close_game
close_game

Hard Code | Worrying clues from a Chinese firm’s leaked data

Mar 02, 2024 09:37 PM IST

Leaked documents from a tech company there paint a new picture of the scale and resolve of Beijing’s cyber ops

A tranche of documents leaked from a Chinese technology company hit the code-sharing website GitHub last week. Most of it in Mandarin, the documents offer a rare, if not the first, look at how China’s private sector companies are working with its military to conduct cyber espionage and spying, both on its own citizens and foreign adversaries.

The front desk of the I-Soon office, also known as Anxun in Mandarin, is seen after office hours in Chengdu in southwestern China's Sichuan Province on Tuesday, Feb. 20, 2024. Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to China’s top policing agency and other parts of its government. (AP Photo/Dake Kang)(AP) PREMIUM
The front desk of the I-Soon office, also known as Anxun in Mandarin, is seen after office hours in Chengdu in southwestern China's Sichuan Province on Tuesday, Feb. 20, 2024. Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to China’s top policing agency and other parts of its government. (AP Photo/Dake Kang)(AP)

The company, I-Soon, also known as Anxum, works with China’s ministry of public security (responsible for internal security), the ministry of state security (external security agency), and the People’s Liberation Army.

Contained in the leaks were victim data, targeting lists, marketing material and internal employee communication. The documents (the leaked material did not indicate how recent the data was) have not been verified, but the company took down its website and its executives told news agency AP that it was investigating.

To summarise what cybersecurity experts have found, the company appears to have the ability to function like an Advanced Persistent Threat (APT), a classification for cyber operatives with a sophisticated ability to hack into networks and devices, including some of the most secure ones deployed by the world’s largest enterprises and government entities.

For instance, the documents suggested I-Soon hacked more than a dozen governments, including India, Thailand, Vietnam and South Korea, universities and members of NATO.

Some specific examples of what the documents purport to show were stark. For instance, the company claimed to have breached at least three Indian ministries, had access to gigabytes of provident fund (EPFO) data of Indian citizens, and call data records from telecom company BSNL.

Other noteworthy abilities it touted were what appeared to be an unknown bug allowing the takeover of Twitter (now X) accounts, special equipment through which operatives could communicate from abroad and portable trojan-like devices (disguised, for instance, as a power bank) for attacking networks from inside a target’s premises, such as government buildings.

Some preliminary analyses, with more details on what the files contain, have been done by cyber threat intelligence teams of Sentinel One and Malware Bytes, in addition to the first insights by Taiwan-based researcher Azaka Sekai, who found the file.

While it is important to remember these documents are yet to be verified — corroborating internal documents of such nature can be time-consuming, if not almost impossible in the case of private enterprises — what they contain has significant implications for a country like India, which has a strong adversarial relationship with China.

First, the leaks are a reminder that there might yet be little known in reality of how vast or sophisticated the cyber armies Beijing has at its disposal. Cybersecurity expert Pukhraj Singh described it as a sign of the “maturity of Military-Civil Fusion”, a policy adopted by the Chinese Communist Party to sharpen its offensive and defensive capabilities by roping in private companies and citizens.

In a separate reply to me, Singh said this was the first time such a leak had taken place. “India is not the most crucial target but definitely amongst the top three for the Ministry of State Security (MSS), People’s Liberation Army (PLA) and others,” he added.

Companies such as I-Soon, universities, and research institutions are encouraged to work on technologies with both civil and military use, with the government having access to both. This significantly broadens both resources in skill and operations, allowing for bigger and sharper offensive campaigns to be unleashed on Beijing’s foes.

Second, Indian entities— including private companies and government websites and utilities — have leaked data like sieves over the years. Government emails have been hacked, sensitive payment data such as card details are often stolen and sold on the dark web, and one of the largest government hospitals and medical research organisations in the country was knocked offline by ransomware operators. Even nuclear power plants and electricity distribution companies have been feared breached.

Remembering this is crucial, especially when India doubles down on the concept of digital public infrastructure, which will involve more – in number and importance — of everyday life to rely on the internet. This needs to be seen in the context of defence, especially since leaked data of millions (perhaps hundreds of millions) of Indian citizens may have already been harvested by adversarial nations.

Cybersecurity threats do not stem only from bleeding edge threat actors; the lax data protection standards in India mean even rudimentary operations can have high success rates.

The current government has not put together a National Cybersecurity Policy in its current term, despite several drafts being talked about.

Third, the leaks spotlight the challenge of trust in supply chains. Among the examples of the capabilities was a device resembling a Xiaomi power bank that could crack WiFi passwords and sniff out data if plugged into a network port.

While this appears to be a device modified to avoid detection instead of being a product made with spying capabilities it harks back to instances when espionage agencies have attempted to create backdoors in electronic equipment. The most infamous case was when the US’s National Security Agency (NSA) created backdoors in Cisco’s wifi routers, helping the agency snoop on targets.

Similar concerns have led to most western nations and Beijing’s rivals such as India excluding Chinese telecoms behemoth Huawei from selling fifth-generation (5G) telecom infrastructure. There is not just a technical but legal basis for such fears, experts have said mass surveillance risk has become real with Chinese companies since it passed a cybersecurity law in 2016 mandating all companies on its soil to give access to its systems when ordered.

Binayak Dasgupta, HT Page 1 editor, looks at the emerging challenges from technology and what society, laws and technology itself can do about them

Don't miss the Amazon...
See more
Don't miss the Amazon Great Indian Festival Sale 2024!
Enjoy incredible deals on laptops , TVs, washing machines, refrigerators, and more. Save big this Diwali on home appliances, furniture, gadgets, beauty, and more during the biggest sale of the year.

Continue reading with HT Premium Subscription

Daily E Paper I Premium Articles I Brunch E Magazine I Daily Infographics
freemium
SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Sunday, October 13, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On