The US Can't Stop China Copying Its Cyber Weapons

Uploaded on 2019-05-29 in INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE--USA, TECHNOLOGY--Hackers

China is copying malware the NSA has used against them. Is this preventable or is it an inherent weakness of cyber warfare?

It is nothing new for adversaries to copy and steal each other’s weapons but recent revelations from Symantec and The New York Times suggest this problem is much bigger with cyber weapons. This is because in order to attack an enemy’s computer, the enemy have to copy their code onto it. It’s like bombing an enemy with munitions that scatter their own blueprints around the blast site.

US hacking tools have gone astray before, most notoriously when a mysterious group called Shadow Brokers repeatedly released National Security Agency code for hackers around the globe to use in attacks like WannaCry. Now cybersecurity analysts at Symantec have found evidence that hackers working for China’s Ministry of State Security were using NSA-built cyber weapons “at least a year prior to the Shadow Brokers leak.”

To avoid offending nation-states, the Symantec report only IDs the Chinese as “Buckeye” and NSA as “Equation Group”.

Symantec’s suggested explanation: “one possibility is that Buckeye may have engineered its own version of the tools from artifacts found in captured network traffic, possibly from observing an Equation Group attack.”

“This is a significant revelation,” one retired naval officer told us. “With Shadow Brokers, the assumption was that it was a group with significant insider knowledge …. who had somehow pilfered the software and released it. If correct, this would suggests that: 

  • the issue of loss of control of sensitive malware has gone on longer than understood.
  • if Symantec is correct that China likely captured the software while it was being used by NSA, [then] using cyber to collect intelligence is far riskier than generally acknowledged.

“The new element in the story is that an organisation has reverse-engineered a deployed US cyber tool and reused it; previous cases involved the theft or loss of a tool,” agreed Bryan Clark of the Center for Strategic & Budgetary Assessments.

“This would be similar to the Chinese finding a Tomahawk missile that had failed to detonate and using it to build their own.”

The difference, Clark continued, is that physical bombs and missiles automatically destroy themselves in the course of an attack, unless they’re duds. Cyber weapons don’t. 

During war games, the cyber teams often assume that a weapon will only be used once, for precisely this reason. “The solution is to make cyber weapons tamper resistant,” he said, “which means their code cannot be determined without proper encryption, or the code rewrites itself after use, ‘duding’ the weapon.” But even self-destructing code doesn’t guarantee a target of our cyber weapons can’t copy them, Clark warned: “They will still run the risk of being detected and characterised by a defensive system before the tamper resistant features activate.”

Clever techniques, like malware that encrypts and/or deletes itself, can reduce the risk that the target can copy weapons used against it. But part of the problem is inherent to the nature of cyber warfare, which may require the US to think very differently about this new form of conflict.

In his book Guns, Germs, & Steel, Jared Diamond traces how concepts like written language spread around the globe through a combination of direct “blueprint copying”, the way the Romans adopted the Greek alphabet, with minor changes, to write their own, very different language, and indirect “idea diffusion”, as when Cherokee picked up the concept of written language from European settlers, along with the shapes of some letters, but used them to represent entirely different sounds.

Copying is common in the military realm as well. The Soviet Union spied extensively on the American Manhattan project and used the stolen information to build their own atomic bomb years before the West expected it.

But to copy a cyber weapon, all you have to do is see it, because the weapon itself is made of information. China copying the code the NSA used to attack them is less like what the Soviets copying the A-bomb  and more like the Romans copying the Greek alphabet:

That makes copycat cyber weapons extremely hard to stop. Even if the code is encrypted, even if it erases itself after its attack, it has to be executed on the target’s computer in order to affect it.

BreakingDefense

You Might Also Read: 

‘Chinese Spies’ Had NSA Cyber Weapons Before The Shadow Brokers Leak:

 

 

« US Campaigners Get Trained About Cyber Threats
WannaCry Hero Deserves a Pardon, Not A Conviction »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Vanguard Integrity Professionals

Vanguard Integrity Professionals

Vanguard Integrity Professionals is an independent provider of enterprise security software solutions that address complex security and regulatory compliance challenges.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

Focal Point Data Risk

Focal Point Data Risk

Focal Point is a pure-play data risk management provider capable of offering end-to-end consulting, implementation, and training services.

Aves Netsec

Aves Netsec

Aves is a deceptive security system for enterprises who want to capture, observe and mitigate bad actors in their internal network.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

Cervello

Cervello

Cervello is a leading provider of comprehensive and proven solutions to protect railways against cyber attacks.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

Accel

Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Areas of focus include cybersecurity.

Kasada

Kasada

Kasada has developed a radical approach to defeating automated cyberthreats based on its unmatched understanding of the human minds behind them.

Q-Net Security

Q-Net Security

Protect your critical networks. Q-Net Security make hardware that provides the strongest drop-in security for your existing critical infrastructure.

NorthRow

NorthRow

NorthRow provides digital transformation compliance solutions to help businesses manage regulatory and financial crime risks.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

Xoriant

Xoriant

Xoriant is a technology leader and execution partner throughout the Build, Run and Transform lifecycle for companies that create and use technology products.