China suspected in hack of critical entities – Finance & Commerce

RICHMOND, Va. — A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost internet security to penetrate the computers of critical U.S. entities.

The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear. The Associated Press has learned that the hackers targeted telecommunications giant Verizon and the country’s largest water agency. News broke earlier this month that the New York City subway system, the country’s largest, was also breached.

Security researchers say dozens of other high-value entities that have not yet been named were also targeted as part of the breach of Pulse Secure, which is used by many companies and governments for secure remote access to their networks.

It’s unclear what sensitive information, if any, was accessed. Some of the targets said they did not see any evidence of data being stolen. That uncertainty is common in cyberespionage and it can take months to determine data loss, if it is ever discovered. Ivanti, the Utah-based owner of Pulse Connect Secure, declined to comment on which customers were affected.

But even if sensitive information wasn’t compromised, experts say it is worrisome that hackers managed to gain footholds in networks of critical organizations whose secrets could be of interest to China for commercial and national security reasons.

“The threat actors were able to get access to some really high-profile organizations, some really well-protected ones,” said Charles Carmakal, the chief technology officer of Mandiant, whose company first publicized the hacking campaign in April.

The Pulse Secure hack has largely gone unnoticed while a series of headline-grabbing ransomware attacks have highlighted the cyber vulnerabilities to U.S. critical infrastructure, including one on a major fuels pipeline that prompted widespread shortages at gas stations. The U.S. government is also still investigating the fallout of the SolarWinds hacking campaign launched by Russian cyber spies, which infiltrated dozens of private sector companies and think tanks as well…


Hackers with suspected China ties breached MTA servers in April

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Hackers with possible ties to the Chinese government breached three of the MTA’s computer systems earlier this year, transit officials said Wednesday.

The breach occurred on two separate days in the second week of April and continued unchecked until being discovered on April 20, officials said. Hackers did not access systems related to train operations, safety or customer or employee information, the MTA said.

The authority “quickly and aggressively responded to this attack,” MTA Chief Technology Officer Rafail Portnoy said in a statement. An outside audit “found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems,” Portnoy said.

“The MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat,” he added.

To gain access, the hackers took advantage of vulnerabilities in the remote work tool Pulse Connect Secure to breach three systems used by the MTA’s city transit and commuter rail divisions, according to the New York Times, which first reported the breach.

The hackers reportedly left “web shells” to maintain backdoor access to the MTA’s system, the Times said — and also took steps to erase evidence of their intervention.

MTA officials said the federal Cybersecurity and Infrastructure Security Agency ordered “fixes and patches” that were made within 24 hours of the breach’s discovery. Addressing the breach cost the MTA an estimated $370,000, the Times said.

The MTA has 18 total computer systems. About 5 percent of the MTA’s workforce were instructed to change their passwords as a result of April’s breach, officials said.

The attack is one of several this year that cybersecurity experts suspect are backed by the Chinese government, either directly or indirectly, the Times said.

Dozens of government agencies, contractors and financial institutions were hit by the wave of attacks, which were uncovered in late April.

With Post wires


US is ‘world’s top empire of hacking and theft of secrets’, says China on NSA spying row

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

China on May 31 weighed in on the Danish and European media reports alleging that the United States spied on its European allies including German Chancellor Angela Merkel between 2012 and 2014. While US-China has often indulged in a public war of words, the Chinese Foreign Ministry spokesperson on Monday labelled Washington as the “world’s top empire of hacking and theft of secrets.” On Twitter, China’s government account stated, “As facts have proven time and again, the US is the world’s top empire of hacking and theft of secrets. With targets including not only competitors but also its allies, the US is a real master of large-scale, indiscriminate tapping and theft of secrets.” It also shared an article with the same news.

China’s remarks came after a French government official on May 31 said that if proven, the claims are “extremely serious.” Secretary of State for European Affairs in France, Clement Beaune told the country’s Info radio, “It is extremely serious, we need to see if our partners in the EU, the Danes, have committed errors or faults in their cooperation with American services.” He noted that it would be very serious if Washington actually spied on EU leaders. 

“Between allies, there must be trust, a minimal cooperation, so these potential facts are serious,” said the minister while urging that the facts must first “be verified” and then “conclusions drawn in terms of cooperation.”

US Spied On Several European Allies

The United States spied on the top politicians in Europe including German Chancellor Angela Merkel from 2012 to 2014 with the assistance of Danish intelligence, as reported by Danish and European media on May 30. Danish public broadcaster Danmarks Radio (DR) said that the United States National Security Agency (NSA) had listened to Danish internet cables to spy on top politicians and even senior officials in…


Australia’s $1.3 billion ASIO spend signals a ‘grey zone’ war with China

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Australia’s future is getting decidedly spooky. China is engaging in influence and interference attacks on our way of life. Now we’re investing billions of dollars into returning the favour.

Tucked away in a quiet corner of the federal budget was an unexpectedly large number: $1.3 billion.

Alongside were ominous names: ASIO and Signals Directorate.

And the reason was vague: Technological capabilities.

Little else was said. It is, after all, the very heart of Australia’s international espionage operations.

But Flinders University lecturer in international relations, Dr Michael Sullivan, told the clues are in Canberra’s strategic, diplomatic and domestic posturing.

“Improved technical capabilities is the wording in the budget papers,” he says.

“That relates clearly to expanded and upgraded ‘grey zone’ activities. And that means both offensive and defensive.”

The grey zone is the murky space between international law and war. It’s where plausible deniability is at play. It’s where confusion reigns supreme.

RELATED: Warship on the move amid China tensions

Evidence of this activity is everywhere.

There is an ongoing attack on US fuel supply pipelines. The blackout of an Indian city during its border dispute with China. Data thefts from Parliament House, universities and businesses.

And that’s barely even a taste.

Avast cybersecurity expert Stephen Kho says the $1.3 billion figure may sound like a significant amount. But once spread over its 10-year term, it is relatively modest compared to our Five Eyes international intelligence-sharing partners (the US, Britain, Canada and New Zealand).

“This investment is definitely a step in the right direction,” the antivirus and digital security provider adds, saying benefits from this and related cybersecurity projects will “funnel down from national security to everyday consumer security”.

Dr Sullivan says Australia already has its own established digital grey zone capabilities: “They’re operating every day. They’re focused on – but not limited to – cyber warfare. And their particular focus is the Indo-Pacific”.

It’s just that they’re now getting extra emphasis.

Threat perception

Alongside increased…