle over technology and innovation, with China appearing undeterred by US Legal action. Just this June, a Canadian national pleaded guilty to stealing battery manufacturing secrets from Tesla to launch a similar venture in China. In another instance, multiple former Apple employees were caught attempting to flee the US with proprietary information related to self driving car technology. Last year, the US launched a disruptive technology strike force to address high tech theft, signaling a recognition of the scale of this threat. And for Silicon Valley, this is not just about safeguarding intellectual property, it's about maintaining the US Position at the forefront of global technology. Companies have stepped up their internal security measures, screening employees more rigorously and working closely with federal authorities to counter these growing threats. But as Beijing's ambitions grow, Silicon Valley's tech giants are facing an uphill battle in defending themselves against espionage on an unprecedented scale. Chinese hackers reportedly infiltrated Canadian government networks for five years, gaining access to sensitive information, according to a report the National Cyber Threat Assessment from Canada Cyber center, part of the Communication Security Establishment. The report claims the intrusion attributed to Chinese state sponsored actors aimed to gain strategic economic and diplomatic leverage. The hackers allegedly targeted a wide range of government systems, including federal, provincial and indigenous networks, the report states. PRC state sponsored cyber threat actors persistently conduct cyber espionage against federal, provincial, territorial, municipal and indigenous government networks in Canada. Notably, members of the Inter Parliamentary alliance on China who have criticized the Chinese Communist Party were targeted in 2021 through phishing emails designed to plant trackers on their devices. The attackers were interested in sectors like advanced robotics, quantum computing, 6G networks, Web3 technology and aviation, with private sector organizations in these fields also affected. Although the Cyber center claims that all known federal government compromises have been resolved, it warns that remnants of these attacks may still exist due to the extensive time and resources hackers invested in studying Canadian Networks. Early in 2024, the Canadian government had cautioned that Chinese threat actors conducted multiple critical earlier in 2024, the Canadian government had cautioned that Chinese threat actors had conducted multiple reconnaissance scans on various government bodies, political parties and critical infrastructure, underscoring the persistent risk these cyber espionage campaigns pose to Canada's security and hackers linked to the Chinese government are using a large botnet comprised of TP link routers to conduct highly evasive password spraying attacks on Microsoft Azure accounts. Microsoft warned about this this week. Dubbed Covert Network 1658 by Microsoft, this botnet comprises thousands of routers, cameras and Internet of Things devices, posing a significant challenge for detection and mitigation. The botnet, previously identified as BotNet7777 by researchers in 2023, initially included over 16,000 devices by rotating compromised routers IP addresses, hackers mask login attempts across multiple IP addresses, making it difficult for security systems to detect these password spraying attacks. Microsoft notes that the botnet now averages around 8,000 active devices largely composed of hacked TP link routers. Some characteristics of the attacks make them especially difficult to identify. Hackers use low volume login attempts to avoid triggering traditional security alerts while frequently rotating IP addresses among the broad set of compromised small office home office devices. Additionally, each device in the botnet operates for an average of 90 days before cycling out, complicating tracking and shutdown efforts. Microsoft cautioned that any group using the COVID Network 1658 Infrastructure can mount these widespread account takeover campaigns, posing risks to multiple sectors. This threat's persistence highlights the need for enhanced security on IoT devices and vigilance from organizations using cloud services like Azure. And that's our show for today. You can find show notes and links to some of the stories on technewsday.com or ca. Take youe Pick I'm your host Jim Love. Thanks for listening.