Hackers provide a series of services with various prices.
To visit the internal website of Vietnam's traffic police, a local government in southwestern China spent 100,000 yuan.Software for helping customers carry out false information campaigns and invading other people's accounts on X is 700,000 yuan.Chinese customers spend 2 million yuan to get a large amount of personal information behind social media platforms such as Telegram and Facebook.
These contents from the leakage document of a Chinese security company called Anxun Information are part of the hacker tools and cache data sold by the company.There are hundreds of similar companies in China. They support the aggressive hackers funded by the Chinese government. The goals of hackers include websites that invade foreign governments and telecommunications companies.
These documents were placed on a public website last week and disclosed an eight -year effort. The efforts should be designed to attack and obtain databases in South Korea, Taiwan, Hong Kong, Malaysia, India, and other parts of Asia, Eavesdropping communication.These documents also show a operation that closely monitor Chinese ethnic minorities and online gambling companies.
File contents include obviously the communication records between employees, the list of attack targets, and the introduction material of the network attack tools.The three network security experts interviewed by the Times said that these documents look real.
Combining these documents, it is rare to get a glimpse of the hidden activities of recruiting hackers supported by the Chinese government.It can be seen that China's law enforcement agencies and major spy agencies, the Ministry of National Security, have used the talents of the external private sector in the hacking movement.U.S. officials said the goal of the hacker movement includes American companies and government agencies.
"We have a reason to believe that this is the real data of the contractor that supports the global and domestic cyber spy activities," John Holtquist, chief analyst of Google's Mandidon Intelligence Centerexplain.
Holtquist said that the leaked documents showed that An Yan was working for the Chinese government entity that supported the Chinese government, including the Ministry of National Security, the Chinese People's Liberation Army and the Armed Police.Sometimes, employees of this company focus on overseas goals.In other circumstances, they help China ’s fearless Ministry of Public Security monitor Chinese citizens at home and abroad.
He also said, "They are part of the contractor's ecosystem related to the Chinese Putian hacker circle. This kind of activity has been developed 20 years ago and has been legalized later." He refers to nationalist hackersAppearances, these hackers have formed a small workshop industry.
An Yan did not reply to questions about the leak document sent by email.
From these exposed documents, we can see how much China ignores or avoids the efforts of the United States and other countries to restrict its extensive hackers.While the document leaks, U.S. officials are issuing a warning that China has not only strengthened relevant efforts, but also shifted from simple espionage to implant malicious code in software involving key infrastructure in the United States.The Taiwan Strait conflict is prepared.
The Chinese government's use of private contractors for hacking is used to learn from Iran and Russia. These two countries have been using non -governmental entities to attack business and official goals for many years.Although it may be more effective to carry out spy activities for the country, it turns out that this approach is also more difficult to control.Some Chinese contractors even work for Chinese spy agencies while using malware to extort the ransom of private companies.
To a certain extent, this transformation originated from the decision of Xi Jinping, the highest leader of China, to enhance the status of the Ministry of National Security to allow them to participate in more hackers. In the past, these activities were mainly implemented by the Chinese People's Liberation Army.Although the Ministry of National Security emphasizes the absolute loyalty to Xi Jinping and the CCP's rule, its hacking and espionage activities are often initiated and controlled by the provincial national security department.
Sometimes these provincial departments will change to outsourcing hacking to institutions aimed at profitability, and occasionally this will lead to spy activities that are indifferent.Essence
Some government departments are still engaged in senior hackers issued by the upper levels, such as implanting code in the core infrastructure of the United States.However, the total number of hacking attacks from China has surged, and the target scope has become wider, including information about the Ebola vaccine and driverless car technology.
This has spawned an emerging industry composed of contractors like Anxuan.This company's headquarters is located in Shanghai and has an office in Chengdu. Although it is part of the mysterious world of Chinese cyber spy activities, it is not difficult to see many relatively new hackers in China on the unprofessional attitude of invasion behaviors.EssenceThe leaked files show that Anxuan sometimes does not allow its sales services and data to be available.For example, its internal communication shows that the software that spread false information on X is "under maintenance" -s, although the price is 700,000 yuan.
Through this batch of disclosure documents, you can also see the daily busy and struggle of a hacker contractor with the spirit of entrepreneurship in China.Like many opponents, An Yan organized a network security competition to recruit new employees.An electronic watch shows that Anxi's sales target is not a central institution, but has to go to various cities to sell to local police and other agencies.This means advertising and selling for its products.In a letter to officials in western China, An Yan boasted that he could help counter -terrorism law enforcement because it had invaded Pakistan's counter -terrorism department.
The leaked files include the propaganda materials of Anxian hacker technology, which describes instances of information such as invasion of Outlook email accounts and information such as address book and geographical location data from Apple iPhone.There seems to be a large number of flights from Vietnamese airlines in a document, including passenger ID numbers, occupations and destinations.
The Vietnamese Ministry of Foreign Affairs did not immediately reply to the review request sent by email.
At the same time, An Yan said that it has developed technology that can meet the domestic needs of Chinese police, including software that can monitor public emotions on Chinese social media.Another tool for the account on the X on the X can extract the email address, phone number and other identified identification information related to the user account, and help in some cases to invade these accounts.
In recent years, Chinese law enforcers have found ways to find out the identity of activists and government critics who posted in X through anonymous accounts at home and abroad.Then, they often threaten users of the X platform, forcing them to delete the authorities that the authorities think of sharp criticism or inappropriate.
Mao Ning, a spokesman for the Chinese Ministry of Foreign Affairs, said at a regular press conference on Thursday that she did not understand the data leakage of Anxuan."As a principle, China resolutely oppose and combat various forms of network attacks in accordance with the law," Mao Ning said.
X did not reply to the evaluation request.A spokesman for the South Korean government expressed irrefutation.
Although the leak involving only one of many Chinese hackers, experts said that the leaky large amount of data can help foreign institutions and companies resist Chinese attacks.
"This is the most important data leakage incident, which is related to a company suspected of providing network spy services for Chinese security departments and conducting targeted sexual assault." Network Security Company Recorded Future is responsible for strategic and continuous threats, Jonathan KantPrades.
The goal of hackers invasion includes a large database of a Taiwan Highway Network.Taiwan is an island of democratic autonomy. China has long claimed that it has sovereignty and threatened to invade Taiwan.thisThere are 459GB from the database from the map in 2021. Experts said that it is not difficult to see the military purpose of collecting information like a company like An Yan.The Chinese government has long regarded China's driving navigation data as sensitive data for a long time, and has strict restrictions on who can collect these data.
"Clarify the terrain of the road, and it is critical to the military planning of the armored forces and infantry to occupy the population center and military base on the island," said network security expert Dmitry Alfrovich.
The leaked information also includes internal email services or internal network access by multiple Southeast Asian national government departments (including the Malaysia Foreign Ministry and the Ministry of Defense, and Thai national intelligence agencies).According to the leaked documents, the inbound data from India cover the flight and visa information of passengers at home and abroad, and these data can also be purchased.
In addition, An Yan also claims to access the data of private companies, such as telecommunications companies in Kazakhstan, Mongolia, Myanmar, Vietnam and Hong Kong.
The exposure of Chinese hackers may confirm the concerns of Washington's decision makers, and US officials have issued serious warnings on such hackers many times.Last weekend, in Munich, the Federal Investigation Administration Director Christopher Lei said that China ’s hacking operations against the United States are“ larger than we have seen before ”. He listed this hacking action as one of the major national security threats in the United States.
He is one of the first senior officials who have publicly talked about "Typhoon Volt"."Typhoon Volt" is the name of a Chinese hacker network that has implanted the code into the key infrastructure of the United States, which has aroused concerns from the various departments of the US government.Intelligence officials believe that the implantation code aims to convey a message: China can interrupt the US power supply, water supply or communication at any time.
Some implanted codes are found near the US military bases that are maintained by civilian infrastructure, especially those who may participate in China that may participate in China to attack Taiwan with a rapid response.
Thunder's conclusion is, "This is just the corner of the iceberg."
David E. Sanger and Chris Buckley contributed to this article.
Paul Mozur is a Times Global Science and Technology reporter and is resident in Taipei.Earlier, he reported cross -topic of Asian technology and politics from Hong Kong, Shanghai and Seoul.Click to view more information about him.
Keith Bradsher is the president of the New York Times Beijing Branch. He had previously served as the president of the Shanghai Branch, the president of the Hong Kong Branch, the president of the Detroit Branch, and a Washington reporter.He reported in China during the new crown epidemic.Click to view more information about him.
John Liu reports China and Science and Technology News, which focuses on the interaction between politics and technology supply chains.He stayed in Seoul.Click to view more information about him.
Translation: New York Times Chinese website