spi vs spi
August 26, 2019 11:26 AM   Subscribe

 
There may be other sophisticated players (or existing parties who are more advanced than previously understood): Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years (Wired, April 2019)
IT'S NOT EVERY day that security researchers discover a new state-sponsored hacking group. Even rarer is the emergence of one whose spyware has 80 distinct components, capable of strange and unique cyberespionage tricks—and who's kept those tricks under wraps for more than five years.
...
Shulmin says Kaspersky hasn't yet been able to connect TajMahal, named for a file the spyware uses to move stolen data off a victim's machine, to any known hacker groups with the usual methods of code-matching, shared infrastructure, or familiar techniques. Its Central Asian target doesn't exactly provide any easy clues as to the hackers' identities either, given the vagueness of that description and the countries with sophisticated hacker teams with Central Asian interests, including China, Iran, Russia and the US. Nor has Kaspersky determined how the hackers behind TajMahal gain initial access to a victim network. But they do note that the group plants an initial backdoor program on machines, which the hackers labelled Tokyo. That backdoor uses the tool PowerShell, often exploited by hackers, to allow the intruders to spread their compromise, connect to the a command-and-control server, and plant TajMahal's much more multifunctional payload spyware, labelled by the hackers as Yokohama, with its dozens of distinct modules.
posted by filthy light thief at 11:45 AM on August 26, 2019 [5 favorites]


The article sets up the idea that this is new and big and dangerous, but it doesn't exactly care to get into why this should all be taken as dangerous.
It notes in an aside that this is nothing different from what we're already doing to everybody else, so it can't be "How dare you go too far". It also notes that the US has a long precedent of those that it sees as villains/adversaries of the US (or as it'd conflate, adversaries of the world).
Given the state of the US, both contemporarily and over the last 20+ years, it seems like it'd be unethical for others to not gather as much intelligence as they could. Perhaps it'd have more weight if the UN were able to point out our own human rights abuses, if we could have the same rhetoric we apply fairly applied back upon us.
posted by CrystalDave at 12:47 PM on August 26, 2019 [6 favorites]


This is starting to ramp up in my world, American higher ed. There's rising anxiety about Chinese espionage and influence on colleges and universities, both from inside and outside the academy.
posted by doctornemo at 12:49 PM on August 26, 2019 [7 favorites]


In the very-short-run, Chinese Anti-Trump hacking may become the one thing preventing Russian hacking from giving Trump a second term. And I am saying it's a VERY short run benefit.
posted by oneswellfoop at 1:17 PM on August 26, 2019 [5 favorites]


Chinese and Russian hacking efforts are not the typical one state actor versus another state actor. Russia and China are both naked kleptocracies making an effort to undermine the regulatory bodies of the US in order to expand their business interests. The leadership of the United States is not interested in saving the state at the expense of profit.

This isn't about stealing state secrets like stealth jets or troop movements, it's about getting petty dictators with aligned interests elected and discrediting any other voice. Our intelligence apparatus will never get in the way of this espionage if it makes it slightly harder for a Chinese company to undermine Unions in the USA or for a Russian real estate developer to buy out condos.
posted by kzin602 at 3:18 PM on August 26, 2019 [14 favorites]


I feel like Betteridge's law of headlines probably applies here.
posted by webmutant at 5:55 PM on August 26, 2019 [1 favorite]


Perhaps it'd have more weight if the UN were able to point out our own human rights abuses, if we could have the same rhetoric we apply fairly applied back upon us.

Only one post for the whataboutism to come out. These threads are getting faster each time.
posted by Sangermaine at 6:13 PM on August 26, 2019 [4 favorites]


kzin602: I agree on all but one point, which is "this isn't about stealing state secrets like stealth jets or troop movements". It's not only that, it's that and the social stuff—discrediting public institutions, sowing discord, promoting factionalism, poisoning the informational well, etc.—and the commercial or financially-motivated stuff. The traditional military stuff is still going on, but it's possible other countries have discovered that the return on investment is higher going after softer targets.

I'm not sure how you defend against this stuff. Against authoritarian states, it's asymmetric: so there's no mutual deterrence aspect.
posted by Kadin2048 at 6:13 PM on August 26, 2019 [7 favorites]


There may be other sophisticated players (or existing parties who are more advanced than previously understood): Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years (Wired, April 2019)

Kind of poorly chosen headline, as I initially read it to mean that the spyware originated in Switzerland - a country that does in fact actively monitor other countries’ communications, including embassy traffic, through a project called ONYX.

I'm not sure how you defend against this stuff. Against authoritarian states, it's asymmetric: so there's no mutual deterrence aspect.

Authoritarian states are very soft targets for this stuff, which is why they’re so paranoid about access to social networks etc. They rule by a combination of fear and paternalistic technocracy, so making them look weak, silly or incompetent to internal audiences is very effective. Equally, pointing out the degree to which those same audiences lack basic freedoms afforded to those elsewhere is straightforward. There’s a reason that China is so obsessed with “maintaining social harmony”, and there’s a reason that Chinese social networking sites don’t allow any form of broadcast function or way to build one’s network beyond one’s immediate contacts (and still employ a literal army of censors), and there’s a reason that FB, google, twitter et al aren’t allowed there, and there’s a reason that Chinese search engines return no results for “Winnie the Pooh”.

The US isn’t pushing in any of these directions because it chooses not to, not because the option is unavailable.
posted by chappell, ambrose at 6:58 PM on August 26, 2019 [11 favorites]


Maybe I'm being naïve, but if the US social safety net wasn't being systematically plundered and dismantled, I would think that the Chinese might have a more difficult time recruiting double agents.

"In early 2017, Kevin Mallory was struggling financially. After years of drawing a government salary as a member of the military and as a CIA and Defense Intelligence Agency officer, he was behind on his mortgage and $230,000 in debt."

"Knowing someone’s background can help an intelligence agency build a profile for potential recruitment. The person might have medical bills piling up, a parent in debt, a sibling in jail, or an infidelity that exposes him or her to blackmail."

Most of the people profiled in the article were facing some sort of financial hardship or hurdle (some are probably just greedy, but there are always going to be people who worship $ uber alles). You know, if the US government hadn't allowed healthcare, and real estate, to become the domain of for-profit Insurance companies, and Wall Street speculators, and hadn't effectively dismantled public subsidies for education, then many of these agents might have less reason to "defect."
posted by nikoniko at 9:19 PM on August 26, 2019 [10 favorites]


Just to sprinkle some more naïvete onto my comment above, how will all this spy vs. spy shit matter when the world is an uninhabitable hellscape?
posted by nikoniko at 9:23 PM on August 26, 2019 [4 favorites]


"Knowing someone’s background can help an intelligence agency build a profile for potential recruitment. The person might have medical bills piling up, a parent in debt, a sibling in jail, or an infidelity that exposes him or her to blackmail."

And so cheap! The guy in the OP was convicted for getting 25K for secrets. This is the level of desperation that the US economy regularly puts its people into.

Sucks. Low salaries are the engine of corruption in failed and failing states. When the cops or the bureaucrats are getting paid a pittance of course they take bribes.

And look at places like Switzerland, where being responsible in your job is crucial, because of all of your important social capital, your good salary, the prestige of being in a position of trust and authority, makes people much less corruptible. I am sure it still can happen but you certainly cannot buy a Swiss intelligence community person for 25K.
posted by Meatbomb at 9:30 PM on August 26, 2019 [2 favorites]


These threads are getting faster each time.
It's not whataboutism, it's "This article is assuming a pretty big thing, and it doesn't do any work to bridge the assumption" with a dash of "Hans, are we the baddies?"

No shit every country with the capability wants to get as much as information as possible when the largest nuclear power in the world floats nuking hurricanes as policy. Short of a case being made otherwise, that's a thing to encourage, not saber-rattle as "Spooky, Cold War 2, maybe this time we'll have the lasers down?"

If we don't want people spying on us, we could stand to be a better country so it's not so easy, as people above note.
posted by CrystalDave at 9:32 PM on August 26, 2019 [5 favorites]


Maybe I'm being naïve, but if the US social safety net wasn't being systematically plundered and dismantled, I would think that the Chinese might have a more difficult time recruiting double agents.

I mean, that's part of the picture. But, I also think the protesters in Hong Kong are not rich either and live in one of the most expensive places in the world. And yet, it looks like Mainland Chinese officials, think tanks, and analysts (in espionage as well as other places) seem to have been caught completely by surprise that HKers would even have grievances. I think that points to a failure in intel gathering and processing on China's part.

But also, it ain't always about the money.
posted by FJT at 11:08 PM on August 26, 2019 [3 favorites]


I completely agree that it's not always about the money, that said, if you limit the ability of money to play such an easy role in purchasing an individual's (temporary/long-term) allegiance, then you're left with fewer, and ostensibly more difficult ways of gathering sensitive information. Whether or not these "intelligence services" correctly interpret and act on the information they have gathered, is another conversation.
posted by nikoniko at 12:53 AM on August 27, 2019 [1 favorite]


Only one post for the whataboutism to come out.

It's whataboutism if it's irrelevant. It isn't whataboutism to point out that an entity getting outraged about being spied on does exactly the same thing itself, because those two things are directly relevant to each other. It'd be whataboutism to mention unrelated US human rights abuses in an article about another government's human rights abuses, sure, but that isn't what this is.
posted by Dysk at 1:35 AM on August 27, 2019 [2 favorites]


Otoh, whataboutism is a great distraction from the problem at hand.
posted by Mrs Potato at 5:30 AM on August 27, 2019 [4 favorites]


Six years after NSA contractor Edward Snowden leaked documents providing details about how states' mass surveillance programmes function, two states – the UK and South Africa – publicly admit using bulk interception capabilities. Two states admit bulk interception practices: why does it matter?
posted by Mrs Potato at 11:19 AM on August 27, 2019 [3 favorites]


I listened to an interesting podcast that interviewed someone whose job is penetrating corporate security. After one job, he went to lunch across the street at a Chinese place and realized the food was particularly good and authentic. He realized it was likely a Chinese setup for recruiting. The way the scam goes, you lure in Chinese employees, do background checks, find out if they have relatives in China, and then basically put the screws to them by suggesting that if they don't hand over information their distant relatives will be put in prison.

China really scares me. They're like Russia used to be, only their despotism has been technologically and economically supercharged. They're much more of a real threat than Russia ever was to liberal ideals. It used to be they were primarily interested in spying on businesses but in this article a lot of the spying was oriented to military preparedness in specific parts of the United States.
posted by xammerboy at 5:16 PM on August 27, 2019 [2 favorites]


I fear their political ambitions for the same reasons you do xammerboy. What also makes them far worse than the Russians is that, while the Soviet Union was a Russian-led state with mass government programs for genocide and Russification, the ethnic supremacist ideals and ethnic essentialism of the Chinese are more coherent have a much longer history. China's fractious ethnostates believed in the supremacy and dominance of the Han long before Slavs were organized into states, possibly before Slavic languages diverged from Baltic ones. They were practicing low-syncretism, population replacement colonialism in South China at a time when most vernacular languages in Europe had no writing system. This is a political culture that still has yet to repudiate rounding up the Hmong and castrating them by the thousands, only a scant two-and-a-half centuries ago.

I'm scared what will happen when they take their lack of scruples and effective espionage programs and apply them to the annexation of a state like Malaysia or Indonesia, on the grounds of "protecting" minority Chinese.
posted by constantinescharity at 8:30 PM on August 27, 2019 [2 favorites]


the ethnic supremacist ideals and ethnic essentialism of the Chinese are more coherent have a much longer history

It is kind of a two edged sword, though, in that their paternalist care model only applies to "their own"... if you are a lao wei they don't care much about what you are doing, unless it is corrupting the morals of their citizens.

Stranger shit has happenned, but I do not see the Chinese state ever spreading much beyond current borders. Stability and prosperity for the Han Chinese, and durability and continuance of the Chinese state, these are the long term objectives. They have had thousands of years and they do not seem much interested in conquering the world.
posted by Meatbomb at 9:51 PM on August 27, 2019 [1 favorite]


Not to abuse edit: they have long established neighbours that they have no real possibility of ever conquering - Vietnam, Thailand, Japan, these are all states that might become more or less clients / tributaries, but long history makes these places very distinctly foreign places from the Chinese POV. Yeah maybe Malaysia or Indonesia at a stretch, but again, I cannot imagine China wanting far flung colonies, disconnected from the heartland, and full of majority hostile populations.
posted by Meatbomb at 10:02 PM on August 27, 2019 [2 favorites]


I grew up in Malaysia and Singapore in the 1970s and early 80s, and later on, my parents moved to Singapore in the 2000s. What Meatbomb said. Economic domination perhaps but there's never been fear of expansive takeover, and the Overseas Chinese themselves see themselves as distinct from Mainland Chinese.

An interesting new survey shows that many young HongKongers do not think of themselves as Chinese... which gives rise to fresh questions about the concept of ethnicity and a monolithic ethnostate based on external visual features alone.

Otoh, the western interpretation of the survey data is interesting to note as it conveys a different impression from this framing from the South China Morning Post
posted by Mrs Potato at 11:33 PM on August 27, 2019 [2 favorites]


But we derail from talk of superpowers and their surveillance powers
posted by Mrs Potato at 11:33 PM on August 27, 2019


"Some of the cases rarely see the light of a courtroom, because there’s classified material we’re not willing to risk,” one U.S. intelligence official told me, speaking on condition of anonymity due to the sensitivity of the topic. “Sometimes they’re not charged at all and are handled through other means. [. . .]"

That sounds, well, ominous.
posted by Johnny Waterbed at 2:33 PM on August 28, 2019


« Older Back to school baon: the iced gem biscuit   |   This is what patriotism looks like Newer »


This thread has been archived and is closed to new comments