Name and shame crusade exposes China’s cyber activities
Guest Articles | 16th Oct, 2021
US Intelligence reveals secret activities of China’s Ministry of State Security agents
The Chinese ministry of state security civilian is now thoroughly inspected after an organized US name and shame crusade this week to reveal Beijing’s dark cyber activities.
“Fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own personal gain,” said the secretary of state Antony Blinken.
After three years of study of worldwide cyber activities, the justice department joined hands and uncovered an economic spying indictment against four Chinese cybercriminals, of whom three are part of the MSS.
The indictment offers an insight on how MSS officers worked with a technology company that prosecutors explain performed hacking operations against seven US universities, the National Institutes of health, eight American firms, two Saudi Arabian government organizations, a Cambodian government organization, a Malaysian political party, and a Malaysian top-notch rail company.
In 2011, the cyber act tagged the “MSS Hainan,” established the front company. Hainan Xiandun Technology Development Co. Ltd hired both cyber specialists and linguists for cyber acts against the US government and private limited firms.
The identities of the four Chinese nationals indicted are Zhu Yunmin, Wu Shurong, Cheng Qingmin, and Ding Xiaoyang. Mr Cheng, Mr Zhu, and Mr Ding are stipulated to be part of the MSS.
In the previous year, the cybersecurity blog, Intrusiontruth, exposed the identity of Mr Ding as an MSS agent after running advertisements on two Chinese university websites. However, one of the ads ran on the Hainan University School of foreign languages website, revealing that Hainan Xiandum was employing English Language Majors. The ad said, “Party members and student cadres are preferred.”
The indictment exposed that the MSS agents applied malware and sophisticated hacking methods such as misleading emails to obtain access to computer systems in other countries and extract knowledge. They applied a method known as steganography that permitted the spy service to put leaked data inside photos to hide the location on the web.
In 2018, the indictment revealed that Hainan cybercriminals transferred leaked trade secrets and hydroacoustic data (necessary for developing a submarine) to a GitHub account applying steganography of koala bear and past president trump.
This week, a top Biden-led administration authority proposed that MSS is recruiting contract non-governmental Chinese cybercriminals to perform ransom attacks for profits.
MSS has improved its cyber acts beyond gathering data to performing key worldwide hack programs, taking advantage of a Microsoft Exchange Server software security hitch.
In January, the Microsoft Exchange Server hack was performed and focused on over 300,000 computers, affecting some 30,000 networks for many months until the operation was exposed and the software security loophole fixed.
The information obtained by the MSS is a chunk of a key database comprising files of millions of people who will contribute to Beijing’s army and fiscal development. The MSS is China’s political police and spy package and functions under the supervision of the ruling Communist Party.
Nicolas Eftimiades, a former Defense Intelligence Agency counterintelligence expert on China, said, “Over the last two decades, there has been an extraordinary growth in China‘s Ministry of State Security capabilities and numbers of operations.” He added, “That growth includes thousands of human intelligence operations, as well as extensive cyber collection.”
The KGB prototype
The chief headquarters of the MSS is situated in Beijing with a link of district state security sectors and city and state security bureaus of the country.
The four Chinese hackers activities unveiled in this week’s indictment were under the Hainan provincial state security sector, positioned on Hainan Island in the South China Sea. Another fundamental district unit is the Shanghai state security, whose widespread activities in the US have been revealed in other current Justice Department suits.
The Soviet KGB spy organization birthed the idea of the MSS, which, like the MSS, was committed to maintaining Communist Party control. In 1983, the Chinese Ministry of Investigation and components of the Ministry of Public Security, another Chinese secret police organization, combined to become the Ministry of Public Security.
The MSS’s key aim, according to its charter, is upholding the “security of the state through effective measures against enemy agents, spies and counterrevolutionary activities designed to sabotage or overthrow China’s socialist system.” MSS built an “internet army” of individuals in 2001, using contractors who indulged in economic surveillance and other forms of cybercrime.
The MSS operated in both non-military human surveillance and cyber espionage, with the US intelligence community, military, defence contractors, and advanced technology firms as primary targets.
The MSS hackers’ charge is primarily symbolic, as the chances of a future trial in a US court are slim. The hackers are thought to be in China, out of reach of US authorities. Nonetheless, the indictment and other prosecution proceedings have been utilized to release and expose MSS operations, as they have in the past.
Experts believe Chinese spies’ activities are outmatching American security precautions.
Mr Eftimiades said. “US counterintelligence services, especially the Department of Defense, are incapable of contending with this level and type of espionage lacking cohesive management, language skills, cultural awareness, training, and funding.”
Former US intelligence official Peter Mattis, who has written regarding Chinese espionage, said Chinese intelligence is relentless in gathering secrets but has been hampered for decades through political purges that occurred during the 1970s Cultural Revolution’s turmoil.
Mr Mattis said, “To date, China’s clandestine tradecraft probably does not rate among the world’s most sophisticated at least with any consistency across a large number of intelligence officers.” He added, “The Cultural Revolution and previous political movements purged (or killed) many of the Chinese case officers with professional knowledge, experience and training in assessing, developing, recruiting, and handling clandestine sources, especially foreigners.”
Both the MSS and its military counterpart, the Joint Staff Department Intelligence Bureau, have developed expertise in cyber acts and have had significant success.
The theft of military aircraft secrets from Boeing and other businesses in the early 2000s, which led to the loss of airplane secrets, was one of the Chinese military’s most effective cyber operations.
The attack of the Office of Personnel Management in 2015, which produced more than 2.1 million extremely confidential documents on government personnel, including those in the military, law enforcement, and intelligence organizations, was a huge triumph for the MSS.
In a hearing before a congressional China panel, former US counterintelligence official John Costello asserted that Beijing’s intelligence activities are growing in both quantity and capacity. Mr Costello suspects the MSS was behind the OPM breach, which seized information like fingerprints, employee records, and security clearance used for background investigations.
He said, “We should expect to see continuing Chinese efforts to breach US government and military systems, building upon their database of federal workers and military personnel.”
In recent years, Chinese secret agencies’ cyber activities have grown more centrally orchestrated. As a result, the United States is expected to see a significant drop in cyber breaches while seeing an increase in the sophistication of hacks.
Mr Costello highlighted the Chinese cyber spies’ increased efficiency and improved coordination of their activities.“This is the so-called ‘Russian’ model of cyber espionage.”
Chinese spies are also more likely to work more watchfully than in the past to gain broader access to sources and information.
Mr Costello said, “Likely passed are the days of smash-and-grab tactics many defence firms and US agencies are used to.” He added, “Long-term capabilities will be the primary cyber imperative rather than the short-term intelligence gains inherent in economically motivated cyber campaigns.”