China accuses U.S. of hacking earthquake monitoring equipment
China’s state-controlled newspaper the Global Times reported on Wednesday that “hacker groups and lawbreakers with governmental backgrounds” from the United States were suspected of compromising network equipment at an earthquake monitoring station in Wuhan.
“According to the public security bureau, this Trojan horse program can illegally control and steal seismic intensity data collected by the front-end stations. This act poses a serious threat to national security,” the paper reported.
It is not clear how the alleged collection of seismic intensity data could pose a threat to national security. The newspaper cited unnamed security experts who suggested the data was relevant when constructing military defense facilities.
The equipment, which forms part of the Wuhan Municipal Emergency Management Bureau network, has been “sealed off” according to the newspaper, following the discovery of the incident by China's National Computer Virus Emergency Response Center (CVERC) and the Chinese internet security company Qihoo 360.
The allegation that the U.S. is targeting China with offensive cyber operations is the latest Beijing has leveled in recent years, both directly through its ministry of foreign affairs and embassies, and indirectly through the Global Times.
China’s statements around such incidents have often raised eyebrows among Western cybersecurity experts due to the stylistic differences between Chinese and Western attributions.
When the U.S. and a coalition of allies formally accused hackers affiliated with China’s Ministry of State Security of breaching Microsoft Exchange email servers — which left exposed web shells on these servers that could potentially be exploited by criminals — they criticized the “reckless” breach of U.N. cyber norms.
China’s diplomatic response to being blamed for the Microsoft Exchange campaign — which included detailed indictments unsealed by the U.S. Department of Justice — was vituperative.
Zhao Lijian, one of the Ministry of Foreign Affairs’ most outspoken spokespeople, accused the U.S. of being “the world’s largest source of cyberattacks” alongside a litany of other misdeeds.
The attribution game
In its report on Wednesday, the Global Times did not specifically cite any international norms that the alleged U.S. espionage campaign could have been in breach of, nor did it provide indicators of compromise (IoCs) or other technical intelligence used within the cybersecurity community to help attribute similar attacks.
In line with similar Chinese attributions, which have often cited tools leaked by the Shadow Brokers, the Global Times referred to a National Security Agency (NSA) tool called “Validator” first disclosed as part of the Edward Snowden leaks. The newspaper claimed it was “running in critical information infrastructure not only in China, but also in other countries.”
The Global Times also accused the CIA of possessing “cyber weapons [using] extremely strict espionage specifications with various attack techniques interlocked” which allegedly cover “almost all internet and Internet of Things assets around the world, and can control other countries' networks and steal their important and sensitive data anytime, anywhere.”
Last September, China denounced the U.S. Embassy in Beijing following a joint report from two of the country’s most prominent cyber authorities accusing the NSA of stealing “sensitive information” from Chinese institutions.
The Northwestern Polytechnical University, which the NSA was accused of targeting, is considered to be “a Chinese military university that is heavily involved in military research,” according to the U.S. Department of Justice — and thus likely to be seen as a legitimate target for espionage under international law.
The most recent statement from Beijing follows Microsoft announcing that a Chinese hacking group known as Storm-0558 had exploited a bug in its cloud email service to spy on government agencies in the U.S. and Western Europe.
Rob Joyce, the NSA's director of cybersecurity, told the Aspen Security Forum earlier this month that the hack was "China doing espionage" and said: "It is what nation-states do. We have to defend against it, we need to push back against it. But that is something that happens."
Alexander Martin
is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.