According to reports in the Wall Street Journal and New York Times on Sunday, the FBI and Department of Homeland Security (DHS) will soon issue a warning that hackers linked to the Chinese government are trying to steal data from American researchers working on a vaccine for the Wuhan coronavirus.
The Wall Street Journal’s (WSJ) source said the joint alert will “accuse Beijing of working to steal from American institutions intellectual property and health information related to coronavirus vaccines and treatment through hacking and other illicit means and may come within days.”
“It could not be determined what evidence, if any, the planned alert would contain. A warning that China was trying to steal information about the coronavirus would be an unusually quick assessment from the U.S. government about hacking activity and would follow other allegations from the Trump administration seeking to blame China for the outbreak,” the WSJ noted.
The New York Times (NYT), which claimed to have seen a draft version of the warning notice, said FBI and DHS believe “China’s most skilled hackers and spies” are involved in the effort, along with “nontraditional actors,” which the NYT interpreted as “a euphemism for researchers and students the Trump administration says are being activated to steal data from inside academic and private laboratories.”
“The decision to issue a specific accusation against China’s state-run hacking teams, current and former officials said, is part of a broader deterrent strategy that also involves United States Cyber Command and the National Security Agency. Under legal authorities that President Trump issued nearly two years ago, they have the power to bore deeply into Chinese and other networks to mount proportional counterattacks,” the NYT reported.
The leaked FBI/DHS assessment has support from other U.S. agencies, private cybersecurity experts, and foreign governments:
“China’s long history of bad behavior in cyberspace is well documented, so it shouldn’t surprise anyone they are going after the critical organizations involved in the nation’s response to the Covid-19 pandemic,” said Christopher Krebs, the director of the Cybersecurity and Infrastructure Security Agency. He added that the agency would “defend our interests aggressively.”
Last week, the United States and Britain issued a joint warning that “health care bodies, pharmaceutical companies, academia, medical research organizations and local governments” had been targeted. While it named no specific countries — or targets — the wording was the kind used to describe the most active cyberoperators: Russia, China, Iran and North Korea.
The NYT did its best to run a little cover for China in its article, first by asserting that everybody is trying to steal coronavirus data and tossing in a non-sequitur about Israel’s allegations about an Iranian hacker attack last month:
The warning comes as Israeli officials accuse Iran of mounting an effort in late April to cripple water supplies as Israelis were confined to their houses, though the government has offered no evidence to back its claim. More than a dozen countries have redeployed military and intelligence hackers to glean whatever they can about other nations’ virus responses. Even American allies like South Korea and nations that do not typically stand out for their cyberabilities, like Vietnam, have suddenly redirected their state-run hackers to focus on virus-related information, according to private security firms.
Later in its report, the NYT framed the cybersecurity warning as part of a propaganda war between the Trump administration and the Chinese, made a point of quoting unnamed critics who think the effort to root out Chinese spies from U.S. tech and academia is a new “Red Scare,” and expounded on its “everybody is hacking like crazy these days” narrative by dwelling at length upon Vietnamese hackers going after the Chinese government and South Korean hackers digging into the World Health Organization (W.H.O.). Even the infamous “deposed Nigerian princes” who want to deposit millions of dollars in your bank account, if you would just be so kind as to send them your account information, are back in the game.
CBS News recalled on Tuesday that FBI officials began talking about “intrusions” into research institutions last month, particularly those which have prominently identified themselves as working on coronavirus analysis or vaccines.
“The most valuable intellectual property in the world right now is to do with COVID vaccines, no question. Talking to people in the healthcare sector and the academic world, they do feel under siege at the moment,” Robert Hannigan, former director of the United Kingdom’s version of the NSA, told CBS.
Hannigan said that hackers are hitting just about everything related to coronavirus research, from university labs and government agencies to pharmaceutical companies and their suppliers – a job made easier for the hackers by the nationwide lockdown, which is forcing many employees of targeted companies and organizations to work remotely.
“Private cybersecurity firms and U.S. government agencies have observed that Russia, China, Iran and North Korea have all escalated cyber activity, as well as disinformation efforts related to the coronavirus,” CBS noted.