Chinese Hackers Are Hiding in Routers in the US and Japan

WIRED broke the news on Wednesday that SoundThinking, the company behind the gunshot-detection system ShotSpotter, is acquiring some assets—including patents, customers, and employees—from the firm Geolitica, which developed the notorious predictive policing software PredPol. WIRED also exclusively reported this week that the nonprofit Electronic Privacy Information Center is calling on the US Justice Department to investigate potentially biased deployment of ShotSpotter in predominantly Black neighborhoods.

As the US federal government inches closer to a possible shutdown, we took a look at the sprawling conservative media apparatus and deep bench of right-wing hardliners in Congress that are exploiting their leverage to block a compromise in the House of Representatives.

Satellite imaging from the Conflict Observatory at Yale University is providing harrowing insight and crucial information about the devastation wrought in the city of Khartoum by Sudan’s civil war. Meanwhile, researchers from the cybersecurity firm eQualitie have developed a technique for hiding digital content in satellite TV signals—a method that could be used to circumvent censorship and internet shutdowns around the world. And the productivity data that corporations have increasingly been gathering about their employees using monitoring software could be mined in an additional way to train AI models and eventually automate entire jobs.

Plus, there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

A China-linked hacking group, dubbed BlackTech, is compromising routers in the US and Japan, secretly modifying their firmware and moving around company networks, according to a warning issued by cybersecurity officials this week. The United States Cybersecurity and Infrastructure Security Agency (CISA), the NSA, FBI, and Japan's National Police Agency and cybersecurity office issued the joint alert saying the BlackTech group was “hiding in router firmware.”

The officials said they had seen the Chinese-linked actors using their access to the routers to move from “global subsidiary companies” to the networks of companies’ headquarters in the US and Japan. BlackTech, which has been operating since around 2010, has targeted multiple router types, the officials said, but they highlighted that it compromised Cisco routers using a customized backdoor. “TTPs against routers enable the actors to conceal configuration changes, hide commands, and disable logging while BlackTech actors conduct operations,” the alert says.

Microsoft and US government officials said in July that Chinese government hackers had breached the cloud-based Outlook email systems of about 25 organizations, including the US State Department and Department of Commerce. On Wednesday, an anonymous staffer for Senator Eric Schmitt told Reuters that the State Department incident exposed 60,000 emails from 10 accounts. Nine of the accounts were used by State Department employees focused on East Asia and the Pacific, while one was focused on Europe. The Congressional staffer learned the information in a State Department IT briefing for legislators and shared the details with Reuters via email.

The zero-day market, where new vulnerabilities and the code needed to exploit them are traded for cash, is big business. And it is, maybe, getting more lucrative. Russian zero-day seller Operation Zero this week announced it would increase some of its payments from $200,000 to $20 million. “As always, the end user is a non-NATO country,” the group said, indicating it means Russian private and government organizations.

Unlike bug bounties, where security researchers find flaws in companies’ code and then disclose them to the firms to fix for payments, the zero-day market encourages the trade in flaws that can potentially be exploited by the purchasers. “Full chain exploits for mobile phones are the most expensive products right now and they’re used mostly by government actors," Operation Zero CEO Sergey Zelenyuk told TechCrunch. "When an actor needs a product, sometimes they’re ready to pay as much as possible to possess it before it gets into the hands of other parties.”

The European Union's proposed law to clamp down on child sexual abuse content—by scanning people’s messages and potentially compromising encryption—is one of the continent's most controversial laws of the last decade. This week, a series of revelations from a group of reporters has shown how the law’s main architect was heavily lobbied ahead of proposing the law and that police wanted access to the message data. First, an investigation revealed the close connections between the European Union’s home affairs commissioner, Ylva Johansson, and child protection groups. A second report shows the European police agency Europol pushed to get access to data collected under the proposed law. In response to the investigations, Europe's Committee on Civil Liberties, Justice, and Home Affairs has written to Johansson asking questions about the relationships.

Comments are closed.