5 reasons why a top Chinese hacker gang and their friends could wreak havoc on US
The Department of Homeland Security is hopping mad about a data breach of State Department computuers by a topnotch group of Chinese hackers. But there's more to the story...
You may never have heard of Threat Actor Storm-0558, but this top Chinese hacker gang broke into the State Department computer systems via Microsoft Exchange Online last spring and read emails for several weeks before Secretary of State Anthony Blinken’s visit to Beijing. They also got to Secretary of Commerce Gina Raimondo, U.S. Ambassador to China Nicholas Burns, Rep. Don Bacon, R-Ill., and 391 other Americans plus other government offices in the U.S. and Europe.
Then the State Department caught Storm-0558 in June, and Microsoft mitigated the attack. End of story? Not quite.
A scathing report on the incident released Apr. 2 by the Department of Homeland Security’s Cyber Review Board has ignited a firestorm. According to the Board, "this intrusion was preventable and should never have occurred." Worse, experts are still not sure how China pulled off the key part of the deception required to slip in. That touched off fears for data security. First, the State Department. Next, the cloud?
CHINESE HACKERS HAD ACCESS TO US INFRASTRUCTURE FOR 'AT LEAST 5 YEARS' BEFORE DISCOVERY
To cut to the chase: Homeland Security is plenty mad at China for the diplomatic data breach. But they are anxious that this same cyber war tactic could allow China to do far more damage if their cyber gangs hack data in the cloud.
Here are five reasons the Cyber Review Board is both furious and worried.
No question, the Chinese hack did damage to U.S. diplomacy. The Storm-0558 intrusion occurred as U.S. diplomats were preparing for a summer of high-level meetings in Beijing, beginning with Blinken in June 2023. For the State Department at least, the Storm-0558 breach was way worse than China’s giant spy balloon.
Turns out Storm-0558 hackers in China have been tracked by industry for over 20 years. They are known to have carried out major attacks in 2009 and 2011, and probably more mischief the government doesn’t talk about. Pretty annoying to see them back again. On top of that, Storm 0558 is a "nation-state actor" which in Washington, DC lingo means: yes, these guys work for Xi Jinping.
CLICK HERE FOR MORE FOX NEWS OPINION
President Joe Biden issued a lengthy Executive Order back in May 2021 beefing up government cyber security with zero trust and better cloud security. Agencies were exhorted to carry out "proactive detection of cybersecurity incidents within Federal Government infrastructure, active cyber hunting, containment and remediation, and incident response." In fact, the Cyber Security Review Board was set up under Biden. Still, China was reading Gina Raimondo’s emails. No wonder Homeland Security is sounding the alarm.
The big worry is that China will get access to the cloud and steal or corrupt data. As you’ve probably noticed, US government agencies are migrating data and processing to cloud services. The review said Storm-0558 apparently forged an encryption key and exploited another opening to gain access and sit inside secure systems for quite some time. Those tactics could be used against a cloud, too. In fact, investigators apparently interviewed Google Cloud, Amazon Web Services, and Oracle among others about their cloud security practices as part of the analysis.
"Cloud computing is some of the most critical infrastructure we have, as it hosts sensitive data and powers business operations across our economy," said DHS Under Secretary of Policy and CSRB Chair Robert Silvers. "It is imperative that cloud service providers prioritize security and build it in by design."
If the breach is undetected over the long term, that’s a very serious problem. Worst case, hackers could twist and corrupt data to influence how AI models are trained.
I think Homeland Security came out swinging in part because the U.S. government is relying so much on big tech companies in the competition with China. Microsoft, Amazon, Google, Meta and other companies are basically critical infrastructure, just like dams, bridges and the electric grid. The government has nowhere else to turn for the basic products to stay ahead in the digital domain. And it’s the leading tech companies that will fund and fuel the AI revolution. Nobody else has the cash.
Clearly, Homeland Security is hoping that the stern report and public pillorying will help America’s tech firms redouble their efforts. "You have to prioritize security over feature development," SentinelOne’s Chris Krebs told CNBC "Squawkbox" on Apr. 4. And as the Cyber Review Board pointed out, it was none other than Microsoft founder Bill Gates who called for placing trust and security first. "Microsoft is one of the most important, if not the most important, technology companies in the world and we all depend upon them for hardware, software, productivity, cloud and security," Krebs said. "With great power comes great responsibility."