China’s complaints about U.S. spying are laughable to many

“No, duh.” China continues to claim that the US is hacking it, confusing cyber analysts

This week China accused the National Security Agency of hacking into the computers of a Beijing-funded university that the United States says conducts research for the military.

It was the latest entry in a series of recent complaints from China about US cyber surveillance, following allegations dating back to February.

Still, the spat has surprised many cybersecurity experts.

• They are unsure what China hopes to achieve, all the more because they scoff at what they describe as the poor and often outdated nature of Chinese findings.
• Moreover, alleged targets like this week’s Northwestern Polytechnic University are what most nations would consider “fair game” for government-to-government espionage, prompting responses of, essentially, “No smoke.”

In some cases, China has used publicly available media reports for their “discoveries”. State media have reinforced the government’s message and echoed its strangely non-disclosing nature. One media outlet this week, for example, reported that it had “learned from a source” that the NSA’s Rob Joyce once led the agency’s hacking division, Tailored Access Operations (TAO) — a fact commonly cited in his online biographies.

The Chinese claims were “very amusing”, a European security researcher tweeted Lukasz Olejnik:

The confusing nature of certain elements of the charges by China’s National Computer Virus Emergency Response Center (CVERC) also makes it difficult to verify them, which sometimes only identify old hacking tools and therefore raise questions about how effective China’s cybersecurity apparatus is.

“Additional technical report from CVERC [is] are needed to enable independent validation of analytical findings by industry peers,” Silas Cutlerthe senior director of cyber threat research and analysis at the Institute for Security and Technology told me via email.

SentinelOne’s Juan Andres Guerrero-Saade broke down the technical side of things further in a Twitter thread:

There are several possible explanations for why Chinese entities – sometimes the government, sometimes the companies, sometimes both – are doing this recently, Adam Meyersthe senior vice president of threat intelligence at cybersecurity company CrowdStrike told me:

• Chinese cybersecurity firms may try to draw attention to their threat intelligence products.
• Or: “They’re working on the concern with the Chinese government to demonstrate that it works both ways, that China can claim that the US is attacking them and they can use that to counter any claims by US businesses and entities that they say the Chinese are stealing their intellectual property.”
• Or: They’re trying to send a message to the US government, which has repeatedly accused China of cyber abuses. “We’re going to start putting pressure on you because you’ve been putting pressure on us,” Meyers said.

It’s possible that all three theories are simultaneously true, Meyers said.

Another possible explanation is that China wants to undercut the United States in the eyes of regional players such as South Korea, Japan and Taiwan, Josh Lospinosowho once worked for the NSA’s TAO and is now the CEO of cybersecurity firm Shift5, told me.

While recent reports from China are more formal, government officials there have often responded verbally to past allegations of Chinese hacking by pointing to US cyberspace operations, Lospinoso noted.

If there is a consensus, it is that China is making its latest accusation spree to influence opinion.

“I would suggest that Beijing seems to be making a habit of repackaging old news stories — suggesting their usefulness is mostly propaganda.” Gavin Wildea senior fellow at the Carnegie Endowment for International Peace told me via email.

“China’s counter-narrative to its widespread cyber activity is not only useful on the domestic front, but coincides with increased cohesion between Western governments and tech companies on cyber defense and attribution amid Moscow’s war against Ukraine,” it said. he. “However, the need to go to great lengths to explain the logic behind Chinese propaganda is indicative of how slippery it often is.”

Coinbase Funds Lawsuit Over Tornado Cash Sanctions

The firm is sponsoring a lawsuit by six plaintiffs against the Treasury Department in federal court in Texas. The plaintiffs say the US government’s blacklisting of Tornado Cash — a cryptocurrency mixer that authorities said facilitated money laundering by North Korean hackers — harmed them financially and that they all used the service for legitimate purposes, reports Tory Newmyer. Two of the plaintiffs are employees at Coinbase, which is the largest cryptocurrency exchange based in the United States.

“The lawsuit argues that Treasury overstepped its legal authority by sanctioning the software, rather than a person or entity,” Tory writes. “And he alleges that the department violated the plaintiffs’ First Amendment rights by prohibiting them from using a tool that enabled them to exercise their free speech.”

Investigators recover $30 million in stolen cryptocurrency from North Korea

The recovered funds appear to be part of the cryptocurrency that the Lazarus Group stole from the Axie Infinity video game in March, but it still represents a success for authorities in returning money stolen by notorious North Korean hackers. Wall Street JournalReporting by Dustin Volz and Caitlin Ostroff. Cryptocurrency intelligence firm Chainalysis, which worked with Axie Infinity publisher Sky Mavis, said it had discovered where hackers tried to convert stolen funds into cash, and that cryptocurrency and law enforcement partners were able to freeze the money.

“It’s a big deal to have any amount of money recovered from the Lazarus Group,” Chainalysis senior director of investigations. Erin Plante he told the newspaper. “That didn’t happen before.”

Portuguese authorities are investigating the sale of secret NATO documents on the dark web

US officials warned their Portuguese counterparts about hundreds of documents marked “secret” and “classified” for sale on the dark web. News DiaryValentina Marcelino reports. The documents NATO apparently sent to Portugal, a member of the alliance.

Portuguese officials investigating the breach eventually found the computers from which the documents were stolen, Marcelino reports.

The offices of Portugal’s prime minister and army told Diário de Notícias that authorities investigate all apparent violations. A spokesman for the US Embassy in Lisbon told the newspaper that they do not comment on intelligence matters.

FBI, DOJ defend ‘offensive’ actions against Chinese, Russian operations (The Record)

Four vulnerabilities discovered in popular infusion pumps, WiFi batteries (The Record)

Former Uber executive’s trial has security officials worried about liability for hacks (The Wall Street Journal)

A former professor spreads election myths across the US, one city at a time (Annie Gowen)

• Senior officials from across the federal government are speaking at the Billington Cyber ​​Security Summit today.
• Christel Schaldemosea member of the European Parliament who is the rapporteur for the Digital Services Act, discusses DSA at an event organized by the German Marshall Fund and Columbia’s School of International and Public Affairs on Monday at noon.
• Whistleblower on Twitter Peter “Mudge” Zatko testifies before the Senate Judiciary Committee on Tuesday at 10:00 a.m
• Current and former executives at social media companies testify before the Senate Homeland Security Committee on Wednesday at 10 a.m.
• A panel of the Senate Judiciary Committee holds a hearing on protecting Americans’ personal information from hostile foreign actors on Wednesday at 3:30 p.m.

Thanks for reading. See you next week.