PRC Government Hacking: How It’s Done

In The Chinese Government is Accessing YOUR Network Through the Backdoor and There Still is NO Place to Hide, I explained how Chinese banks are requiring their account holders — including all foreign companies in China — to install malware which allows the Chinese government to see all account holder data. In China Malware: Sorry, Techno Geeks, There Still is no Place to Hide, I explained how, “in China, the government itself is the hacker and it will not allow any foreign or domestic technician to provide services that will defeat the hacker’s ultimate goals.”

In this post, the first of a two part series (part 2 will come out tomorrow), I explain the Chinese government’s hacking goals, how it does its hacking, and why it is virtually impossible for foreign companies to avoid being hacked by the Chinese government or to fight back against it.

A. The Chinese Government is the Hacker.

The basic goal of the PRC Comprehensive National Security (总体国家安全）concept in the network realm is for all network communication and information to be open and available to the Chinese government while blocked from access to parties outside the state. In keeping with this concept, the government seeks to ensure all network activity conducted within China is transparent to the state. This program is applied to all persons (individuals or entities) that operate within the borders of the PRC (and now Hong Kong and Macao). If you operate in China, you must assume all of your networked data and communications are subject to capture by the Chinese government. There is no longer any privileged status given to foreign invested companies or to foreign nationals; Once within the borders of the PRC, their treatment is the same as for domestic companies and Chinese nationals. Just as is true for any PRC citizen, there is no place to hide.

So how does the PRC government implement this program? The key point is that the Chinese government is the hacker. When the hacker is directly involved in creating and policing the Internet and the key agent for implementing cybersecurity, it is axiomatic there will be no protection from the network intrusion/data collection activities of that hacker. The hacker dictates how the system will work and it of course provides no protection against its own activities.

B. Aisino Corporation

This basic fact is illustrated by the Golden Spy/Golden Helper malware program discussed below. Trustwave reports that the Golden Spy software was written by Aisino Corporation: (Aerospace Information Joint Stock LLC. – 航天信息股份有限公司) Listed IT company specializing in information security. Their website states they are owned by the state company CASIC (China Aerospace Science & Industry Corporation Limited – 中国航天科工集团公司). See GoldenSpy Chapter 4: GoldenHelper Malware Embedded in Official Golden Tax Software.

CASIC is the PRC’s leading manufacturer of missiles and related aerospace devices. It sells missile systems to North Korea and it works closely with the Russian military. As a weapons provider, it is an SOE directly under the control of the PRC government and the CCP. That is, it is the government. Recently, as part of the PRC plan to promote indigenous development of network operations and cloud computing, CASIC entered into the commercial network business via Aisino, its subsidiary that had been active in payment processing and other accounting systems. Aisino’s drafting of the Golden Shield tax software and implementation of the related system is part of that process.

C. The Golden Spy/Golden Helper Malware

Aisino’s drafting the Golden Spy malware means the PRC government drafted this malware. Simply stated, the PRC government is the hacker and this hacker is shielded from any liability arising from its hacking activity. This is why Aisino employed a crude and easy to identify trojan horse system for this malware. It is at no risk of getting caught or getting punished or getting taken down.

Some have commented to us and to security professionals that such an obvious intrusion somehow shows the PRC government cannot be behind the malware program. ArsTechnica responded to this type of comment in clear terms:

Comment from reader: “Use of a trojan downloader is not subtle.”

Response from ArsTechnica: As for it being less subtle… malware like this isn’t subtle period by the standards you’re applying here, so that’s a bizarre argument. It’s also a bit odd that you think the Chinese government cares about subtlety when we’re talking about software that’s distributed by government mandate within their country. Like… what, are the Chinese authorities going to crack down on them?

So this is the situation in the PRC. As Arstechnica makes clear, when the malware or illicit gathering of data is done by the government itself, there is no remedy and no escape. The Chinese government and its related group of hackers do not need to be subtle or hide their tracks when they are operating within the borders of the PRC.

D. Part 2, Tomorrow

Tomorrow, in Part 2, I will explain how the Chinese nation-state hacker accomplishes its goals in the network sector by setting out the four basic ways the PRC government gains access to foreign company networks and company data.

We will be discussing the practical aspects of Chinese law and how it impacts business there. We will be telling you what works and what does not and what you as a businessperson can do to use the law to your advantage. Our aim is to assist businesses already in China or planning to go into China, not to break new ground in legal theory or policy.