On what has been an otherwise relatively slow news day as President Trump heads to Japan for this weekend's G-20 summit, the Associated Press has joined Reuters in publishing an expose about a cyberespionage campaign that just might have its origins in Beijing.
According to the AP, which sourced its story from a presentation given by the head of Cybereason, a global cybersecurity contractor brought in by telecoms firms to trace the source of another potentially major breach, a group of possibly state-backed hackers infiltrated the system of an unnamed telecoms giant to spy on a group of unnamed "VIPs" call records, location data and other information. The hack essentially allowed the hackers to track the movements and activities of the targets. And because the hack occurred at the service-provider level, it would be virtually impossible for the 20 or so end-user targets to discover the breach on their own. In essence, the hackers were able to transform the targeted firm into a "global surveillance system."
Cybereason Chief Executive Lior Div said because customers weren’t directly targeted, they might never discover that their every movement was being monitored by a hostile power.
The hackers have turned the affected telecoms into "a global surveillance system," Div said in a telephone interview. "Those individuals don’t know they were hacked - because they weren’t."
Div, who presented his findings at the Cyber Week conference in Tel Aviv, provided scant details about who was targeted in the hack. He said Cybereason had been called in to help an unidentified cellular provider last year and discovered that the hackers had broken into the firm’s billing server, where call records are logged.
The hackers were using their access to extract the data of "around 20" customers, Div said.
And here's some food for thought: Cybereason cautioned that even though all signs of who the culprit might be pointed to APT10, the MSS-backed hacker crew that orchestrated China's 'Operation Cloud Hopper', the campaign that reportedly infiltrated eight of the world's largest enterprise tech companies, they were reluctant to conclusively blame APT10 for the intrusions.
Why? Because these signs could have been manufactured to point to APT10, even though the real culprit could have been another government, or a criminal organization, or maybe even the infamous '400-pound basement dweller' that Trump once joked about.
Who might be behind such hacking campaigns is often a fraught question in a world full of digital false flags. Cybereason said all the signs pointed to APT10 - the nickname often applied to a notorious cyberespionage group that U.S. authorities and digital security experts have tied to the Chinese government.
But Div said the clues they found were so obvious that he and his team sometimes wondered whether they might have been left on purpose.
"I thought: 'Hey, just a second, maybe it’s somebody who wants to blame APT10,'" he said.
Since Cybereason was contracted by a large telecoms firm to carry out its investigation, it couldn't say for sure whether the targets of the hacking campaign had been alerted to the intrusion. Whether to notify the targets, they said, had been left to their client to decide. The firm said it had been in contact with a 'handful' of law enforcement agencies about the intrusions, but again they refused to reveal who exactly had been brought in the loop.
Whoever hired Cybereason would be remiss if they didn't disclose the intrusion, since failing to alert their investors could be construed as securities fraud. But if the recent past is any guide (remember Equifax?), companies that have been the victim of large-scale hacks are often reluctant to disclose it for fear of the market backlash.
But if China is behind the hacks, that would give the Trump Administration one more reason to hold off on striking a trade deal on the grounds that Beijing simply can't be trusted to end its sweeping cyberespionage campaign.