U.S.: China working to hack vaccine data
WASHINGTON — The FBI and the Department of Homeland Security are preparing to issue a warning that China’s most skilled hackers and spies are working to steal American research in the crash effort to develop vaccines and treatments for the coronavirus. The efforts are part of a surge in cybertheft and attacks by nations seeking advantage in the pandemic.
The warning comes as Israeli officials accuse Iran of mounting an effort in late April to cripple water supplies as Israelis were confined to their houses, though the government has offered no evidence to back its claim. More than a dozen countries have redeployed military and intelligence hackers to glean whatever they can about other nations’ virus responses. Even U.S. allies such as South Korea and nations that do not typically stand out for their cyber abilities, such as Vietnam, have suddenly redirected their state-run hackers to focus on virus-related information, according to private security firms.
A draft of the forthcoming public warning, which officials say is likely to be issued in the days to come, says China is seeking “valuable intellectual property and public health data through illicit means related to vaccines, treatments and testing.” It focuses on cybertheft and action by “nontraditional actors,” a euphemism for researchers and students the Trump administration says are being activated to steal data from inside academic and private laboratories.
The decision to issue a specific accusation against China’s state-run hacking teams, current and former officials said, is part of a broader deterrent strategy that also involves U.S. Cyber Command and the National Security Agency. Under legal authorities that President Donald Trump issued nearly two years ago, they have the power to bore deeply into Chinese and other networks to mount proportional counterattacks. This would be similar to their effort 18 months ago to strike at Russian intelligence groups seeking to interfere in the 2018 midterm elections and to put malware in the Russian power grid as a warning to Moscow for its attacks on U.S. utilities.
Secretary of State Mike Pompeo claimed this month that there was “enormous evidence” that the virus had come from a Chinese lab before backing off to say it had come from the “vicinity” of the lab in Wuhan. U.S. intelligence agencies say they have reached no conclusion on the issue, but public evidence points to a link between the outbreak’s origins at a market in Wuhan and China’s illegal wildlife trafficking.
The State Department on Friday described a Chinese Twitter campaign to push false narratives and propaganda about the virus. Twitter executives have pushed back on the agency, noting that some of the Twitter accounts that the State Department cited were actually critical of Chinese state narratives, and on Monday the company announced Monday it will start alerting users when a tweet makes disputed or misleading claims about the coronavirus.
Iranian hackers were also caught trying to get inside Gilead Sciences, the maker of remdesivir, the therapeutic drug approved 10 days ago by the Food and Drug Administration for clinical trials. Government officials and Gilead have refused to say if any element of the attack, which was first reported by Reuters, was successful.
In interviews with a dozen current and former government officials and cybersecurity experts over the past month, many described a “free-for-all” that has spread even to countries with only rudimentary cyber ability.
“This is a global pandemic, but unfortunately countries are not treating it as a global problem,” said Justin Fier, a former national security intelligence analyst who is now the director of cyberintelligence at Darktrace, a cybersecurity firm. “Everyone is conducting widespread intelligence gathering — on pharmaceutical research, PPE orders, response — to see who is making progress.”
The frequency of cyberattacks and the spectrum of targets are “astronomical, off the charts,” Fier said.