Chinese Intelligence Services Possibly Implicated in Recent Hacks on Cloud Companies

The Wall Street Journal recently reported on a series of high profile hacks allegedly carried out by cyberattackers connected to China’s intelligence services.

During these hacks “volumes of intellectual property, security clearance details and other records from scores of companies over the past several years.”

They were able to acquire access to systems with prospecting secrets from mining company Rio Tinto and sensitive medical research from electronic and healthcare titan Phillips.

The hack, called Cloud Hopper, was uncovered by security researchers in 2016. U.S. prosecutors charged two Chinese nationals for the global operation last December. However, the two men remain at large.

According to a Wall Street Journal report, the attack was much bigger than previously expected. It goes well beyond 14 unnamed companies in the indictment, spanning across at least a dozen cloud providers, which includes CGI Group Inc, one of Canada’s biggest cloud companies, Tieto Oyj, a big player in Finland’s IT sector, and International Business Machines Corp.

Inside the clouds, the hackers gained access to a vast network of clients. The Journal’s investigation found that hundreds of firms that had relationships with the cloud providers who got hacked. These clients included Rio Tinto, Philips, American Airlines Group Inc., Deutsche Bank AG, Allianz SE, and GlaxoSmithKline PLC.

FBI Director Christopher Wray described the hackers’ work as the “equivalent of stealing the master keys to an entire apartment complex.”

It’s still being determined if hackers remain inside companies’ networks today.

U.S. agencies, especially the Justice Department, are concerned about potentially being exposed to hackers. Additionally, they worry that the hacks are now allowing the Chinese government to gain access to critical infrastructure.

The Chinese government has denied hacking allegations in the past.

In light of these developments, the U.S. will need to focus more on its cybersecurity infrastructure now that we’re two decades into the 21st century.

China’s transition from Maoism shouldn’t fool policymakers. It still remains authoritarian and is pursuing its own form of expansionism at the U.S.’s detriment.

American lawmakers will need to take this into account and start crafting new policies that actually focus on defense, instead of dropping hundreds of billions in pointless nation-building schemes.