The Guardian-China hacking threatens US infrastructure FBI director warns as Volt Typhoon botnet foiled
February 1, 2024 4 min 724 words
这篇报道揭示了中方黑客威胁对美国基础设施的潜在危害,FBI主任克里斯托弗·雷发出了强烈警告。他指出,中方黑客组织“电压台风”已经渗透美国的小型办公和家用路由器,试图在潜在的中美战争中对美国基础设施实施网络攻击。这一威胁对每个美国人都有实质性影响,但公众对此关注仍然不足。报道还指出了这次行动成功打击了部分“电压台风”活动,但也强调了黑客组织善于适应和寻找新入侵途径的困难。 雷主任和国土安全部网络安全与基础设施安全署主任珍·伊斯特利在听证会上强调了这一潜在威胁可能对美国社会生活带来的广泛破坏,包括对水处理厂、电力网络和交通系统的威胁。值得关注的是,中美两国官员会面以制止类似攻击。这个故事突显了网络安全在现代社会中的关键性,也强调了防范这些威胁的紧迫性。
US officials say they have disrupted a state-backed Chinese effort to plant malware that could damage civilian infrastructure, as the head of the FBI warned that Beijing was positioning itself to disrupt daily life in America were the US and China ever to go to war.
The operation disrupted a botnet of hundreds of small office and home routers based in the US that were owned by private citizens and companies that had been hijacked by the Chinese hackers to cover their tracks as they sowed malware.
Their ultimate targets included water treatment plants, the electrical grid and transportation systems across the US, official said on Wednesday.
The comments align with assessments from outside cybersecurity firms including Microsoft, which said in May that state-backed Chinese hackers had been targeting US critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the US and Asia during future crises.
At least a portion of that operation, attributed to a group of hackers known as Volt Typhoon, has been disrupted after FBI and justice department officials obtained search-and-seizure orders in Houston federal court in December. US officials did not characterise the disruption’s impact, and court documents unsealed on Wednesday say the disrupted botnet was just “one form of infrastructure used by Volt Typhoon to obfuscate their activity”. The hackers have infiltrated targets through multiple avenues, including cloud and internet providers, disguised within normal traffic.
The FBI director, Chris Wray, told the House select committee on the Chinese Communist party that there had been far too little public focus on a cyber threat that affects “every American”.
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray said.
Jen Easterly, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, voiced a similar sentiment at the hearing.
“This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes – all to ensure that they can incite societal panic and chaos and to deter our ability [to marshal a sufficient response],” she said.
The US has in the past few years become more aggressive in trying to disrupt and dismantle both criminal and state-backed cyber operations, with Wray warning on Wednesday that Beijing-backed hackers aimed to pilfer business secrets to advance the Chinese economy and steal personal information for foreign influence campaigns.
“They are doing all those things. They all feed up ultimately into their goal to supplant the US as the world’s greatest superpower,” he said.
Complicating the threat is that state-backed hackers, especially Chinese and Russian, are good at adapting and finding new intrusion methods and avenues.
US officials have long been concerned about such hackers hiding in US-based infrastructure, and the outdated Cisco and NetGear routers exploited by Volt Typhoon were easy prey because they were no longer supported by their manufacturers with security updates. Because of the urgency, law enforcement officials said, US cyber operators deleted the malware in those routers without notifying their owners directly – and added code to prevent reinfection.
“The truth is that Chinese cyber actors have taken advantage of very basic flaws in our technology,” Easterly said. “We’ve made it easy on them.”
On Wednesday, US officials said allies were also affected by Volt Typhoon’s critical infrastructure hacking but, asked by reporters, would not discuss any countermeasures they might be taking.
China has repeatedly denounced the US government’s hacking allegations as baseless. Beijing has accused the US of “almost daily” intrusions against the Chinese government, with Wang Wenbin, a spokesman for the Chinese foreign ministry, saying last year “China is the biggest victim of cyber-attacks”.
But Gen Paul Nakasone, the outgoing commander of US Cyber Command and the National Security Agency, said “responsible cyber actors” did not target civilian infrastructure.
“There’s no reason for them to be in our water,” Nakasone said. “There’s no reason for them to be in our power.”