China calls the US an ‘empire of hacking’ following NSA advisory accusing Chinese hackers of exploiting cybersecurity bugs
- The NSA published a list of 25 common software vulnerabilities that it says Chinese state-backed hackers could use to access sensitive data
- China’s Ministry of Foreign Affairs hit back, calling the accusations ironic and citing the Prism surveillance programme
“It is indeed ironic news that the US National Security Agency, as the main implementer of the Prism programme and the world’s largest cyber espionage agency, publicly accuses other countries of cyber espionage,” Zhao said.
Prism was one of the surveillance programmes leaked by Snowden, exposing how the NSA collected internet communications from technology companies like Google, Facebook and Microsoft. Zhao also accused the US of occupying a leading position in software and hardware, giving the country a “natural advantage” in exploiting vulnerabilities.
The NSA advisory, published on Tuesday, details 25 cyber vulnerabilities that have been “recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors”. The list includes vulnerabilities that are already publicly known, such as bugs in software like Microsoft Corp.’s Windows or Citrix Systems, and they are directly accessible from the internet.
The report recommends that US government officials protect their systems against these common vulnerabilities that state-backed hackers could use to steal intellectual property and economic, political, and military information.
The advisory joins a similar report from the US Cybersecurity and Infrastructure Security Agency. The report published by CISA in September notes that hackers affiliated with China’s Ministry of State Security are using readily available exploits to target US government agency networks.
The NSA report says China-backed actors are using the same process for planning to exploit a computer network as “any sophisticated cyber actor”, starting with identifying the target.
Accusations of cybercrimes have been heating up between the US and China as ongoing tensions take a toll on major Chinese tech firms like Huawei and ByteDance, the owner of TikTok.
Other cybersecurity issues have also been a source of contention on both sides.
The Chinese government recently took issue with the US government’s “Clean Network” programme. The initiative aims to restrict the international expansion of Chinese apps, cloud services and undersea cable networks, which the US says pose a threat to security and data privacy.
In September, China’s foreign ministry unveiled a new Global Initiative on Data Security that opposes the abuse of information systems for mass surveillance and unauthorised collection of personal information from other states.
“The Chinese government has never asked Chinese companies to install back doors and provide overseas data to the government,” Zhao said.