An ITV News report on China-sponsored globally busy hackers includes an eyebrow-raising detail. The British government has “sanctioned two individuals and one company” for being among the “Chinese state-affiliated actors…behind several cyber-attacks on the UK.”
The sanctions of two individuals and one company occurred in the months since the British government “named and shamed Chinese state-affiliated actors” for cyber-assailing the United Kingdom.
If the hackers are based in China, the Brits probably can’t get to them. It means something, though, if a Chinese company that helps the Chinese Communist Party to conduct cyberattacks is penalized in a more than symbolic way.
But a couple of guys and one company, after months of investigation? That’s it?
Hackers for hire
This detail appears in an ITV story about “How the Chinese Communist Party is trying to monitor the entire world” (“Hackers for hire,” June 21, 2024). ITV is talking about a February 2024 leak of files of hackers at work—for China—a leak that fleshed out what we already knew thanks to forensic analysis of many cyberattacks over the years.
The cache of documents showed professional hackers were paid to infiltrate national databases in more than 20 countries. The company’s website presents an array of cyber-attack services it can provide.
It was clear work was being done on behalf of China’s public security bureaus and even its military, indicating the Chinese state operates a hackers-for-hire industry.
There were several references to the UK: In one log we found what looked like a shopping list of British government agencies and organisations.
It named Chatham House and the charity Amnesty International as targets of interest. And the Foreign Office was mentioned as being of particular value.
Within China, ITV tried to “track down the Chinese entities named by the British government for cyber campaigns against our MPs, the MoD [Ministry of Defence] and the electoral commission.” But the reporters found that various company names or addresses were fake. They were also stonewalled.
“At a human resources company in the city from where Xiaoruizhi workers are known to have been recruited, we were invited in for tea while they checked out the details we had given them. A woman who at first appeared willing to help came back to tell us that her boss was travelling and so she couldn’t help us at that time. The change in her demeanour suggested she’d been told to send us away.”
Shocking
The dark web was more revealing. There, ITV “gained access to sites where one hacker claimed to be selling data from register to vote UK [gov.uk/register-to-vote]. The sales sample also included usernames, emails and passwords, with references to the Universal Credit and immigration systems.”
Several pages showed the financial information of British citizens and one from a casino company showed the credit details of almost half a million people.
It was shocking to see such sensitive information traded by sinister actors on the Chinese dark web.
On the dark web forums, it appeared that many Chinese hackers were vying for assignments in foreign countries, suggesting there is a growing marketplace for datasets from countries around the world.
This backs up what we saw in the we gained access to sites where one hacker claimed to be selling data from register to vote UK. The sales sample also included usernames, emails and passwords, with references to the Universal Credit and immigration systems., where it looked like foreign intel was being hacked anticipating there would be interest in it from clandestine services in China.
Sounds like more than a couple of guys. Well, maybe MI5 and MI6 are just getting started.
Also see:
The Guardian: “Hackers for sale: what we’ve learned from China’s enormous cyber leak”
“Government agencies of China’s neighbours, including Kyrgyzstan, Thailand, Cambodia, Mongolia and Vietnam, had websites or email servers compromised, the leak revealed. There are long lists of targets, from British government departments to Thai ministries…. They named the government of India—a geopolitical rival of Beijing’s—as a key target for “infiltration”. And they claimed to have secured back-end access to higher education institutions in Hong Kong and self-ruled Taiwan, which China claims as part of its territory. But they also admitted to having lost access to some of their data seized from government agencies in Myanmar and South Korea.
“Other targets are domestic, from China’s north-western region of Xinjiang to Tibet and from illegal pornography to gambling rings.”
Ars Technica: “Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov”
“The US Justice Department on Monday [March 25, 2024] unsealed an indictment charging seven men with hacking or attempting to hack dozens of US companies in a 14-year campaign furthering an economic espionage and foreign intelligence gathering by the Chinese government.”
