Chinese cybersecurity firm Qihoo 360 accuses CIA of 11-year-long hacking campaign
- US spy agency allegedly targeted China’s aviation and energy sectors, as well as research organisations, government agencies and internet companies
- Beijing-based firm says it compared samples of malicious software it had found against trove of CIA digital tools released by WikiLeaks in 2017
Chinese antivirus firm Qihoo 360 said CIA hackers have spent more than a decade breaking into the Chinese airline industry and other targets, a blunt allegation of American espionage from a Beijing-based firm.
In a blog post published on Monday in English and Chinese, Qihoo said it discovered the spying campaign by comparing samples of malicious software it had found against a trove of CIA digital spy tools released by WikiLeaks in 2017.
Qihoo – a major cybersecurity vendor whose research is generally followed for the insight it offers into China’s digital security world – said the Central Intelligence Agency had targeted China’s aviation and energy sectors, scientific research organisations, internet companies and government agencies.
It published a catalogue of intercepted malicious software samples as well as an analysis of their creation times that suggested that whoever devised the tools did so during working hours on the US East Coast.
The CIA and the Chinese embassy in Washington did not immediately return messages seeking comment. A message seeking additional comment from Qihoo’s chief security officer, Du Yuejin, was not immediately returned after business hours in Beijing.
The United States – like China and other world powers – rarely comments when accused of cyberespionage. There has, however, long been evidence in the public domain – released by former NSA contractor Edward Snowden, in the US case, or by US prosecutors and private cybersecurity firms, in China’s case – that both countries hack their opponents.
The allegations levelled against Beijing by US companies have for years been laid out in lengthy, data-heavy reports. More recently, Chinese companies have begun doing the same with respect to other foreign hacking groups, including some that they say operate from US soil.
Last September, for example, another Chinese antivirus firm, Qi-Anxin, published a report that accused the CIA of hacking. Like Qihoo, it too said it had found evidence that American spies had targeted the domestic aviation sector. Also like Qihoo, Qi-Anxin’s researchers based their conclusions on the CIA software tools made public by WikiLeaks.
In its blog post, Qihoo said that the CIA’s alleged focus on the aviation sector could be intended to help it track real-time air passenger information, including “important figures’ travel itinerary”.
The accusations made by Qihoo and Qi-Anxin both stem from WikiLeaks’ 2017 release that the secret-spilling organisation dubbed “Vault 7”.
US prosecutors have accused a disgruntled CIA coder, Joshua Schulte, of handing the digital espionage arsenal to WikiLeaks as revenge for a series of professional setbacks, calling the leak “instantly devastating”.
“Years of work and millions of dollars developing those tools went up in smoke,” Assistant US Attorney David Denton told a jury at Schulte’s trial in New York last month, according to a transcript of his remarks. “He did it out of spite.”
Schulte denies the allegation, saying he is being unfairly blamed for the breach because of his contentious relationship with his colleagues. The Manhattan jury in Schulte’s case is expected to begin its deliberations Tuesday.
Purchase the China AI Report 2020 brought to you by SCMP Research and enjoy a 20% discount (original price US$400). This 60-page all new intelligence report gives you first-hand insights and analysis into the latest industry developments and intelligence about China AI. Get exclusive access to our webinars for continuous learning, and interact with China AI executives in live Q&A. Offer valid until 31 March 2020.