China’s new breed of hackers blends espionage, entrepreneurship
China’s buzzy high-tech companies usually do not recruit Cambodian speakers, so the job ads for three well-paid positions with those language skills stood out. The ad, seeking writers of research reports, was placed by an internet security startup in China’s tropical island-province of Hainan.
That startup was more than it seemed, according to U.S. law enforcement. Hainan Xiandun Technology was part of a web of front companies controlled by China’s secretive state security ministry, according to a federal indictment from May. The companies hacked computers from the United States to Cambodia to Saudi Arabia, seeking sensitive government data as well as lessobvious spy stuff, such as details of a New Jersey company’s firesuppression system, according to prosecutors.
The accusations appear to reflect an increasingly aggressive campaign by Chinese government hackers and a pronounced shift in their tactics: China’s premier spy agency is increasingly reaching beyond its own ranks to recruit from a vast pool of private-sector talent.
This new group of hackers has made China’s state cyberspying machine stronger, more sophisticated and — for its growing array of government and private-sector targets — more dangerously unpredictable. Sponsored but not necessarily micromanaged by Beijing, this new breed of hacker attacks government targets and private companies alike, mixing traditional espionage with fraud and other crimes for profit.
China’s new approach borrows from the tactics of Russia and Iran, which have tormented public and commercial targets for years. Chinese hackers with links to state security demanded ransom in return for not releasing a company’s computer source code, according to an indictment released by the U.S. Department of Justice last year. Another group of hackers in southwest China mixed cyber raids on Hong Kong democracy activists with fraud on gaming websites, another indictment asserted. One member of the group boasted about having official protection, provided that they avoid targets in China.
“The upside is they can cover more targets, spur competition. The downside is the level of control,” said Robert Potter, the head of Internet 2.0, an Australian cybersecurity firm. “I’ve seen them do some really boneheaded things, like try and steal $70,000 during an espionage op.”
Investigators believe these groups have been responsible for some big recent data breaches, including hacks targeting the personal details of 500 million guests at the Marriott hotel chain, information on about 20 million U.S. government employees and, this year, a Microsoft email system used by many of the world’s largest companies and governments.
The Microsoft breach was unlike China’s previously disciplined strategy, said Dmitri Alperovitch, chairman of Silverado Policy Accelerator, a nonprofit geopolitical think tank.
“They went after organizations they had zero interest in and exploited those organizations with ransomware and other attacks,” Alperovitch said.
China’s tactics changed after Xi Jinping, the country’s top leader, transferred more cyberhacking responsibility to the Ministry of State Security from the People’s Liberation Army after a slew of sloppy attacks and a reorganization of the military.
The rate of global attacks linked to the Chinese government has nearly tripled since last year compared with the four previous years.