Hacking tools stolen from NSA show Chinese cyberfirms were targeted, experts say

One victim was Topsec, a Beijing-based company that provides network security for the government and PLA, according to analysts

PUBLISHED : Friday, 19 August, 2016, 11:58pm
UPDATED : Monday, 12 June, 2017, 12:53pm

Hacking tools claimed to be pilfered from the US National Security Agency reveal a ­severe security threat to China, mainland experts say, with a leading national provider of network security said to be among the victims of the government hackers.

Some of the data was released online over the weekend by the Shadow Brokers, an anonymous group of hackers which said it took them from the “Equation Group”, an elite espionage team widely believed to be operated by the NSA. An increasing number of security experts have since said the data appeared to be legitimate.

[Topsec is] one of the largest security hardware suppliers in China, as big as Huawei
Tang Wei, senior engineer at Rising

American cybersecurity firm Risk Based Security studied the release and found one victim was Beijing Topsec Network Security Technology, which provides firewall ­services to government arms, including the tax bureau, as well as the military.

It looks increasingly likely that the NSA has been hacked, as experts scrutinise leaked code

An analysis of the data by mainland ­cybersecurity company Rising showed China was at a severe risk.

“We can tell for certain now that some attacks have been carried out against China,” Rising senior engineer Tang Wei said. “Topsec has been compromised; they are one of the largest security hardware suppliers in China, as big as Huawei.”

Topsec provided internet security services for aspects of national space projects, including the maiden launch of the Long March 7 rocket in June and the docking of the Tiangong-1 space station with the Shenzhou-9 and Shenzhou-8 spacecrafts.

Topsec has also provided information security for several international events held in China, such as the 2008 Beijing Summer Olympics, the 2010 Shanghai Expo and the World Internet Conference in Wuzhen in Zhejiang province last year.

China’s hack-proof quantum satellite leap into space leads the world

China and the US have traded accusations of hacking for years, but in 2013 former American intelligence analyst Edward Snowden revealed details about the extent of the NSA’s global surveillance programmes in 2013. He provided documents that showed the NSA was carrying out extensive hacking of major telecoms providers in China, and the Hong Kong headquarters of Pacnet, which owns a key fibre-optic submarine cable in the region.

A year later the US Justice Department charged five officers in the People’s Liberation Army over computer hacking and economic espionage.

Many Chinese security companies, including us, are studying the data to patch up security loopholes
Tang Wei, senior engineer at Rising

Since the Snowden incident, China has replaced network components developed by overseas companies such as Cisco Systems to prevent infiltrators from exploiting “back doors”.

But the code, which was created in 2010 and updated constantly until 2013, suggested domestic providers could be vulnerable to overseas attacks too, experts said.

EXCLUSIVE: Whistle-blower Edward Snowden talks to South China Morning Post

According to Tang, hackers could target vulnerabilities in firewall equipment and infiltrate internal networks run by commercial organisations or the government without being detected. “Many Chinese security companies, including us, are studying the data to patch up security loopholes. But what worries us most is that the tools have been disclosed,” Tang said.

Another security expert, who declined to be named, said that although Topsec might not have the best engineers or technology among mainland cybersecurity companies, they were closest to the government. “In terms of government and military purchases, they are No 1, no doubt, leaving the runner-up nearly a block ­behind,” the source said.

In addition to Topsec, three American companies – Cisco, Juniper Networks and Fortinet – were targeted by the Equation Group, according to the analysis by Risk Based Security.

Another Chinese firm Shaanxi Networkcloud Information Technology was also targeted, according to a blog post by Nicholas Weaver, a researcher at the International Computer Science Institute in California. Networkcloud, located in Shaanxi province, is a distributor for Topsec, according to its website.

Both Chinese companies did not ­immediately respond to inquiries by the South China Morning Post.

The Shadow Brokers is auctioning the remaining tools to the highest bidder, ­saying that it will release them publicly if it receives 1 million bitcoins, valued at roughly US$568 million.