By Raphael Satter
(Reuters) – Chinese anti virus firm Qihoo 360 said CIA hackers have spent more than a decade breaking into the Chinese airline industry and other targets, a blunt allegation of American espionage from a Beijing-based firm.
In a brief blog post https://blogs.360.cn/post/APT-C-39_CIA_EN.html published on Monday in English and Chinese, Qihoo said it discovered the spying campaign by comparing samples of malicious software it had discovered against a trove of CIA digital spy tools released by WikiLeaks in 2017.
Qihoo – a major cybersecurity vendor whose research is generally followed for the insight it offers into China’s digital security world – said the Central Intelligence Agency had targeted China’s aviation and energy sectors, scientific research organizations, internet companies, and government agencies. It added that the hacking of aviation targets might have been aimed at tracking “important figures’ travel itinerary.”
Qihoo published a catalog of intercepted malicious software samples as well as an analysis of their creation times that suggested that whoever devised the tools did so during working hours on the U.S. East Coast.
The CIA and the Chinese Embassy in Washington did not immediately return messages seeking comment. A message seeking additional comment from Qihoo’s chief security officer, Yuejin Du, was not immediately returned after business hours in Beijing.
The United States – like China and other world powers – rarely comments when accused of cyberespionage. There has, however, long been evidence in the public domain – released by former NSA contractor Edward Snowden, in the U.S. case, or by U.S. prosecutors and private cybersecurity firms, in China’s case – that both countries hack their opponents.
The allegations leveled against Beijing by U.S. companies have for years been laid out in lengthy, data-heavy reports. More recently, Chinese companies have begun doing the same with respect to other foreign hacking groups.
The timing of Qihoo’s most recent publication could be related to last month’s indictment of four Chinese military hackers over a massive breach at U.S. credit reporting agency Equifax, said Adam Segal, who studies China and cybersecurity issues at the Council on Foreign Relations in New York.
He said outing CIA operations publicly could be a way of sending a message to Washington – while at the same time burnishing Qihoo’s reputation.
“This is great public relations for them,” Segal said.
Qihoo’s publication is the latest fallout from WikiLeaks’ release of CIA hacking tools in 2017.
U.S. prosecutors have accused a disgruntled CIA coder, Joshua Schulte, of handing the digital espionage arsenal to WikiLeaks as revenge for a series of professional setbacks, calling the leak “instantly devastating.”
“Years of work and millions of dollars developing those tools went up in smoke,” Assistant U.S. Attorney David Denton told a jury at Schulte’s trial in New York last month, according to a transcript https://www.documentcloud.org/documents/6768406-20200204.html#document/p14/a549062 of his remarks.
Schulte denies the allegation, saying he is being unfairly blamed for the breach because of his contentious relationship with his colleagues.
The Manhattan jury in Schulte’s case is expected to begin its deliberations Tuesday.
(Reporting by Raphael Satter, Editing by Rosalba O’Brien)