Dustin Volz
The U.S. government said it had disrupted a uniquely dangerous and potentially life-threatening Chinese hacking operation that hijacked hundreds of infected routers and used them to covertly target American and allied critical infrastructure networks.
Senior officials described the operation in unusually blunt terms as part of an evolving and increasingly worrisome campaign by Beijing to get a foothold in U.S. computer networks responsible for everything from safe drinking water to aviation traffic so it could detonate, at a moment’s notice, damaging cyberattacks during a future conflict, including over Taiwan.
Wednesday’s announcement was part of an effort by senior Biden administration officials to underscore what Federal Bureau of Investigation Director Christopher Wray called the “apocalyptic scenarios” animating their fears about China’s advanced and well-resourced hacking prowess. Western intelligence officials say its skill and sophistication has accelerated over the past decade. Officials have grown particularly alarmed at Beijing’s interest in infiltrating U.S. critical infrastructure networks, which they say poses an unrivaled cybersecurity challenge.
“This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes—all to ensure they can incite societal panic and chaos and to deter our ability to marshal military might and civilian will,” said Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, during congressional testimony Wednesday on Chinese cyber threats.
The activity discovered so far attributed to China, she said, is “likely just the tip of the iceberg.”
The Justice Department and FBI took action in December after obtaining court approval to dismantle a botnet, or network of hacked devices, consisting of small office and home office, or SOHO, routers.
Most of the routers were Cisco and Netgear products that were vulnerable because they had reached so-called end-of-life status, meaning they were no longer receiving routine security updates from the manufacturers. The infected routers weren’t necessarily linked to the critical infrastructure networks the hackers targeted, officials said, but were nodes used to conceal their malicious activity from easy detection.
Officials were able to delete the botnet from the routers and sever their connection with the hackers while installing code to prevent reinfection. Individual owners weren’t notified in advance of the FBI’s operation on the routers because it wanted to tackle the issue urgently, officials said.
China has consistently denied carrying out cyberattacks against the U.S. or other nations while saying American spy agencies are guilty of such conduct. The Chinese Embassy in Washington didn’t respond to a request for comment.
Wray and other senior security officials issued stark warnings Wednesday about the threat posed by Chinese cyber intrusions into U.S. critical infrastructure networks in testimony before the House Select Committee on the Chinese Communist Party.
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray said.
Though officials didn’t specify the types of critical infrastructure targeted in the router campaign whose disruption was revealed Wednesday, Wray said Chinese hackers had recently been spotted targeting “our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems.”
For nearly a year the U.S. and its closest allies, along with companies such as
Microsoft, have been sounding alarms about a recent campaign waged by Chinese hackers to gain access to computer networks that operate communications, manufacturing, transportation, maritime and other critical sectors. Officials and industry experts have said the hacking campaign, dubbed Volt Typhoon, has targeted parts of the U.S. and Guam, an American territory in the Pacific that hosts major military installations.
Microsoft has said Volt Typhoon is pursuing capabilities that could disrupt communication infrastructure between the U.S. and Asia in a future crisis. Some U.S. officials have said they are worried the hacking activity could be aimed at preparing to undermine American support for Taiwan in the event of a Chinese invasion of the island, which Beijing claims as its own territory.
Most state-sponsored foreign hacking activity from China and other adversaries is designed to collect intelligence, including China’s hacking of emails of senior Biden administration officials disclosed last summer. But the Volt Typhoon activity, which officials and security experts believe had begun by 2021, is more concerning because of its apparent destructive intent.
“This is the cyberspace equivalent of placing bombs on American bridges, water treatment facilities, and power plants,” said Rep. Mike Gallagher (R., Wis.), chairman of the House China committee. “There is no economic benefit for these actions. There is no intelligence gathering rationale. The sole purpose is to be ready to destroy American infrastructure, which will inevitably result in mass American casualties.”
Some of China’s successful exploits to compromise critical U.S. infrastructure networks have been publicly known for years. In 2021, the Biden administration said hackers working for the Chinese government compromised more than a dozen U.S. pipeline operators between 2011 and 2013. Top officials during the Trump administration also warned that China posed a threat to U.S. critical infrastructure.
But never before have officials issued such stark and specific warnings about what Chinese hackers have been doing to critical infrastructure networks, with advances in artificial intelligence heightening risks of catastrophic cyberattacks. The technology, Easterly said, “will probably be the most powerful weapon of our generation.”
Gen. Paul Nakasone, the chief of U.S. Cyber Command and director of the National Security Agency, said during Wednesday’s testimony that China’s hacking operations differed from the kind of cyber activity the U.S. government engages in.
“There is no reason for them to be in our water, there’s no reason for them to be in our power,” Nakasone said. “This is a decision by an actor to actually focus on civilian targets. That’s not what we do.”
No comments:
Post a Comment