Chinese spyware code copied from US NSA: investigators By Reuters


2/2 © Reuters. FILE PHOTO: Illustration of a computer code on a screen over a Chinese flag 2/2

By Raphael Satter WASHINGTON (Reuters) – Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations, Israeli researchers said on Monday, another indication of how malicious software developed by the Governments can affect their creators. Tel Aviv-based Check Point Software Technologies (NASDAQ 🙂 issued a report noting that some characteristics of a China-linked malware it calls “Jian” were so similar that they could only have been stolen from some of the breakdowns. from the National Security Agency. in tools leaked online in 2017. Yaniv Balmas, Checkpoint’s head of research, called Jian “a kind of knockoff, a Chinese replica. The finding comes as some experts argue that American spies should spend more energy correcting flaws they find in software rather than developing and deploying malicious software to exploit it. The NSA declined to comment. The Chinese embassy in Washington did not respond to requests for comment. A person familiar with the matter said Lockheed Martin Corp (NYSE :), which is credited with identifying the vulnerability exploited by Jian in 2017, discovered it on the network of an unidentified third party. In a statement, Lockheed said it “routinely evaluates third-party software and technologies to identify vulnerabilities.” Countries around the world develop malware that breaks into rivals’ devices by exploiting flaws in the software that runs them. Each time spies discover a new flaw, they must decide whether to quietly exploit it or fix the problem to thwart rivals and rogues. That dilemma came to the public’s attention between 2016 and 2017, when a mysterious group calling itself “Shadow Brokers” posted some of the most dangerous NSA code on the internet, allowing cybercriminals and rival nations to add tools of digital intrusion manufactured in the United States for its own arsenals. It is unclear how the Jian malware analyzed by Checkpoint was used. In a notice published in 2017, Microsoft Corp (NASDAQ 🙂 suggested it was linked to a Chinese entity it calls “Zirconium,” which was accused last year of targeting US organizations and individuals related to the elections, including associated individuals. with the campaign of President Joe Biden. . Checkpoint says that Jian appears to have been created in 2014, at least two years before the Shadow Brokers made their public debut. That, coupled with research published in 2019 by Broadcom (NASDAQ 🙂 Inc-owned cybersecurity firm Symantec (NASDAQ 🙂 into a similar incident, suggests that the NSA has repeatedly lost control of its own malware throughout. of the years. The Checkpoint investigation is thorough and “appears legitimate,” said Costin Raiu, a researcher at the Moscow-based antivirus firm Kaspersky Lab, which has helped analyze some of the NSA’s malware. Balmas said a possible conclusion from his company’s report was that spymasters were weighing whether to keep software flaws secret to think twice about using a vulnerability for their own purposes. “Perhaps it is more important to fix this and save the world,” Balmas said. “It could be used against you.”

Disclaimer: Fusion Media wishes to remind you that the data contained on this website is not necessarily accurate or in real time. All CFDs (stocks, indices, futures) and Forex prices are not provided by exchanges but by market makers, so the prices may not be accurate and may differ from the actual market price, which means that prices are indicative and are not appropriate for commercial purposes. Therefore, Fusion Media assumes no responsibility for any business losses you may incur as a result of the use of this data. Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on information, including data, quotes, charts, and buy / sell signals contained on this website. Be fully informed about the risks and costs associated with trading financial markets, it is one of the riskiest investment forms possible.