đź”’ China spies on university researchers to grab military secrets – The Wall Street Journal

EDINBURGH — China is a nation of spies. The ruling Communist Party encourages and compels its citizens to spy on each other in order to maintain social control, I was told by my Communist Party friends when I lived in China. Files are kept as individuals progress from university and through their careers and China has a whole army dedicated to eavesdropping in and through social media and on email accounts. This spying isn’t limited within its geographic borders. Last year, China was accused of sending scientists to the UK, US, Germany, Australia and Singapore to covertly acquire information on technologies used in maritime defence. A researcher, affiliated to the Australian Strategic Policy Institute, estimated that some 2,500 with links to the Chinese People’s Liberation Army had been obscuring their military affiliations while at western institutions since 2007. Now it has emerged that Chinese hackers have successfully penetrated university IT systems in the US to steal western maritime military secrets. The Wall Street Journal warns that Chinese groups have targeted universities around the world. – Jackie Cameron

Chinese Hackers Target Universities in Pursuit of Maritime Military Secrets

___STEADY_PAYWALL___

The University of Hawaii, the University of Washington and Massachusetts Institute of Technology are among at least 27 universities in the US, Canada and Southeast Asia that Beijing has targeted, according to iDefense, a cybersecurity intelligence unit of Accenture Security.

The research, to be published this week, is the latest indication that Chinese cyberattacks to steal US military and economic secrets are on the rise. The findings, reviewed by The Wall Street Journal, name a substantial list of university targets for the first time, reflecting the breadth and nature of the cyber campaign iDefense said dates to at least April 2017.

Chinese officials didn’t immediately respond to a request for comment, but have denied they engage in cyberattacks.

iDefense said it identified targeted universities by observing that their networks were pinging servers located in China and controlled by a Chinese hacking group known to researchers interchangeably as Temp.Periscope, Leviathan or Mudcarp. Researchers at the US cyber firm FireEye , who have studied the same group, said the iDefense findings were generally consistent with their own intelligence.

The majority of the universities targeted either house research hubs focused on undersea technology or have faculty on staff with extensive experience in a relevant field, and nearly all have links to a Massachusetts oceanographic institute that also was likely compromised in the cyber campaign, iDefense said.

Some have been awarded contracts by the Navy. Others, including Sahmyook University in South Korea, appeared to be targeted because of their proximity to China, and relevance to the South China Sea, the analysts said.

Several affected schools aren’t named in the report because of investigative efforts related to the cyber campaign, iDefense said. Other people familiar with the hacking activity said the applied research laboratory at Penn State, among the top earners of Defense Department research dollars, was among the targets. Duke University was another, these people said.

The Chinese hacking group, which multiple security firms and officials have linked to Beijing, is the same one that has been linked to breaches of Navy contractors and subcontractors that have resulted in the theft of sensitive military information, such as submarine missile plans and ship-maintenance data.

Most universities named in the report didn’t respond to requests for comment, declined to answer questions about the potential breaches, or said they deployed robust cybersecurity measures to protect their networks. Many said they were unaware of any recent theft of sensitive information from their networks.

The Navy said it recognises the seriousness of cyber threats and is working to bolster defenses, but didn’t comment on the hacking at universities.

Previous cybersecurity research has identified American universities as a favoured target for Temp.Periscope because they often possess valuable military research and are viewed as having weaker defenses than the US armed services or defense contractors.

The cyberattacks appeared to leverage trust between academics at different research institutions to craft spear phishing emails that looked like legitimate messages from one university but instead came loaded with malicious software, according to iDefense, former US officials and other security researchers.

“Universities are pretty willing to share information in pursuit of academic information,” said Howard Marshall, who leads iDefense threat intelligence operations. “But as a lot of our adversaries have discovered, that is a sweet spot for them to operate.”

Brandon Catalan, an intelligence analyst at iDefense, said many of the targeted universities may have fallen victim to the cyberattacks but that researchers couldn’t determine which ones had been breached. But iDefense found that nonpublic files belonging to the University of Hawaii’s Applied Research Laboratory were laced with malware and sent to other targets, suggesting a successful intrusion at Hawaii. People familiar with the matter said one of those targets was Penn State.

The University of Hawaii declined to comment. A Penn State spokeswoman said the school immediately notifies the government and relevant partners whenever a breach is encountered. She declined to say whether the university had been compromised.

FireEye researchers corroborated some of iDefense’s general findings, though it didn’t name specific universities that were targeted. They have observed the group attempt to steal maritime research since 2013, and said it had been the most active of any Chinese hacking group it tracked over the past year. Among other tactics, the hackers have at times posed as journalists or the Navy itself when sending malicious emails to academic targets, FireEye said.

“They are a full-fledged operation,” said Ben Read, senior manager for cyber espionage analysis at FireEye. “And they are not going anywhere.”

FireEye this week renamed Temp.Periscope, calling it Advanced Persistent Threat 40, or APT 40, a designation the firm reserves for hacking squads it has high confidence it has correctly identified.

Mr. Marshall of iDefense, formerly deputy assistant director of the Federal Bureau of Investigation’s cyber division, said the Chinese want to steal research to match U.S. weapons capabilities and understand the Pentagon’s future plans. “To have knowledge of where our military capabilities are going is of extreme importance to them,” he said.

Nearly all of the universities shared a common link to Woods Hole Oceanographic Institution, a research and education nonprofit located in Woods Hole, Mass. iDefense said it had high confidence that Woods Hole’s network likely had been breached by the Chinese hackers.

With specialisation in marine science and engineering, Woods Hole is the largest independent oceanographic research institution in the US, boasting notable achievements that include locating the Titanic in 1985, more than 70 years after it sunk.

Some of the targeted schools, including MIT, Penn State and the University of Washington, are affiliated with a unit at Woods Hole known as the Acoustic Communications Group, which works on undersea communications technology, according to the nonprofit’s website.

That group also partners with the Navy’s Naval Undersea Warfare Center in Newport, RI. Reports last year said the Temp. Periscope team had hacked into an unidentified company under contract with the warfare centre and stolen secret plans to build a supersonic anti-ship missile planned for use by American submarines.

Woods Hole announced in October 2015 that it had shut its computer network for several hours due to an aggressive cyberattack that FireEye at the time had determined was carried out by Chinese hackers who sought to obtain “intellectual property derived from research activity.”

It is possible the 2015 intrusion was also carried out by Temp.Periscope and may be connected to the more recent activity, people familiar with the matter said.

Christopher Land, general counsel for Woods Hole, said the group believes those hackers were kicked off its network in 2015 and has no reason to suspect its systems have been compromised. Woods Hole had implemented added cybersecurity measures since the 2015 intrusion, but recognised it remained an appealing foreign espionage target due to the nature of its work, Mr. Land said.

Mr. Catalan, the iDefense researcher, said his team’s analysis suggested Woods Hole was again compromised. “Just because they [hackers] were removed from a network doesn’t mean that they give up,” he said.

Visited 80 times, 1 visit(s) today