The National Computer Virus Emergency Response Center of China and local infosec outfit 360 Total Security have conducted an investigation called “The Matrix” that found the CIA conducts offensive cyber ops, and labelled the United States an “Empire of Hacking”.
The two orgs have been good enough to publish the first part of their work, titled Empire of Hacking: The US Central Intelligence Agency – Part I.
The document doesn’t offer much new info, leaning heavily on the 2017 infodump from WikiLeaks that detailed the “Vault7” trove of exploits the CIA uses to spy on computers, smart TVs, WhatsApp and just about any other device or service you might use.
The CIA was also found to exploit a weakness in Cisco kit, which was most unwelcome.
Readers of the Chinese document will also encounter a potted history of the CIA’s many efforts to undermine socialist regimes, and the US’s development of the TOR protocol which, the document notes, has been used by anti-government activists. Twitter and Google come in for criticism for their actions providing secure communications tools for citizens in Tunisia and Egypt.
China’s Communist Party often points out that challenging the legitimacy of governments is a big no-no.
The publication of the investigation was noticed by China’s state-controlled news agency Xinhua and by the nation’s foreign ministry. On Thursday the former asked the latter hard-hitting questions about its thoughts on the document and the revelations it contains.
“The US must take seriously and respond to the concerns from the international community, and stop using cyber weapons to carry out espionage and cyber attacks around the world” was the response from foreign ministry spokesperson Mao Ning.
The US has been saying the same thing about China for years.
In 2015 both nations made a show of calling it off, signing up to a no-hack pact that almost nobody believes is being upheld by either side.
Indeed, FBI director Christopher Wray last week claimed China has 50 offensive infosec operatives for every defender his agency can muster and operates “a bigger hacking program than every other major nation combined and have stolen more of our personal and corporate data than all other nations big or small combined.”
And so the dance continues: nobody expects either nation will stop using cyber tools to find cracks in the other’s defences, or information that informs their national security and industrial efforts.
Source : The Register