 "Private-sector spying foils China-linked hacking")
A coalition of technology companies says it has disrupted a hacking campaign linked to Chinese intelligence, demonstrating for the first time a private-sector model that they believe can move faster than investigations by law enforcement agencies.
The hackers have used tools found in some of the most sophisticated spying operations linked to China, including a 2010 attack on Google Inc and the theft of some of the US's most valuable technology. Malicious code used by the hackers has been removed from 43,000 computers worldwide since October 14, according to a report the coalition is releasing on Tuesday. The take-down largely bypassed traditional law enforcement tools, relying instead on cooperation between companies that are normally fierce competitors. Coalition members -- which include Microsoft Corp, Cisco Inc and Symantec Corp -- say they can act faster than governments because they operate global internet systems and have business relationships with tens of thousands of companies.
"We believe this is a first-of-its-kind effort," said Peter LaMontagne, chief executive officer of Novetta Solutions LLC, a cyber-security company based in McLean, Virginia, that is part of the coalition. "The security industry is starting to raise the bar, or hopefully forcing hostile actors to have to spend more of their resources" to continue attacks.
The coalition includes software providers, rising stars in the security industry and firms that manufacture the hardware from which the internet is built.
Challenging hackers
FireEye Inc, iSight Partners and other companies that are part of the effort are challenging Chinese hackers who have operated for more than six years stealing secrets from governments, technology manufacturers and thousands of other companies in the United States, Asia and Europe, according to the report. "This demonstrates a greater degree of coherence and effectiveness on the part of the private sector than we've seen up to now," said Zachary Goldman, executive director of the Center on Law and Security at the New York University School of Law, who wasn't involved in the effort.
Director of National Intelligence James Clapper and other Obama administration officials have repeatedly listed China as one of the top hacking threats to the US during congressional hearings and in public speeches.
Companies have complained for years that the government collects information on state-sponsored perpetrators for intelligence purposes but doesn't do enough to stop them.
'Stopping harm'
"What's different here is the priority is stopping the harm as opposed to imposing consequences on the perpetrator," Goldman said.
The Federal Bureau of Investigation issued an alert on October 15 warning the makers of microchips, computer networking equipment and data storage services that Chinese hackers are trying to steal their secrets. The alert was done in coordination with the private-sector coalition and took aim at the same sophisticated hacking group, according to a representative of a coalition member who asked for anonymity to discuss a private matter.
The alert indicates Beijing-backed hackers continue to operate even after US prosecutors in May won an indictment of five Chinese military officials for stealing trade secrets from American companies.
"The FBI has recently observed online intrusions that we attribute to Chinese government affiliated actors," said Joshua Campbell, an FBI spokesman, in an e-mail. "Private-sector security firms have also identified similar intrusions and have released defensive information related to those intrusions."
Malicious code
The hackers, dubbed Axiom by the coalition, have used customised malicious code and a global network of compromised computers to conduct espionage and extract sensitive government documents and corporate trade secrets, according to the report.
The report doesn't list victims though says they include technology companies and government agencies, pharmaceutical and energy companies, media organisations and pro-democracy dissidents opposed to the Chinese government.
China's ministry of state security, the intelligence and security arm of the government, likely tasked Axiom with carrying out some of its most secretive attacks using custom malware known as HiKit, according to LaMontagne.
The FBI alert this month said the hackers were using HiKit, indicating the same group the coalition has uncovered.
180 machines
The malware allows data to be uploaded and downloaded on compromised computers and has been found on 180 machines since October 14, LaMontagne said.
"The fact the primary beneficiary of information stolen in these campaigns is not military or directly financial, but rather intelligence benefiting Chinese domestic and international policies, is highly telling and implies the Chinese intelligence apparatus could be behind such attacks," according to the report.
Axiom is more sophisticated and stealthier than other Chinese-based hackers, the report said. Hackers linked to the Chinese People's Liberation Army were identified in 2013 by cyber-security company Mandiant Corp because they allowed their names to be known through online forums and by registering internet domains.
"In contrast, there have been no identified mistakes in operational security on the part of Axiom operators to date," the report said.
Temporary setback
The setback to the hackers may only be temporary, the companies say. The hackers have been ejected from tens of thousands of computers and their malware will now be harder to hide from security tools, said Brian Bartholomew, a senior intelligence analyst at iSight Partners, a Dallas-based security firm and a member of the coalition. They can build new infiltration tools but that is a costly and time-consuming task, he said.
"Information on individuals stored by Western and Asian government entities has also been targeted by Axiom," according to the report. "Information held by these organisations include details on individuals with access to confidential or classified information, which would be extremely useful for intelligence and counter-intelligence operations."
A link also exists between Axiom and the high-profile attack in 2010 called Operation Aurora that targeted the networks of Google, Yahoo! Inc, Adobe Systems Inc and dozens of other prominent technology companies, LaMontagne said in an interview.
'Greater good'
The coalition has sent technical information to companies and government agencies about how Axiom operates through 64 security firms in 22 countries.
"We were able to sit down, put aside the secret-sauce speech that everyone normally gives and says, for the greater good, let's share everything that we have," Bartholomew said. "The private sector has some reach and access that law enforcement doesn't."
The coalition will continue to monitor the impact its efforts are having on Axiom.
"The big question: Is this going to shut them?" Bartholomew said. "The consensus is probably not, but it's a good effort at throwing a wrench in their operations. They're going to have to reboot and develop all new malware."
Geng Shuang, a spokesman for China's embassy in Washington, said Chinese law stops internet crime and the country is a victim of hacking attacks.
"Judging from experience, this kind of reports or allegations is usually fictitious," Shuang said in an e-mail.
He said, "Groundless accusations at others is not constructive at all and does not contribute to the solution of the issue."
The hackers have used tools found in some of the most sophisticated spying operations linked to China, including a 2010 attack on Google Inc and the theft of some of the US's most valuable technology. Malicious code used by the hackers has been removed from 43,000 computers worldwide since October 14, according to a report the coalition is releasing on Tuesday. The take-down largely bypassed traditional law enforcement tools, relying instead on cooperation between companies that are normally fierce competitors. Coalition members -- which include Microsoft Corp, Cisco Inc and Symantec Corp -- say they can act faster than governments because they operate global internet systems and have business relationships with tens of thousands of companies.
"We believe this is a first-of-its-kind effort," said Peter LaMontagne, chief executive officer of Novetta Solutions LLC, a cyber-security company based in McLean, Virginia, that is part of the coalition. "The security industry is starting to raise the bar, or hopefully forcing hostile actors to have to spend more of their resources" to continue attacks.
The coalition includes software providers, rising stars in the security industry and firms that manufacture the hardware from which the internet is built.
Challenging hackers
FireEye Inc, iSight Partners and other companies that are part of the effort are challenging Chinese hackers who have operated for more than six years stealing secrets from governments, technology manufacturers and thousands of other companies in the United States, Asia and Europe, according to the report. "This demonstrates a greater degree of coherence and effectiveness on the part of the private sector than we've seen up to now," said Zachary Goldman, executive director of the Center on Law and Security at the New York University School of Law, who wasn't involved in the effort.
Director of National Intelligence James Clapper and other Obama administration officials have repeatedly listed China as one of the top hacking threats to the US during congressional hearings and in public speeches.
Companies have complained for years that the government collects information on state-sponsored perpetrators for intelligence purposes but doesn't do enough to stop them.
'Stopping harm'
"What's different here is the priority is stopping the harm as opposed to imposing consequences on the perpetrator," Goldman said.
The Federal Bureau of Investigation issued an alert on October 15 warning the makers of microchips, computer networking equipment and data storage services that Chinese hackers are trying to steal their secrets. The alert was done in coordination with the private-sector coalition and took aim at the same sophisticated hacking group, according to a representative of a coalition member who asked for anonymity to discuss a private matter.
The alert indicates Beijing-backed hackers continue to operate even after US prosecutors in May won an indictment of five Chinese military officials for stealing trade secrets from American companies.
"The FBI has recently observed online intrusions that we attribute to Chinese government affiliated actors," said Joshua Campbell, an FBI spokesman, in an e-mail. "Private-sector security firms have also identified similar intrusions and have released defensive information related to those intrusions."
Malicious code
The hackers, dubbed Axiom by the coalition, have used customised malicious code and a global network of compromised computers to conduct espionage and extract sensitive government documents and corporate trade secrets, according to the report.
The report doesn't list victims though says they include technology companies and government agencies, pharmaceutical and energy companies, media organisations and pro-democracy dissidents opposed to the Chinese government.
China's ministry of state security, the intelligence and security arm of the government, likely tasked Axiom with carrying out some of its most secretive attacks using custom malware known as HiKit, according to LaMontagne.
The FBI alert this month said the hackers were using HiKit, indicating the same group the coalition has uncovered.
180 machines
The malware allows data to be uploaded and downloaded on compromised computers and has been found on 180 machines since October 14, LaMontagne said.
"The fact the primary beneficiary of information stolen in these campaigns is not military or directly financial, but rather intelligence benefiting Chinese domestic and international policies, is highly telling and implies the Chinese intelligence apparatus could be behind such attacks," according to the report.
Axiom is more sophisticated and stealthier than other Chinese-based hackers, the report said. Hackers linked to the Chinese People's Liberation Army were identified in 2013 by cyber-security company Mandiant Corp because they allowed their names to be known through online forums and by registering internet domains.
"In contrast, there have been no identified mistakes in operational security on the part of Axiom operators to date," the report said.
Temporary setback
The setback to the hackers may only be temporary, the companies say. The hackers have been ejected from tens of thousands of computers and their malware will now be harder to hide from security tools, said Brian Bartholomew, a senior intelligence analyst at iSight Partners, a Dallas-based security firm and a member of the coalition. They can build new infiltration tools but that is a costly and time-consuming task, he said.
"Information on individuals stored by Western and Asian government entities has also been targeted by Axiom," according to the report. "Information held by these organisations include details on individuals with access to confidential or classified information, which would be extremely useful for intelligence and counter-intelligence operations."
A link also exists between Axiom and the high-profile attack in 2010 called Operation Aurora that targeted the networks of Google, Yahoo! Inc, Adobe Systems Inc and dozens of other prominent technology companies, LaMontagne said in an interview.
'Greater good'
The coalition has sent technical information to companies and government agencies about how Axiom operates through 64 security firms in 22 countries.
"We were able to sit down, put aside the secret-sauce speech that everyone normally gives and says, for the greater good, let's share everything that we have," Bartholomew said. "The private sector has some reach and access that law enforcement doesn't."
The coalition will continue to monitor the impact its efforts are having on Axiom.
"The big question: Is this going to shut them?" Bartholomew said. "The consensus is probably not, but it's a good effort at throwing a wrench in their operations. They're going to have to reboot and develop all new malware."
Geng Shuang, a spokesman for China's embassy in Washington, said Chinese law stops internet crime and the country is a victim of hacking attacks.
"Judging from experience, this kind of reports or allegations is usually fictitious," Shuang said in an e-mail.
He said, "Groundless accusations at others is not constructive at all and does not contribute to the solution of the issue."
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%