Wave of attacks
ONE way to fight climate change may be to … do more climate change. According to wired.com “Geoengineering” is a broad term encompassing distinct techniques for hacking the climate, split into two main groups:
There’s carbon dioxide removal (CDR), which could mean sucking carbon out of the atmosphere with machines, or simply encouraging more vegetation to grow. And there’s solar radiation management (SRM), which might include brightening clouds or spraying aerosols in the atmosphere to bounce the sun’s energy back into space.
These two methods are sort of like different approaches to battling a seasonal flu. I worry when we start messing around with nature and global weather patterns which with all our high tech super computers and live satellite photos we still can’t predict the weather accurately to a level of comfort.
Too many variables and probably at least 30 per cent still unknown.
Carbon removal is like taking an antiviral, which helps your immune system banish the virus from your body; deleting carbon from the atmosphere similarly targets the root cause of the climate change problem.
On the other hand, solar radiation management is more like taking panadol (paracetamol) to reduce the fever the flu is causing. It only treats the symptoms.
Each technique comes with huge risks — be they political or planetary, obvious or hidden — that scientists are just beginning to explore.
But they’re worth thinking about now, because some scientists are taking geoengineering seriously and urging more studies to consider it as a way to bring down global temperatures while governments tackle decarbonising the world economy.
In Fiji and the Pacific region, climate change has already been recognised as our number one national security threat and hence the emphasis on finding solutions quickly before it’s too late for the low lying smaller Pacific Island countries such as Nauru, Kiribati, Tuvalu and others.
Hacked by suspected Chinese cyber spies five times from 2014 to 2017, security staff members at Swedish telecoms equipment giant Ericsson had taken to naming their response efforts after different types of wine.
Reuters has reported that Pinot Noir began in September 2016. After successfully repelling a wave of attacks a year earlier, Ericsson discovered the intruders were back. And this time, the company’s cybersecurity team could see exactly how they got in: through a connection to information-technology services supplier Hewlett Packard Enterprise (HPE).
Teams of hackers connected to the Chinese
Ministry of State Security had penetrated HPE’s cloud computing service and used it as a Launchpad to attack customers, plundering reams of corporate and government secrets for years in what US prosecutors say was an effort to boost Chinese economic interests.
The hacking campaign, known as “Cloud Hopper,” was the subject of a US indictment in December that accused two Chinese nationals of identity theft and fraud. Prosecutors described an elaborate operation that victimised multiple Western companies, but stopped short of naming them. A Reuters report at the time identified two: Hewlett Packard Enterprise and IBM.
Yet the campaign ensnared at least six more major technology firms, touching five of the world’s 10 biggest tech service providers.
Also compromised by Cloud Hopper, Reuters has found: Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology. HPE spun-off its services arm in a merger with Computer Sciences Corporation in 2017 to create DXC.
Waves of hacking victims emanate from those six plus HPE and IBM: their clients. Ericsson, which competes with Chinese firms in the strategically critical mobile telecoms business, is one.
Others include travel reservation system Sabre, the American leader in managing plane bookings, and the largest shipbuilder for the US Navy, Huntington Ingalls Industries, which builds America’s nuclear submarines at a Virginia shipyard.
Reuters was unable to determine the full extent of the damage done by the campaign, and many victims are unsure of exactly what information was stolen. Here’s the thing, once you’re in the network and able to move laterally, exfiltration of sensitive data just requires patience and the more savvy hackers are able to delete log files or traces of their intrusion. They even leave a backdoor for future use.
The Cloud Hopper attacks carry worrying lessons for government officials and technology companies struggling to manage security threats. Chinese hackers, including a group known as APT10, were able to continue the attacks in the face of a counter-offensive by top security specialists and despite a 2015 US-China pact to refrain from economic espionage.
The corporate and government response to the attacks was undermined as service providers withheld information from hacked clients, out of concern over legal liability and bad publicity, records and interviews show.
That failure, intelligence officials say, calls into question Western institutions’ ability to share information in the way needed to defend against elaborate cyber invasions. Until today many victims may not be aware they were hacked!
The campaign also highlights the security vulnerabilities inherent in cloud computing, an increasingly popular practice in which companies contract with outside vendors for remote computer services and data storage.
The Chinese government has denied all accusations of involvement in hacking. The Chinese Foreign Ministry said Beijing opposed cyber-enabled industrial espionage.
“The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets,” it said in a statement to Reuters.
For years, the company’s predecessor, technology giant Hewlett Packard, didn’t even know it had been hacked. It first found malicious code stored on a company server in 2012. The company called in outside experts, who found infections dating to at least January 2010.
Hewlett Packard security staff fought back, tracking the intruders, shoring up defences and executing a carefully planned expulsion to simultaneously knock out all of the hackers’ known footholds. But the attackers returned, beginning a cycle that continued for at least five years.
The intruders stayed a step ahead. They would grab reams of data before planned eviction efforts by HP engineers. Repeatedly, they took whole directories of credentials, a brazen act netting them the ability to impersonate hundreds of employees.
The hackers knew exactly where to retrieve the most sensitive data and littered their code with expletives and taunts. One hacking tool contained the message “F**K ANY AV” – referencing their victims’ reliance on anti-virus software. The name of a malicious domain used in the wider campaign appeared to mock US intelligence: “nsa.mefound.com”
According to Western officials, the attackers were multiple Chinese governmentbacked hacking groups. The most feared was known as APT10 and directed by the Ministry of State Security, US prosecutors say. National security experts say the Chinese intelligence service is comparable to the US Central Intelligence Agency, capable of pursuing both electronic and human spying operations.
APT10 often attacked a service provider’s system by “spear-phishing” – sending company employees emails designed to trick them into revealing their passwords or installing malware.
Once through the door, the hackers moved through the company’s systems searching for customer data and, most importantly, the “jump servers” – computers on the network which acted as a bridge to client systems.
After the attackers “hopped” from a service provider’s network into a client system, their behaviour varied, which suggests the attacks were conducted by multiple teams with different skill levels and tasks, say those aware of the operation. Some intruders resembled “drunken burglars” said one source, getting lost in the labyrinth of corporate systems and appearing to grab files at random.
The threat also reached into the US defence industry.
In early 2017, HPE analysts saw evidence that Huntington Ingalls Industries, a significant client and the largest US military shipbuilder, had been penetrated by the Chinese hackers, two sources said. Computer systems owned by a subsidiary of Huntington Ingalls were connecting to a foreign server controlled by APT10.
Huntington Ingalls feared hackers accessed data from its biggest operation, the Newport News shipyard where it builds US nuclear-powered subs. It’s not clear if data was stolen.
Another target was Ericsson, which has been racing against China’s Huawei Technologies to build infrastructure for 5G networks expected to underpin future hyperconnected societies with IoT. The hacking at Ericsson was persistent and pervasive, said people with knowledge of the matter.
Logs were modified and some files were deleted. The uninvited guests rummaged through internal systems, searching for documents containing certain strings of characters. Some of the malware found on Ericsson servers was signed with digital certificates stolen from big technology companies, making it look like the code was legitimate so it would go unnoticed.
With regards to all our local and global problems such as the pandemic, geopolitics, cybersecurity and climate change, renowned physicist Albert Einstein wisely reminds us – “We cannot solve our problems with the same thinking we used when we created them”.
God bless and stay safe in both digital and physical worlds this weekend. is a private cybersecurity consultant. The views expressed in this article are his and not necessarily shared by this newspaper. Mr Tuisawau can be contacted on ilaitia@cyberbati.com