Race for vaccine pits spy vs. spy
Chinese, Russian hackers target Western research; U.S. shores up defenses
WASHINGTON» Chinese intelligence hackers were intent on stealing coronavirus vaccine data, so they looked for what they believed would be an easy target. Instead of simply going after pharmaceutical companies, they conducted digital reconnaissance on the University of North Carolina and other schools doing cuttingedge research.
They were not the only spies at work. Russia’s premier intelligence service, the SVR, targeted vaccine research networks in the United States, Canada and Britain, espionage efforts that were first detected by a British spy agency monitoring international fiber-optic cables.
Iran, too, drastically has intensified its attempts to steal information about vaccine research, and the United States has increased its own efforts to track the espionage of its adversaries and shore up its defenses.
In short, every major spy service around the globe is trying to find out what everyone else is up to.
The coronavirus pandemic has prompted one of the fastest peacetime mission shifts in recent times for the world’s intelligence agencies, pitting them against one another in a new grand game of spy vs. spy, according to interviews with current and former intelligence officials and others tracking the espionage efforts.
Nearly all of the United States’ adversaries intensified their attempts to steal American research while Washington, in turn, has moved to protect the universities and corporations doing the most advanced work. NATO intelligence, normally concerned with the movement of Russian tanks and terrorist cells, has expanded to scrutinize Kremlin ef
forts to steal vaccine research as well, according to a Western official briefed on the intelligence.
The contest is reminiscent of the space race, where the Soviet Union and America relied on their spy services to catch up when the other looked likely to achieve a milestone. But where the Cold War contest to reach the Earth’s orbit and the moon played out over decades, the timeline to help secure data on coronavirus treatments is sharply compressed as the need for a vaccine grows more urgent each day.
“It would be surprising if they were not trying to steal the most valuable biomedical research going on right now,” John C. Demers, a top Justice Department official, said of China last month at an event held by the Center for Strategic and International Studies. “Valuable from a financial point of view and invaluable from a geopolitical point of view.”
China’s push is complex. Its operatives also have used information from the World Health Organization surreptitiously to guide its vaccine hacking attempts, in the United States and Europe, according to a current and a former official familiar with the intelligence.
It was not clear how exactly China was using its influential position in the WHO to gather information about vaccine work around the globe.
The organization does collect data about vaccines under development, and although much of it eventually is made public, Chinese hackers could have benefited by getting early information on what coronavirus vaccine research efforts the WHO viewed as most promising, according to a former intelligence official.
American intelligence officials learned about China’s efforts in early February as the virus was gaining a foothold in the United States, according to current and former American officials.
The intelligence conclusion helped push the White House toward the tough line it adopted in May on the WHO, according to the former intelligence official.
Besides the University of North Carolina, Chinese hackers have targeted other universities around the country, and some may have had their networks breached, American officials said.
Demers said in his speech that China had conducted “multiple intrusions” beyond what the Justice Department revealed in an indictment in July, which accused two hackers of working on behalf of China’s Ministry of State Security spy service to pursue vaccine information and research from American biotechnology companies.
The FBI warned officials at UNC in recent weeks about the hacking attempts, according to two people familiar with the matter. The Chinese hacking teams were trying to break into the computer networks of the school’s epidemiology department but did not infiltrate them.
Besides hacking, China has pushed into universities in other ways. Some government officials believe it is trying to take advantage of research partnerships that American universities have forged with Chinese institutions.
The Trump administration ordered China on July 22 to close its consulate in Houston in part because Chinese operatives had used it as an outpost to try to make inroads with medical experts in the city, according to the FBI.
Chinese intelligence officials are focused on universities in part because they view the institutions’ data protections as less robust than those of pharmaceutical companies. But spy work is intensifying as researchers share more vaccine candidates and antiviral treatments for peer review, giving adversaries a better chance of gaining access to formulations and vaccine development strategies, said an American government official briefed on the intelligence.
So far officials believe that foreign spies have taken little information from the American biotech companies they targeted: Gilead Sciences, Novavax and Moderna.
At the same time the British electronic surveillance agency GCHQ was learning about the Russian effort and American intelligence learned of the Chinese hacking, the Department of Homeland Security and FBI dispatched teams to work with American biotech teams to bolster their computer networks’ defenses.
The Russian effort, announced by British, American and Canadian intelligence agencies in July, primarily was focused on gathering intelligence about research by Oxford University and its pharmaceutical corporate partner, AstraZeneca.
The Russians caught trying to get vaccine information were part of the group known as Cozy Bear, a collection of hackers affiliated with the SVR. It was one of the hacking groups that in 2016 broke into Democratic computer servers.
No corporation or university has announced any data thefts resulting from the publicly identified hacking efforts. But some of the hacking attempts succeeded in at least penetrating defenses to get inside computer networks, according to one American government official. And hackers for China and Russia test weaknesses every day, according to intelligence officials.
“It is really a race against time for good guys to find the vulnerabilities and get them patched, get those patches deployed before the adversary finds them and exploits them,” said Bryan S. Ware, the assistant director of cybersecurity for the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency. “The race is tighter than ever.”
While only two teams of hackers, one each from Russia and China, have been identified publicly, hacking teams from nearly all the intelligence services of those two countries have been trying to steal vaccine information, according to law enforcement and intelligence officials.
Russia announced Aug. 11 that it had approved a vaccine, a declaration that immediately aroused suspicion that its scientists were at least aided by its spy agencies’ work to steal research information from other countries.
Russia has a long record of trying to amplify divisions in American society. Current and former national security officials said they expect Russia eventually to spread disinformation about any vaccine approved in the West.
“This case seems to be a throwback to the old Soviet Union,” said Fiona Hill, the former National Security Council official and Russia expert who testified in the impeachment hearings against President Donald Trump.
“Russia and the Chinese have been out there on disinformation campaigns. How better to create confusion and weaken the U.S. further than to whip up the antivax movement? But you make sure all your guys are vaccinated.”