U.S. Took Fight to China in Cyber-Spy War

NSA scandal uncovers U.S. successes in cyber-spy conflict with China.

Most of the news emerging today about the National Security Agency (NSA) focus on revelations about its digital espionage capabilities, as well as the increasingly thin chance that the White House will accept an advisory panel’s recommendations that the NSA’s wings be clipped. A less timely aspect of the developing story paints a new and far different picture of an ongoing conflict between cyber-spies in the U.S. and China, whose digital espionage has been just as aggressive and far higher profile than that of the U.S., though far less sophisticated as well.

The most ironic point of conflict may be the ongoing efforts of U.S. military and counterintelligence authorities to keep computer- and networking products from Chinese IT giant Huawei Technologies, Ltd. out of the U.S., an effort based on Western suspicions that Huawei’s upper management is too chummy with senior-level government officials and may have used either their products or global workforce to help China’s intelligence services spy on other countries.

Huawei was all but banned from selling telecom equipment in the U.S., U.K. and Australia last year, following investigations in each country into allegations that the company built back doors into its hardware for the use of Chinese intelligence services and may have allowed Chinese spies to pose as Huawei employees during stints overseas.

Few of the charges were proven, even after a year-long Congressional investigation, but U.S. officials have remained adamantly maintained that Huawei is a security risk.

During the early days of the NSA scandals, Huawei officials defended the company by pointing out the accusations against it were far narrower in scope than NSA documents defining similar efforts to subvert the security of technology products. Cyber-spy scandals have made governments so suspicious that all tech companies have an obligation to allow themselves to be examined, if only to reassure customers they have no negative intentions, Huawei CEO Ren Zhengfei said in the introduction to an October report that Huawei published to try to lessen suspicion by outlining its internal organization and security procedures.

Despite the intensifying NSA scandal, however, CFO Cathy Meng was still forced to reject more accusations during a Jan. 15 news conference announcing the company’s latest financial results. “We have seen no incidents on networks due to security problems,” Meng said during the event in Beijing. “A lot of reports say Huawei equipment has more vulnerabilities or is more easily breached. These reports are groundless.”

The tension may reflect general suspicion of technical equipment from foreign countries, which was intensified by an ongoing digital conflict in which Chinese intelligence units were able to score major victories over the course of many years, while U.S. counter-intelligence was widely denigrated, at least partly due to successful efforts to keep its successes quiet, according to NSA documents featured in stories in The New York Times and elsewhere today.

China’s intelligence services became notorious during 2011 and 2012, following what security analysts said was more than a decade-long concerted effort to steal secrets from servers in the Pentagon, U.S. universities and non-military organizations. Those efforts were too aggressive and widespread, as the supposedly secret, Shanghai-based military intelligence unit blamed for most of the attacks became infamous for its success. The group, called Unit 61398 by the Chinese military and nicknamed the “Comment Crew” or “Shanghai Group” by American intelligence, is responsible for “an overwhelming percentage of the attacks on American corporations, organizations and government agencies,” according to a Feb. 2013 Times story.

The unit’s attacks were so frequent and methods so standardized that the highly successful program of attacks revealed by McAfee Security in February 2011, code-named Night Dragon, seemed to have taken on an industrialized, production-line, 9-to-5 workaday approach to international cyberespionage.

U.S. officials said little during August 2011, when McAfee and other analysts confirmed China was behind attacks on 70 organizations in 14 countries, including the United States, and U.S. agencies were heavily criticized for inaction following revelations in 2012 that China was only the most successful of several state-sponsors of cyberespionage efforts against the West (of so large a scale that the head of British counter-intelligence agency MI-5 called its scope “astonishing”).

Cyber-spies in Shanghai became so matter-of-fact about their activities, in fact, that they inadvertently allowed the beginning of one attack to be caught on tape while a government-sponsored film crew shot video inside the super-secret facility while making a documentary warning of the danger of cyber-attacks from the U.S. Public responses and defense of Pentagon servers appeared so lax that a July 25, 2011 report from the Government Accountability Office (GAO) accused the Department of Defense (DoD) of having all but ignored the threat for almost 19 years. The DoD’s ability to recognize, respond to or defend against cyberattack was so spotty and incoherent, according to the report, that it left the nominally most-technically-advanced military in the world almost defenseless against routinely workaday attacks from less-well equipped rivals, the report found.

The NSA revelations don’t address Pentagon strengths or weaknesses specifically, but do show overall U.S. response to cyberattacks were much more aggressive than was apparent in 2012, even to the GAO. In addition to the much-criticized programs that eavesdrop on U.S. residents or insert backdoors into U.S.-produced technology products, the Snowden documents paint a picture of intense counter-intelligence efforts aimed at China and, more specifically, at Unit 61398. According to the Jan. 14 Times story summarizing revelations of the NSA’s methods, the U.S. is (or was) operating at least two data centers on Chinese territory to conduct surveillance on Unit 61398 as well as other Chinese cyber-intelligence units, in addition to supporting independent digital espionage efforts.

Snowden documents hint that NSA uses the datacenters to distribute backdoor-creating malware and to monitor broadcasts from a newly-disclosed type of bug code-named “Nightstand” that can be built into USB drives or tiny circuit boards that can be covertly installed in high-security Chinese datacenters or hardware. Once installed, the bugs are reportedly able to broadcast coded signals on secret frequencies as far as eight miles, where they can be picked up by NSA monitors or relayed to NSA datacenters using radio repeaters no larger than a briefcase.

Unit 61398 is a particular target of those surveillance efforts, which are designed to give U.S. officials early warning of the unit’s next targets and warn of new attacks or techniques, according to the story in the Times.

Chinese officials have also taken the Obama administration to task for those revelations, and for allegations that U.S. embassies in China and elsewhere were used as bases for NSA surveillance of Chinese government and military facilities. In talks with Chinese officials last Fall, the Obama administration tried to defend its efforts on national-security grounds. The effort made little impression on the Chinese, who consider national security to include a wide range of economic, political and social issues, according to analysts. Defining national security that widely justifies industrial espionage targeting product designs and corporate strategies as well as activities designed to research or support topics considered sensitive by the Chinese government, or dissident groups it considers dangerous.

In addition to high-profile raids on Pentagon servers, for example, Chinese intelligence efforts scooped up as much information as possible about the activity within the U.S. of dissident groups including Fah Lum Gong, a quasi-religious, Buddhist-derived group that claims as many as 70 million followers or practitioners for its Tai-Chi-like meditative practices.

The NSA scandals may have put the U.S. at a disadvantage in trade talks and in efforts to lessen tension over the cyber-spy war, but do reflect a much more even playing field among digital spies than appeared to be the case two years ago. The agency still refuses to acknowledge most of its own successes, and denies charges that it went beyond its proper role in gathering intelligence on national security issues to engage in industrial espionage as well.

“NSA’s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” NSA spokesperson Vanee Vines told the Times in a written statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”

 

Image: Shutterstock.com/Stephen Finn