China's new breed of hackers blends espionage and entrepreneurship

Sponsored but not necessarily micromanaged by Beijing, this new breed of hacker attacks government targets and private companies alike. PHOTO: AFP

TAIPEI (NYTIMES) - China's buzzy high-tech companies do not usually recruit Cambodian speakers, so the job ads for three well-paid positions with those language skills stood out.

The ad, seeking writers of research reports, was placed by an Internet security start-up in China's tropical island-province of Hainan.

That start-up was more than it seemed, according to United States law enforcement.

Hainan Xiandun Technology was part of a web of front companies controlled by China's secretive state security ministry, according to a federal indictment from May.

They hacked computers from the US to Cambodia to Saudi Arabia, seeking sensitive government data as well as less-obvious spy stuff, like details of a New Jersey company's fire-suppression system, according to prosecutors.

The accusations appear to reflect an increasingly aggressive campaign by Chinese government hackers and a pronounced shift in their tactics: China's premier spy agency is increasingly reaching beyond its own ranks to recruit from a vast pool of private-sector talent.

This new group of hackers has made China's state cyberspying machine stronger, more sophisticated and - for its growing array of government and private-sector targets - more dangerously unpredictable.

Sponsored but not necessarily micromanaged by Beijing, this new breed of hacker attacks government targets and private companies alike, mixing traditional espionage with outright fraud and other crimes for profit.

China's new approach borrows from the tactics of Russia and Iran, which have tormented public and commercial targets for years.

Chinese hackers with links to state security demanded ransom in return for not releasing a company's computer source code, according to an indictment released by the US Department of Justice last year.

Another group of hackers in south-west China mixed cyber raids on Hong Kong democracy activists with fraud on gaming websites, another indictment asserted.

One member of the group boasted about having official protection, provided that they avoid targets in China.

"The upside is they can cover more targets, spur competition. The downside is the level of control," said Mr Robert Potter, the head of Internet 2.0, an Australian cyber-security firm. "I've seen them do some really boneheaded things, like try and steal US$70,000 (S$95,000) during an espionage op."

Investigators believe these groups have been responsible for some big recent data breaches, including hacks targeting the personal details of 500 million guests at the Marriott hotel chain, information on roughly 20 million US government employees and, this year, a Microsoft e-mail system used by many of the world's largest companies and governments.

The Microsoft breach was unlike China's previously disciplined strategy, said Mr Dmitri Alperovitch, chairman of Silverado Policy Accelerator, a nonprofit geopolitical think tank.

"They went after organisations they had zero interest in and exploited those organisations with ransomware and other attacks," Mr Alperovitch said.

China's tactics changed after Mr Xi Jinping, the country's top leader, transferred more cyberhacking responsibility to the Ministry of State Security from the People's Liberation Army following a slew of sloppy attacks and a reorganisation of the military.

The ministry, a mix of spy agency and Communist Party inquisitor, has used more sophisticated hacking tools, like security flaws known as zero days, to target companies, activists and governments.

While the ministry projects an image of remorseless loyalty to the Communist Party in Beijing, its hacking operations can act like local franchises.

Groups often act on their own agendas, sometimes including sidelines in commercial cybercrime, experts said.

The message: "We're paying you to do work from 9 to 5 for the national security of China," Mr Alperovitch said. "What you do with the rest of your time, and with the tools and access you have, is really your business."

A grand jury indictment released last year charged that two former classmates from an electrical engineering college in Chengdu, in south-west China, marauded through foreign computer servers and stole information from dissidents and engineering diagrams from an Australian defence contractor.

On the side, the indictment said, the two tried extortion: demanding payment in return for not revealing an unidentified company's source code on the Internet.

Under this system, Chinese hackers have become increasingly aggressive. The rate of global attacks linked to the Chinese government has nearly tripled since last year compared with the four previous years, according to Recorded Future, a Somerville, Massachusetts, company that studies the use of the Internet by state-linked actors.

That number now averages more than 1,000 per three-month period, it said.

"Considering the volume that's going on, how many times has the FBI gotten them? Precious few," said Mr Nicholas Eftimiades, a retired senior US intelligence officer who writes about China's espionage operations. "There's no way you can staff up to be able to contend with this type of onslaught."

Join ST's Telegram channel and get the latest breaking news delivered to you.