How China is Hacking America
The sheer scale of China’s latest attempt to infiltrate U.S. infrastructure has surprised the entire cybersecurity industry, an expert has said.
Daniel Cuthbert, who sat on the UK Government Cyber Security Advisory Board, said the Volt Typhoon hacking system is bigger than anything China has unleashed before.
The U.S. government says Volt Typhoon is designed to cripple U.S. computer systems if America and China go to war.
FBI Director Christopher Wray told a U.S. committee hearing on January 31 that Volt Typhoon was “the defining threat of our generation”.
It has already been used in attempted hacking on emergency services, military installations and satellites.
“In essence, Volt Typhoon is a campaign, albeit a very large one, by Chinese state agents actively gaining access to industrial control systems and other critical national infrastructure,” Cuthbert told Newsweek.
“Similar campaigns have been happening for a very long time, but I think what has surprised many, including myself, was the sheer scale of the campaign.”
Cuthbert said it was a mistake to think that China was only targeting the U.S.
“It doesn’t just pose a threat to the US. It poses a threat to anybody in the CNI [Critical National Infrastructure] world. That world has a large number of rather complex problems when it comes to security that are not trivial to fix. I feel this is where considerable investment is needed to ensure that our CNI globally is as secure as possible,” he said.
Cuthbert believes Volt Typhoon is difficult to defeat because it uses “living off the land” technology.
According to the CrowdStrike cybersecurity company, unlike traditional malware attacks, living off the land hacking systems do not use any of their own files. That means they do not require an attacker to install any code or scripts within the target system.
Instead, it uses tools that are already present in the computer system, such as Windows Management, which makes detention much more difficult and allows hackers to stay undetected within a computer system for months or even years.
On February 7, the U.S. government’s cybersecurity agency released a statement blaming the Chinese government for Volt Typhoon and said it was designed to bring down U.S. computer systems in the event of a war or open hostility between the two counties.
“The U.S. authoring agencies have confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations—primarily in Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors—in the continental and non-continental United States and its territories, including Guam,’ the statement said.
“The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts,’ it adds.
“Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations.”
Newsweek sought email comment from the Chinese embassy in Washington, D.C.
Steve Morgan, founder of Cybersecurity Ventures, told Newsweek that the consequences of Volt Typhoon “could have been catastrophic”.
“Hostile actors from our most formidable adversary have been lurking undetected in critical U.S. infrastructure for years. Fortunately, the FBI, NSA, and CISA have intervened with enough time to alert and advise our critical infrastructure and avoid one of our worst nightmares.”
“China is on a decadeslong mission to infiltrate and harm U.S. citizens, businesses, organizations of all types, governments and political parties.”
“The hacking has amped up each and every year and there is no end in sight,” he said.
Uncommon Knowledge
Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.
Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.