The campaign’s success is a dramatic illustration of the danger that software errors pose, even years after they are discovered and made public. Zero-day attacks – hacks that exploit previously unknown vulnerabilities – impress and demand attention. But known flaws remain powerful because networks and devices are difficult to update and secure with limited resources, staff, and money.
Rob Joyce, a senior National Security Agency official, explained that the advice was intended to provide step-by-step instructions on how to find and remove the hackers. “To kick [the Chinese hackers] out, we need to understand the craft and detect them beyond just the first access,” he tweeted†
Joyce echoed the advice, which instructed telcos to implement basic cybersecurity practices such as keeping key systems up-to-date, enabling multi-factor authentication and reducing internal networks’ exposure to the Internet.
According to the advisory, Chinese espionage usually started with the hackers using open-source scanning tools such as RouterSploit and RouterScan to examine the target networks and learn the brands, models, versions and known vulnerabilities of the routers and network devices.
With that knowledge, the hackers were able to use old but unfixed vulnerabilities to access the network and from there break into the servers that provided authentication and identification for targeted organizations. They stole usernames and passwords, reconfigured routers, and successfully exfiltrated and copied network traffic to their own machines. With these tactics, they were able to spy on almost everything that happened within the organizations.
The hackers then turned around and deleted log files on every computer they touched in an effort to destroy evidence of the attack. US officials have not explained how they eventually discovered the hacks, despite the attackers’ attempts to cover their tracks.
The Americans also did not omit details about exactly which hacking groups they are accusing, as well as any evidence they have indicating that the Chinese government is responsible.
The advice is yet another alarm the United States has raised about China. FBI Deputy Director Paul Abbate said in a recent speech that China carries out “more cyber attacks than all other countries in the world combined”. The Chinese government routinely denies participating in hacking campaigns against other countries. The Chinese embassy in Washington, DC did not respond to a request for comment.