Chinese hackers are positioning themselves inside critical US infrastructure by targeting careless office workers in a bid to cause ‘societal chaos’ from within should war break out.
Beijing‘s military have burrowed into more than 20 major suppliers in the last year alone including a water utility in Hawaii, a major West Coast port and at least one oil and gas pipeline, analysts have revealed.
And they have bypassed elaborate cyber security systems by intercepting passwords and log-ins unguarded by junior employees, leaving China ‘sitting on a stockpile of strategic’ vulnerabilities.
Codenamed Volt Typhoon, the project has coincided with growing tension over Taiwan and could unplug US efforts to protect its interests in the South China Sea.
‘It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict,’ said Brandon Wales of the DHS’s Cybersecurity and Infrastructure Security Agency (CISA).
President Joe Biden avoided the subject during talks with Chinese president Xi Jinping at he Apec summit in San Francisco last month
Analysts believe that China’s military has changed its strategy from intelligence-gathering to infiltration in a bid to sew chaos should war break out
China’s focus on Guam is of particular concern, as the US territory is a key military base in the Pacific, and would be a major staging ground for any American response in the event of a conflict in Taiwan or the South China Sea
‘Either to prevent the United States from being able to project power into Asia or to cause societal chaos inside the United States — to affect our decision-making around a crisis.
‘That is a significant change from Chinese cyber activity from seven to 10 years ago that was focused primarily on political and economic espionage.’
The hackers often cover their traces by using unsuspicious devices such as home or office routers in a bid to steal employee credentials, officials told the Washington Post.
Once inside the systems they can pose as legitimate users, in a technique known as ‘living off the land’.
‘You’re trying to build tunnels into your enemies’ infrastructure that you can later use to attack,’ said China expert Joe McReynolds at the Jamestown Foundation.
‘Until then you lie in wait, carry out reconnaissance, figure out if you can move into industrial control systems or more critical companies or targets upstream. And one day, if you get the order from on high, you switch from reconnaissance to attack.’
The Director of National Intelligence warned in February that China is already ‘almost certainly capable’ of launching cyberattacks to disable oil and gas pipelines and rail systems.
‘If Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure and military assets worldwide,’ the annual assessment reported.
The Director of National Intelligence warned in February that China is already ‘almost certainly capable’ of launching cyberattacks to disable oil and gas pipelines and rail systems
Chinese military planners intend ‘network warfare’ targeting infrastructure to play a crucial role in any amphibious invasion of Taiwan
Hiding among authorized users can leave the hackers almost invisible to authorities.
‘The two toughest challenges with these techniques are determining that a compromise has occurred, and then once detected, having confidence that the actor was evicted,’ said Morgan Adamski of the National Security Agency.
But in August the hackers were spotted trying to penetrate systems run by the Public Utility Commission of Texas and the Electric Reliability Council of Texas which provide the state’s power.
But Hawaii is thought to be the biggest target given the crucial role it would play for the US if conflict broke out over Taiwan.
Chinese military planners intend ‘network warfare’ to play a crucial role in amphibious invasions with air and missile strikes coordinated alongside cyber-attacks on command networks, critical infrastructure, satellite networks and military logistics, according to Reynolds.
‘This is stuff they pretty clearly see as relevant to a Taiwan scenario,’ he said, ‘though they don’t explicitly say this is how we’re going to take over Taiwan.’
In May Microsoft uncovered Chinese attempts to infiltrate dozens of sectors in Guam, the closest US territory to Taiwan.
Brandon Wales of the DHS’s Cybersecurity and Infrastructure Security Agency (CISA)
Communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education organizations were targeted by Volt Typhoon.
That month the ‘Five Eyes’ security alliance between the US, UK, Canada, Australia and New Zealand offered new advice to companies on how to keep their systems safe.
But new requirements on states to report on cyberthreats to their public water system have been withdrawn by the Environmental Protection Agency in the face of court challenges against Federal ‘overreach’.
Beijing has a long history of cyber warfare with the West and managed to steal critical control data from Canadian gas pipeline operator Telvent after breaching its firewall in 2012.
Hackers at the notorious Unit 61398 were held responsible and Five members of the unit were indicted in 2014 for hacking US companies.
But officials believe the strategy has changed from one of gathering intelligence to one of wreaking havoc.
And no company is too small or seemingly unimportant to escape Chinese attention.
Eric Goldstein of CISA told the Post that many targets are ‘not necessarily those that would have an immediate relevant connection to a critical function upon which many Americans depend.
‘Opportunistic targeting based upon where they can gain access’, is a way of establishing access to an entire industry.
The NSA has warned that any employee is at risk of allowing Chinese spies into their company, and has urged firms to insist on mass password resets.
They want better monitoring of accounts that have high network privileges and warned that authentication which relies on a text message to a user’s phone can be intercepted by foreign governments.
And while the Chinese are keen to project their growing military strength, the full extent of their cyber capabilities remains a closely guarded secret.
China’s aircraft carrier Liaoning was among those taking part in drills off Taiwan this summer
The Chinese People’s Liberation Army held drills in April off Fujian Province in Pingtan County, China’s closest point to Taiwan
China’s military declared it was ‘ready to fight’ in the spring after completing three days of large-scale combat exercises around Taiwan that simulated sealing off the island
Jonathan Condra who is a threat researcher with the security company that uncovered August’s attack on Texas’s power companies said the hackers ‘were doing this a lot more stealthily than if they were trying to get caught’.
President Joe Biden was expected to raise the concerns during his meeting with Chinese president Xi Jinping last month at the Apec summit in San Francisco but the topic was avoided.
But analysts have warned that this is a battle the US cannot afford to lose.
‘This is a fight for our critical infrastructure,’ Adamski said.
‘We have to make it harder for them.’