China has an insatiable thirst for global power. With a government that works overtime to control the narrative and an immense secrecy surrounding the incarceration of those who express consent, it goes without saying that China’s insidious motives are something to be feared. In a show of power, Chinese hackers exerted that power over millions of American citizens by hacking a significant number of widely utilized companies – and hacking households directly.
Who Was Hacked
Hundreds of companies that operate in the United States and abroad were impacted in an attack by the notorious government backed Chinese hacker group known as APT10. Among the list of hacked companies are numerous major cloud computing service providers, giants such as Hewlett Packard, American Airlines, GlaxoSmithKline, Philips, and DeutscheBank were hit.
The hacks weren’t discovered until it was far too late. Digital forensics have uncovered troubling information: many of these companies were continually infiltrated for years without being any wiser. These hacks are being recognized as an act of corporate espionage, as the intention of the hacks appeared to be theft of intellectual property, sensitive data, and user information.
APT10 is also responsible for hacks that directly affected the United States government. While the Department of Justice has been alarmingly quiet on the matter, they have admitted that private records for over 100,000 United States Navy servicepeople were acquired by APT10.
The Department of Homeland Security claims that they were aware that several major networks may have been compromised, particularly the cloud computing service providers. Investigators warned service providers and attempted to push them to comply with an investigation, and the service providers shrugged them off. DHS claims that the companies knew, but preferred to keep the hack a secret to their clients. Officials are working to create legislation that would force compromised companies to comply with investigations, as they could be imperative to preserving national security.
How They Did It
APT10 has used a wide variety of methods for hacking companies and private citizens. Often, simple email phishing scams were enough to get high ranking members of a company to simply hand their passwords to the hacking group without a second thought. In other cases, they accessed lower level employees’ account information and hacked their way to the top once they gained access to the network.
What They’re Doing With The Information
It isn’t overwhelmingly apparent in many cases what APT10 intends to do with some of the information they’ve stolen. Some of the intellectual property, especially the information pertaining to new technologies, products, or services in development, may be sold or passed on to Chinese companies that want to innovate without doing any real research.
There has also been speculation that advance notice of upcoming projects may inspire Chinese developers to grab up land or important real estate that American companies may need with the intention of selling it back to them at a much higher price in the future.
Have They Been Apprehended?
United States investigators believe at least several members of APT10 may be directly involved with the Chinese government, perhaps even acting as officials. Regardless, the trail always seems to lead from the hacker group to the government’s hands. At this time, no arrests have been made relating to the APT10 hacks and it is unlikely that any of the attacks were executed from American soil. The Chinese government has a long history of denying their involvement in attacks they have orchestrated or directly benefitted from. It is highly unlikely that the Chinese government will willingly hold any members of APT10 to account.
China’s Troubling Relationship With Surveillance
While millions of Americans may be shocked to learn what the Chinese government is capable of, over 1 billion Chinese citizens are unlikely to share in that surprise. China has created a highly structured surveillance state for its people, banning them from the global internet and forcing them to acquire special permits to utilize heavily monitored intranet services.
China also happens to be the world’s leading manufacturer in surveillance technology, branding the tech as automated policing. There are facial recognition cameras all over the country, including in public restrooms. These cameras identify individuals by correlating them to their national identification cards or drivers licenses and report their behavior to law enforcement.
Chinese surveillance technology manufacturers have offered governments in other countries soft loans with lax terms to purchase and adopt their surveillance technology. Nearly one hundred governments have jumped on board, installing the Chinese made cameras in heavily populated areas. With China’s propensity for hacking American companies in an attempt to surveil its citizens and steal intellectual property from its corporation, it is a troublesome thought that so many of their devices exist in places where they can easily obtain a wealth of information about us.
Problematic Brands From China
Aside from hacking and surveillance devices, China has another powerful foot in the door that may allow them to continue to spy on Americans. Chinese made electronics and smart devices, particularly those manufactured by the brand Huawei, are under intense scrutiny. Huawei, the same company that manufactures the aforementioned surveillance cameras, sells smartphones in the American market.
Purchasing any smart device manufactured in China is a liability at this point in time. If you currently own any smart devices manufactured by a Chinese company, you would be wise to wipe those devices and replace them with an alternative device manufactured elsewhere.
Protecting Your Home from Chinese Hackers
Any internet connected device you have can potentially be hacked. Devices like Amazon Ring doorbells and Smart Home hubs have routinely been hacked by both security researchers and actual hackers. If you’re currently utilizing internet of things devices in your home, you need to secure them to maintain your privacy.
Every smart home device should utilize a highly complex password and 2factor login protection if available. Lengthy passwords, particularly case sensitive passwords with combinations of letters, numbers, and symbols, are the hardest to crack. Setting up secondary VPN WiFi networks to run each connected IoT device will eliminate a single point of failure. VPNs are crucial for internet privacy, and without them, it can be nearly impossible to stay completely safe.
We recommend using TorGuard VPN on a PrivateRouter VPN router to secure every device in your home. One small mistake can leave you completely vulnerable to an attacker. As these attacks continue to escalate, there’s no such thing as being too cautious.