China’s biggest cyber-security company today released a report accusing the CIA of breaching Chinese companies and government agencies for over 11 years.
The article, published by Qihoo 360, claims that the CIA has hacked targets in China’s aviation industry, institutions of scientific research, petroleum industry, Internet companies, and government agencies.
Around September 2008 and June 2019, CIA cyber activities took place, and most of the targets were based in Beijing, Guangdong, and Zhejiang, researchers from Qihoo reported.
Qihoo believes that a large part of the CIA’s surveillance activities has concentrated on the civil aviation sector, both in China and elsewhere.
The Chinese security company says that this program targeted “long-term and targeted intelligence-gathering” to track “real-time global flight status, passenger information, trade freight and other related information.”
Vault 7 Leaks Report
By monitoring and studying the leaked “Vault7,” a hacker group associated with the CIA has uncovered a series of attacks by a Chinese tech giant 360 Communication Technology against China’s aircraft, scientific research agencies, petroleum industry and large-scale internet companies.
The tech company noticed the CIA sponsored the hacking group which primarily targeted device developers from China’s aerospace and scientific research institutions engaged in aviation services such as flight control systems, freight information, and passenger information. Thousands of airlines abroad have also fallen victim to the hacking group.
“By contrasting the attacking samples in the victim’s network with the CIA’s unique Vault7 cyber arm, we find that the patented technical details matched in them or were the same,” 360 Defense Technologies told.
Reports showed that the CIA’s research and development team developed these cyber weapons for years and cost millions of dollars. These can be used only by those CIA staff who have endured strict scrutiny and training, the research company added.
“Based on selected individuals, we find that CIA had infringed such goals or may have gained significant confidential information on both domestic and international aviation,” the company added.
360 Cyber Systems was able to identify the CIA and Vault7, due to former CIA contractor Joshua Adam Schulte. Schulte was born in Texas in 1988, and served as an NSA volunteer, leaving the CIA in 2010. At CIA’s National Clandestine Service he was in charge of information resources.
Schulte assisted in Vault7’s growth as a core member of creating the many hacking tools and cyberspace weapons from the CIA. In 2016 Schulte used the privileges of his developer and backdoors to clone the Vault7 software and sent it to Wikileaks, which released related data on their website in 2017.
Schulte was charged and investigated by the US Justice Department in 2018 and tried on 4 February.
Schulte and these incidents provided evidence to 360 Cyber Technologies, and the Vault7, verified by U.S. authorities, became a turning point to prove that APT-C-39 was linked to the CIA.
APT-C-39 used many exclusive CIA cyber weapons, including Fluxwire and Grasshopper, against Chinese targets, according to an analysis by 360 Defense Technology.
360 Computer Technologies was able to confirm, after analyzing similar code samples and activity signatures, that these cyber weapons were the ones mentioned in the Vault7 software.
Qihoo 360 takes the Schulte case as opportunity to link cyber-activity to the CIA. Not much new info, except that aviation systems in CHN were targeted.
Big letdown: Attribution is almost exlusively based on Vault7 leak, and compilation timestamps:Did devs ignore CIA guidelines? https://t.co/EvbMODJfmn
— Timo Steffens (@Timo_Steffens) March 3, 2020
In reality, the Qihoo study does not add something new to the table. Most of the information contained in the Qihoo study was already public knowledge circulated and validated more than three years ago from various sources.
The only new information included in the Qihoo article is the specific targets that the CIA in China reportedly compromised, a knowledge that was not previously known before the Qihoo blog post today.