Sick Hackers Of Asia

China’s cyberattacks should make it a trade pariah
New York Post


Four members of China’s People’s Liberation Army now stand charged in the 2017 Equifax hack, one of the largest cybercrimes ever — and they were plainly working Beijing’s will, since they’re all members of a PLA unit dedicated to hacking.
In other words: China is waging cyberwar on the West even as it insists on being treated like a normal country.
The hack of one of the biggest US consumer-credit reporting agencies grabbed personal info on half the country: birthdates and Social Security numbers of 145 million and driver’s license info of 10 million, plus 200,000 stolen credit-card numbers.
And the danger goes far beyond the monetary, Attorney General William Barr noted in announcing the charges: “These thefts can feed China’s development of artificial intelligence tools, as well as the creation of intelligence targeting packages” — meaning industrial as well as regular-old espionage.
This follows the feds’ 2014 indictment of PLA hackers for breaching the computer systems of a number of American manufacturers, among other crimes.
Since then, notes Barr, “We have witnessed China’s voracious appetite for the personal data of Americans, including the theft of personnel records from the Office of Personnel Management, the intrusion into Marriott Hotels and Anthem health-insurance companies and now the wholesale theft of credit and other information from Equifax.”
It’s unlikely the hackers will ever face trial — and even less likely Beijing will stop trying to steal American data and know-how.
The Trump administration’s efforts to block the Chinese firm Huawei from building 5G networks in the West is clearly the bare minimum needed now.

As lucrative as China’s market may be, the rest of the world needs to start asking how it can trade with a pack of unapologetic thieves.

China hacked iPhones and Android devices to target Uyghur Muslims

By Kevin Collier

Some of the sites had the capability to infect both Android phones and iPhones, a source familiar with multiple companies' research on the sites, some of which is not public, confirmed to CNN. 

It wasn't clear, however, that the sites were capable of hacking both types of phones at the same time.
The findings highlight just how powerful cyberespionage campaigns can be when governments with sufficient resources decide to spy on particular groups by compromising entire categories of websites and indiscriminately hacking the mobile users who access them.
The broad approach of the attacks could easily be repurposed for other groups, like Hong Kong protesters, said Adam Segal, the director of the Digital and Cyberspace Policy program at the Council on Foreign Relations.

"These are all outwardly facing websites, so you would expect that the capacity would be able to do the same to Taiwanese parties or Hong Kong student websites, or any other websites," Segal told CNN.
China has been resoundingly condemned by the international community recently for its treatment of Uyghurs, including putting them under intense, multifaceted surveillance.
Researchers at the cybersecurity company Volexity, whose specialties include tracking how the Chinese government spies on Uyghurs, released a report Monday showing how certain websites tailored for a Uyghur audience would automatically hack the Android phones of some people who visit them. 

Called a "watering hole" attack, the tactic allows a hacker to compromise sites their targets are likely to go to rather than seek them out directly.
As many as a million Uyghur Muslims have been detained in concentration camps by the Chinese government in East Turkestan colony and they are among the most surveilled groups of people on the planet. 

Areas with heavy Uyghur populations are rife with security cameras and facial recognition systems, and residents are relentlessly tracked.
Compromised websites include relatively popular Uyghur news sites and learning resources like the online Uyghur Academy.
"If you literally go searching for Uyghur websites, Uyghur news, these are the search results. They picked a pretty good set of targets to go after the Uyghur population," Volexity CEO Steven Adair told CNN.

iPhones also targeted
Volexity's research helps shed light on recent groundbreaking but mysterious research.
Last week Google's Project Zero, a research team that studies undiscovered, critical software vulnerabilities that leave developers scrambling to write updates to patch them, revealed an unprecedented finding from earlier this year.
The team also described watering hole attacks. 

But unlike the attacks Volexity documented on Android phones, which exploited known vulnerabilities and wouldn't affect users who had updated their phones to the latest version of Android, the iPhone findings were shocking.
The team found that anyone who visited one of a handful of particular websites on an iPhone, generally regarded as one of the safest common devices on the planet, would be at risk of a monitoring implant being installed on their phone. 

Apple has since patched the vulnerability on all phones with the latest version of the iOS operating system.

Google declined to share who was affected, prompting a minor controversy in the security community. 

But a source familiar with Google's research confirmed that at least some of the URLs Volexity found targeting Uyghur Android users also went after iPhones.
The news that websites referred to in Project Zero's research were aimed at Uyghurs was first reported by TechCrunch.
On Wednesday, a source familiar with Project Zero's research confirmed that some of the URLs it saw overlapped with those in Volexity's report.
Google declined to comment on the record about the issue. 

Its refusal has led some in the information security community to question why Google would announce a campaign that targeted its competitors' phones but not mention a similar campaign against its own smartphone operating system. 

But Project Zero manager Tim Willis defended the company's decisions on Twitter, saying specifically that Google had found iOS exploits in January. 

Volexity's research found Android exploits later in the year.
Nury Turkel, chairman of the Uyghur Human Rights Project, told CNN that while he had been unaware of the watering hole attacks, they were in line with what he has come to expect from China.
"This is the first time I'm seeing this particular report," Turkel told CNN. 

"But I can tell you that I am not surprised at this."
"When I was the head of the Uyghur American Association and the Uyghur Human Rights Project, we were constantly attacked. Our websites were shut down at times, and I was personally the target of email-based hacking attempts," Turkel said.
China has a long history of aggressively surveilling the digital lives of not only Uyghurs, but also other minorities who either live in China or have fled the country. 

In 2014, for example, Tibetan Buddhists, a regular target of spearphishing attacks, began a campaign to avoid using email attachments.
Google and Apple declined to comment on the record for this story.

Chinese Cyberattack Hits Telegram, App Used by Hong Kong Protesters

By Paul Mozur and Alexandra Stevenson

The police used tear gas as protesters came closer to the Legislative Council building in Hong Kong on Wednesday. Protesters used the app Telegram to organize, but the police were watching.

SHANGHAI — As protesters in Hong Kong retreated from police lines in the heart of the city’s business district, a new assault quietly began.
It was not aimed at the protesters. 

It was aimed at their phones.
A network of computers in China bombarded Telegram, a secure messaging app used by many of the protesters, with a huge volume of traffic that disrupted service. 

The app’s founder, Pavel Durov, said the attack coincided with the Hong Kong protests, a phenomenon that Telegram had seen before.
“This case was not an exception,” he wrote.
The Hong Kong police made their own move to limit digital communications. 

On Tuesday night, as demonstrators gathered near Hong Kong’s legislative building, the authorities arrested the administrator of a Telegram chat group with 20,000 members, even though he was at his home miles from the protest site.
“I never thought that just speaking on the internet, just sharing information, could be regarded as a speech crime,” the chat leader, Ivan Ip, 22, said in an interview.
“I only slept four hours after I got out on bail,” he said. 

“I’m scared that they will show up again and arrest me again. This feeling of terror has been planted in my heart. My parents and 70-year-old grandma who live with me are also scared.”
Past the tear gas, rubber bullets and pepper spray, the Hong Kong protests are also unfolding on a largely invisible, digital front. 

Protesters and police officers alike have brought a new technological savvy to the standoff.
Demonstrators are using today’s networking tools to muster their ranks, share safety tips and organize caches of food and water, even as they take steps to hide their identities.
The Hong Kong authorities are responding by tracking the protesters in the digital places where they plan their moves, suggesting they are taking cues from the ways China polices the internet.

Demonstrators on Tuesday night outside the Hong Kong government complex.

In mainland China, security forces track chat messages, arrest dissidents before protests even occur, and are increasingly detaining people over posts critical of the government. 

The Hong Kong police have visited the mainland at times looking at ways of stopping "terrorism".
“We know the government is using all kinds of data and trails to charge people later on,” said Lokman Tsui, a professor at the School of Journalism and Communication at the Chinese University of Hong Kong.
Protesters used some of the same tools to organize in 2014, when the Occupy Central demonstration shut down parts of the city for more than two months. 

But their caution shows a growing awareness that the new digital tools can be a liability as well as an asset.
The police during the Occupy protests used digital messages to justify the arrest of a 23-year-old man, saying he used an online forum to get others to join in. 

One message that then spread over the WhatsApp chat service included malware, disguised as an app, that appeared to be for eavesdropping on Occupy organizers. 

Researchers said the malware came from China’s government.
“People are minimizing their footprints as much as possible,” Dr. Tsui said. 

“In that regard, it’s very different from five years ago. People are much more conscious and savvy about it.”
This week’s protests were sparked by the Hong Kong government’s plans to enact a new law that would allow people in the city to be extradited to mainland China, where the court system is closed from public scrutiny and tightly controlled by the Communist Party. 

On Thursday, city officials delayed plans to consider the legislation.
Telegram said on its Twitter account that it was able to stabilize its services shortly after the attack began. 

It described the heavy traffic as a DDoS attack, in which servers are overrun with requests from a coordinated network of computers. 

In his tweet, Mr. Durov said the attack’s scale was consistent with a state actor.
Beijing has been blamed in the past for attacks that silence political speech outside mainland China’s borders. 

In 2014, an informal online referendum about Hong Kong’s political future drew what at that time was one of the largest such attacks in history. 

A separate cyberattack in 2015 hijacked traffic from Baidu, the Chinese search engine, to overload a website hosting copies of services blocked in China, like Google, the BBC, and The New York Times.

In Hong Kong, the authorities focused on Mr. Ip, the chat room organizer, whom they saw as a ringleader. 

He said that the police arrived at his door with a warrant around 8 p.m. 

More than 10 officers demanded he unlock his phone, explaining that they were searching for extremists in the chat groups he administered.

Police officers stopped and searched people on Tuesday night ahead of planned protests.

At first he refused, but when they threatened to use a device to break into his Xiaomi 6 smartphone, he relented and entered the password. 

They then downloaded his chat records.
The officers searched his apartment, where he lives with his parents, but backed down after the parents complained that they were searching through things that were not his, he said. 

The police officers implied that they had found him based on his phone number, which was linked to his identification.
While Telegram conversations can be encrypted, the service does not have end-to-end encryption for its group chats, said Dr. Tsui, the communications professor. 

After Mr. Ip was arrested, groups distributed warnings to use new pay-as-you-go SIM cards or register foreign numbers online to join groups.
In a statement, the Hong Kong police’s Cybersecurity and Technology Crime Bureau said he had been arrested because he was suspected of conspiracy to cause a public nuisance. 

He was released on bail, but the police said an investigation was continuing. 

Mr. Ip said he had not attended any protests this week.
Many of the protesters are college-aged and digitally savvy. 

They took pains to keep from being photographed or digitally tracked. 

To go to and from the protests, many stood in lines to buy single-ride subway tickets instead of using their digital payment cards, which can be tracked. 

Some confronting the police covered their faces with hats and masks, giving them anonymity as well as some protection from tear gas.
On Wednesday, several protesters shouted at bystanders taking photos and selfies, asking those who were not wearing press passes to take pictures only of people wearing masks. 

Later, a scuffle broke out between protesters and bystanders who were taking photos on a bridge over the main protest area.
For some, the most flagrant symbol of defiance came from showing one’s face.
On Wednesday, as demonstrators prepared for a potential charge by the police, a drone flew overhead. 

The protesters warned one another about photos from above, but Anson Chan, a 21-year-old recent college graduate, said she was unconcerned about leaving her face exposed, potentially revealing her identity.
Ms. Chan said she felt compelled to join the protests out of concern about the proposed law.
“Once people get taken to China, they can’t speak for themselves,” said Ms. Chan, who had traveled nearly two hours from Lok Ma Chau in northern Hong Kong to show support and hand out supplies after seeing scenes of violence on the news.
The mainland’s restrictions were on the minds of many.
“The bottom line is whether to trust Beijing,” said Dr. Tsui, the communications professor. 

“This is a government that routinely lies to its own citizens, that censors information, that doesn’t trust its own citizens. You can’t ask us to trust you if you don’t trust us.”
“These kids that are out there, all the young people, they’re smart,” he added. 

“They know not to trust Beijing.”

US spy chiefs warn tech execs about doing business with China

Politicians say companies need to be aware of Chinese threat
By James Vincent

US intelligence chiefs have been briefing Silicon Valley tech execs about the possible dangers of doing business in China, according to a report from the Financial Times.
The briefings include warnings about the threat of cyber attacks and the theft of intellectual property, and have been held with groups including tech companies, universities, and venture capitalists in California and Washington.
The meetings are the latest example of the US government’s increasingly combative stance towards China. 

In a statement given to the FT, Republican senator Marco Rubio — one of the politicians who organized the briefings — outlined the rationale behind them.
“The Chinese government and Communist party pose the greatest long-term threat to US economic and national security,” said Mr Rubio. 

“It’s important that US companies, universities, and trade organizations understand fully that threat.”
Those giving the briefings include high-level figures in the US intelligence community such as Dan Coats, director of national intelligence. 

The meetings also reportedly include the sharing of classified information — an unusual level of disclosure.
The FT reports that the briefings began last October. 

Since then, the trade war between the US and China has escalated dramatically. 

The most significant intervention came last week, with the White House announcing that US companies will be blocked from buying telecommunications equipment from certain foreign companies including China’s Huawei.
The Trump administration says this ban is necessary to counter the threat of surveillance and spying from Chinese-made equipment. 

But the ban is likely to have a big affect on consumers around the world, especially with the news that Google will no longer be able to supply the full version of its Android mobile operating system to Huawei.

China's Cyberattacks

Chinese hacker who obtained details of 78 million people is charged in US with one of the worst data breaches in history
by Robert Delaney

This photo provided by the FBI shows a wanted poster of Wang Fujie (left). The US Justice Department says a grand jury has indicted Wang and another man identified only as John Doe for hacking into the computers of health insurer Anthem Inc and three other, unnamed companies, in an indictment unsealed May 9, 2019, in Indianapolis. 

A US federal grand jury on May 9 charged a Chinese national in a hacking campaign described by the Justice Department as “one of the worst data breaches in history”, an effort that yielded the personal data of 78 million people.
Wang Fujie, also known as Dennis Wang, and another individual in the indictment, have infiltrated the US-based computer systems of US health insurer Anthem and three other companies, the Justice Department said in a statement on May 9.
“The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history,” Assistant Attorney General Brian Benczkowski, said in the announcement.
“These defendants attacked US businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their [personally identifiable information].”
The indictment was the latest in a series of efforts by the US Federal Bureau of Investigations to tackle hacking operations and cybertheft emanating from China.

The bureau has become increasingly vocal about the country.
The second suspect, who was identified in court documents as John Doe and through aliases including Zhou Zhihong, conducted the hacking activities in China.
The other three companies affected by the hacks, conducted between February 2018 and January 2019, operated in the technology, basic materials and communication services sectors, according to the department.
Information taken from the companies included health identification numbers, birth dates, social security numbers, addresses, telephone numbers, email addresses, and employment information.
Wang and Doe obtained personal information by installing malware on the victim companies’ computers systems through “spearfishing” emails sent to the companies’ employees, according to the indictment, which was filed with the Indianapolis division of the federal court’s Southern District of Indiana, where Anthem is based.

The information obtained by the defendants was encrypted and sent through multiple computers to destinations in China. 

The files installed in the victim companies’ computers systems were then deleted.
Anthem and the other US companies involved notified the FBI when they became aware of the operation, allowing the federal investigators to monitor the activity and trace it to the defendants, according to the Justice Department.
The FBI has worked closely with companies in recent years to respond to attempts by Chinese to steal information from US companies. 

GE Aviation, for example, had worked with the bureau for more than a year to lure Xu Yanjun, a spy working for China’s Ministry of State Security, into a law enforcement trap in Belgium last year. Xu was then extradited to the US and is now awaiting trial.
According to Xu’s indictment filed in the Southern District of Ohio, the MSS officer sought GE Aviation technology used in the development of fan blades and engine encasements.
FBI Director Christopher Wray has been an outspoken critic of China since he assumed his post in 2017.
Last year, Wray accused Beijing of increasing its use of “non-traditional collectors” – such as professors, scientists and students – for its intelligence gathering.
“One of the things we’re trying to do is view the China threat as not just a whole-of-government threat but a whole-of-society threat on their end, and I think it’s going to take a whole-of-society response by us,” Mr Wray testified at a Senate hearing in February 2018.
Eight months later at another hearing, Mr Wray declared China “the broadest, most complicated, most long-term” counter-intelligence threat confronting the US – surpassing even Russia, whose interference in the 2016 election dominated headlines for more than two years and continues to roil the country.
Speaking at a separate Senate hearing in December, Bill Priestap, the FBI’s assistant director of counter-intelligence, also called for more coordinated action to counter espionage and cybertheft originating in China.
“There are pockets of great understanding of the threat we’re facing and effective responses, but in my opinion we’ve got to knit that together better,” he said.
Warning against what he called “ad hoc responses”, Priestap added: “We need more people in government, more people in business, more people in academia pulling in the same direction to combat this threat effectively.”

Xi Jinping's Pope

Online petition opposing China-Vatican deal was hit by cyber-attack
Christian Today 

The Catholic Church now has a Manchurian Pope

An online petition opposing an agreement between the Chinese government and the Vatican was subject to a cyber attack on February 14, it has emerged.
According to a statement from the group Free Catholics in China, a denial-of-service (DDOS) attack on its website meant that it did not resume normal service until the following day, the Catholic Herald reported.
'We will not be cowed into silence by such attack, and we will never stop voicing out for the Church,' the group said.

The controversial Vatican-China deal is reportedly set to be reached by next month. 

Chinese Catholics are divided between those in the 'underground' Church who are loyal to the pope and the government-backed Catholic Patriotic Association, which appoints bishops without Rome's approval.
The open letter published on the website is signed by named Catholics mainly in Hong Kong and also in the US and the UK. 

It says: 'We are deeply worried that the (proposed) deal would create damages that cannot be remedied.'
The 15 lawyers, academics and human rights activists who have signed the open letter express dismay at an agreement which would involve the Vatican recognising seven bishops appointed by China's Communist party.
The letter censures the appointment of seven bishops by the Chinese state, not the pope, adding that the bishops' 'moral integrity is questionable'.
The letter, published on the influential site Asia News and elsewhere, says: 'We are worried that the agreement would not only fail to guarantee the limited freedom desired by the Church, but also ... deal a blow to the Church's moral power. Please rethink the current agreement, and stop making an irreversible and regrettable mistake.'
The letter to bishops around the world came less than two weeks after Cardinal Joseph Zen, the former bishop of Hong Kong, accused the Vatican of 'selling out', writing in a blog post: 'Do I think the Vatican is selling out the Catholic Church in China? Yes, definitely, if they go in the direction which is obvious from all what they are doing in recent years and months.'
Last month, the Vatican asked two underground bishops to give up their positions in favour of government-appointed counterparts, one of whom was excommunicated by Rome in 2011.
A petition attached to the letter had been signed by 1,600 people as of last week.
The cyber-attack happened within hours of widespread international publicity about the open letter.

The Necessary War

How China Plans to Win the Next World War
By Michael Raska

China’s cyber capabilities are continuously evolving in parallel with the People’s Liberation Army’s (PLA) ongoing military reforms and modernization drives. 

As the PLA invests in the development of comprehensive cyber capabilities, the character of future conflicts in East Asia will increasingly reflect cyber-kinetic strategic interactions.
In a potential conflict with Taiwan, for example, the PLA may put a strategic premium on denying, disrupting, deceiving, or destroying Taiwan’s Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) systems. 

This would be followed by the deployment of the PLA’s conventional air wings, precision ballistic missile strikes, and sea power projection platforms – all within the first hours of the conflict.
A key target for the PLA, for example, would be the highly-advanced US-made ultra-high frequency (UHF) early warning radar system located on top of Leshan Mountain near the city of Hsinchu. Activated in February 2013, the radar is reportedly capable of detecting flying objects up to 5,000km away, and provide a six-minute warning in preparation for any surprise missile attack from the Chinese mainland. 

The radar essentially tracks nearly every sortie of the PLA Air Force flying across China’s opposite coastline.
The Leshan Mountain radar also has capabilities to electronically jam China’s major signal intelligence station located at Dongjing Shan. 

Moreover, the radar is likely linked with the US Air Force’s Space Command Defense Support Program (DSP) that operates reconnaissance satellites for the US Satellite Early Warning System. The system is reportedly capable of providing comprehensive surveillance of North Korean missile launches.

PLA Concepts of ‘Network Swarming Warfare’:
The PLA’s Strategic Support Forces (SSF) envisions such operations under the conceptual umbrella of integrated network electronic warfare (INEW), or wangdian yitizhan. 

In China’s strategic thoughts, INEW has a holistic representation that combines coordinated use of cyber operations, electronic warfare, space control, and kinetic strikes designed to create “blind spots” in an adversary’s C4ISR systems.
These concepts have also been reflected in the PLA’s recent writings on “network swarming warfare” that envisions future campaigns as “multi-directional maneuvering attacks” conducted in all domains simultaneously: ground, air, sea, space, and cyberspace.
While specific operational aspects and capabilities are clouded in secrecy, papers by the PLA’s semi-authoritative military sources such as the National Defense University indicate a simultaneous application of multiple force elements, including small and multi-functional operational forces, electronic warfare and counter-space forces, cyber units, and long-range precision firepower.

Space-based information asset control
An essential element for China’s cyber operations is the control of space-based information assets as a means of achieving “information dominance.” 

Specifically, PLA authors acknowledge that space dominance is essential for operating joint campaigns and for maintaining the initiative on the battlefield. 

Conversely, they view the denial of an adversary’s space systems as an essential component of cyber operations and a prerequisite for victory.
Interestingly, Chinese writings note that the overall space system encompasses not only satellites in orbit, but also terrestrial launch, mission control, tracking, and telemetry and control (TT&C) facilities, such as the Leshan Mountain radar in Taiwan.
Consequently, establishing space dominance must incorporate offensive and defensive measures covering the full range of targets – orbiting systems, ground-based systems, and data.
To this end, the PLA maintains a strong focus on counter-space capabilities, both kinetic and cyber. These include developing space launch facilities; space tracking, telemetry, and control facilities; orbital space combat capabilities and units; strategic missile forces; ground-based space defense forces, and space logistics and safeguarding capabilities and forces.

Cyber Exploitation:
During peace time, PLA’s cyber units under the SSF are likely involved in comprehensive cyber reconnaissance – probing the computer networks of foreign government agencies as well as private companies.
These activities, which China denies, serve to identify weak points in the networks, understand how foreign leaders think, discover military communication patterns, and attain valuable technical information stored throughout global networks.
The scale, focus, and complexity of China’s cyber espionage over the past decade strongly suggest that these operations are state-sponsored or supported with access to financial, personnel, and analytic resources that far exceed what organized cybercriminal operations or multiple hacker groups operating independently could likely access consistently over a long duration.
Meanwhile, it is important to note that China is also relying on traditional human intelligence operations. 

According to Defense News, for example, China has been able to use its human intelligence network in Taiwan to gather information that would compromise the Leshan Mountain radar, as well as the island’s other strategic assets, including the Anyu-4 air defense network upgrade program, Po Sheng C4I upgrade program, Shuan-Ji Plan (electronic warfare technology project), Wan Chien (Ten Thousand Swords) joint standoff weapon, and the Mirage 2000 fighter aircraft.

Future Conflicts:
The progressive complexity in strategic interactions and interdependencies between cyber, information, cognitive, and physical domains will likely challenge traditional kinetic uses of force in future conflicts in East Asia.
For example, in ensuring operational access in the East or South China Seas, the US military will have to ensure the security, reliability, and integrity of its mission-critical C4ISR systems as well as combat support and logistics systems that will become increasingly vulnerable to cyber threats as well as other emerging forms of electronic warfare, including threats from electromagnetic pulse and high-powered microwave weapons.
A sophisticated cyberattack on these systems, whether by the PLA or other potential adversary, would likely result in cascading effects with ramifications on the individual US services and their abilities to carry out operational missions.
As conflicts move into the cyber and information domains, the centers of gravity are also going to shift. 

The value and more importantly, the accuracy and reliability of strategic information relevant for the situational awareness and function of the nation state as a system will become even more important with the increased dependence on cyberspace.
Cyber-enabled conflicts will evolve parallel with technological changes – e.g. the introduction of the next generation of robots, artificial intelligence, and remotely controlled systems that will continue to alter the character of future warfare. 

Ultimately, however, both cyber and information domains – whether civil or military – may become simultaneously targets as well as weapons, including for the armed forces of China, Russia and the US.

Cyberwar

China Hacked A US Aircraft Carrier In The South China Sea

By RYAN PICKRELL
The Nimitz-class aircraft carriers USS John C. Stennis (CVN 74), and USS Ronald Reagan (CVN 76) (rear) conduct dual aircraft carrier strike group operations in the U.S. 7th Fleet area of operations in support of security and stability in the Indo-Asia-Pacific in Philippine Sea on June 18, 2016.

Chinese cyber criminals attempted to hack a U.S. aircraft carrier in the South China Sea a day before a tribunal discredited its claims to the area, according to the Financial Times.
The hackers sent an infected document resembling an official message to foreign government officials visiting the USS Ronald Reagan, a Nimitz-class, nuclear-powered aircraft carrier. 

The message contained Enfal malware designed to break through security systems and possibly collect information on maneuvers and policies. 

This type of malware can also download additional viruses.
The attack occurred July 11, one day before the Permanent Court of Arbitration at The Hague ruled against China’s vast claims to the South China Sea. 

At the time, the USS Ronald Reagan was conducting security patrols in the South China Sea.
The U.S. Navy said that the hackers were unsuccessful. 

The USS Ronald Reagan’s classified information was not compromised by the attack.
At the moment, there is no evidence indicating that the Chinese government is behind the attack. 

The Chinese-based group, according to cyber security firm FireEye, has also launched attacks against U.S. and Vietnamese national defense networks.
Cyber attacks were common around the time of the arbitration tribunal’s ruling. 

Within hours of the ruling, distributed denial of services (DDoS) attacks knocked 68 national and local government websites in the Philippines offline.
Chinese hackers breached airport broadcasting systems in Hanoi and Ho Chi Minh City in late July and aired messages critical of the maritime claims of the Philippines and Vietnam’s maritime claims.
Cyber crimes have actually been a part of the South China Sea row for years. 

During the dispute over China’s placement of an oil rig in disputed waters, Chinese hackers used “spear-phishing” attacks like the one used against the USS Ronald Reagan to target Vietnamese government and military systems. 

These attacks successfully compromised a Vietnamese intelligence agency, leading to the illicit disclosure of military secrets. 

Chinese cyber criminals did the same in response to Vietnamese arms acquisition later that year.
The behavior of China’s cyber criminals indicates that the battle for the South China Sea is not being solely fought at sea.

Chinese Cyberattacks

China's Xiongmai to recall up to 10,000 webcams after hack
By Sijia Jiang

HONG KONG -- Up to 10,000 webcams will be recalled in the aftermath of a cyber attack that blocked access last week to some of the world's biggest websites, Chinese manufacturer Hangzhou Xiongmai Technology Co. told Reuters on Tuesday.
In Washington, a member of the U.S. Senate Intelligence committee asked three federal agencies what steps the government can take to prevent cyber criminals from compromising electronic devices.
Friday's internet outage alarmed security experts because it leveraged a new type of attack using simple webcams and other connected devices that often lack proper security.
Hackers harnessed hundreds of thousands of those devices globally to flood U.S.-based internet infrastructure provider Dyn with so much traffic that it could not cope, cutting access to major websites including PayPal, Spotify and Twitter.
The U.S. Department of Homeland Security (DHS) said it had discussed the attacks in a conference call with 18 major communications service providers and was working to develop a new set of "strategic principles" for securing internet-connected devices.
The intelligence committee member, U.S. Senator Mark Warner, a Democrat, sent letters asking DHS, the Federal Communications Commission (FCC) and Federal Trade Commission if they have adequate tools for combating the threat posed by "bot net" armies of infected electronic devices.
"Manufacturers today are flooding the market with cheap, insecure devices, with few market incentives to design the products with security in mind, or to provide ongoing support," Warner said.
He asked FCC Chairman Tom Wheeler if communications providers have authority to deny internet access to electronics devices they deem insecure.
Senators Angus King, an independent, and Martin Heinrich, a Democrat, who also serve on the committee, on Monday asked the Obama administration to create uniform policies across government seeking to secure U.S. networks by sharing any detected vulnerabilities with the private sector.
Xiongmai said it would recall some surveillance cameras sold in the United States after researchers identified they had been targeted in the attack.
Liu Yuexin, Xiongmai's marketing director, told Reuters the company would recall the first few batches of surveillance cameras made in 2014 that monitor rooms or shops for personal, rather than industrial, use.
Xiongmai had now fixed loopholes in earlier products, prompting users to change default passwords and block telnet access, Liu said.
He declined to give an exact number of vulnerable devices, but estimated it at fewer than 10,000.
Xiongmai devices were unlikely to suffer similar attacks in China and elsewhere outside the United States, where they are typically used in more secure industrial networks, Liu said.
"Most of our products in China are industrial devices used within a closed intranet only," Liu said. "Those in the U.S. are consumer devices exposed in the public domain."
Liu said surveillance cameras with Xiongmai core modules were widely used for surveillance at banks, shops and housing estates, where the firm was one of the top three suppliers.
He declined to identify specific clients.
Xiongmai may take further steeps to beef up security by migrating to safer operating systems and adding further encryption, Liu said.