The first codes that were developed by the National Security Agency of the United States to be used in the country’s hacking operations were used by Chinese spies, claimed Israeli researchers said on Monday.
If this claim is true, it would show how malicious software developed by agencies working for governments of countries can ultimately be used against the creator country.
According to a report published by Tel Aviv-based Check Point Software Technologies, its researchers found that some of the features in a piece of China-linked malware that it calls “Jian” were very similar and such a similarity could only be possible if they had been stolen from some of the National Security Agency break-in tools that were leaked to the internet in 2017.
Jian was described as a “kind of a copycat, a Chinese replica” by Yaniv Balmas, Checkpoint’s head of research.
There have been multiple calls and arguments by some experts to the US agencies to invest more time and energy to fix the flaws they find in software and not focus on development of and deploying malicious software to exploit it.
No comment on the report was available from the NSA. There was also no comment from the Chinese Embassy in Washington.
This discovery was made on the network of an unidentified third party by Lockheed Martin Corp – which has been given the credit of having identified the vulnerability exploited by Jian in 2017, said reports quoting a source with knowledge of the matter.
It “routinely evaluates third-party software and technologies to identify vulnerabilities”, said Lockheed in a statement.
The flaws in the software that runs the devices of rival countries are exploited by nations around the world by developing malware to break into the devices. It is up to the spies to decide whether to quietly exploit any new flaws that they find, every time the discover one, or to get the flaw fixed so to prevent rivals and rogues to take advantage of it.
Between 2016 and 2017, this apparent dilemma came out into the public arena after a mysterious group, which is now known as the “Shadow Brokers”, made public some of the most dangerous code of NSA on the internet. That allowed other hackers and cyber criminals and rival countries of the US to add the American-made digital break-in tools in their own cache of hacking codes and tools.
The manner in which the Jian malware which was investigated by Checkpoint, was used is yet unclear.
It was linked to a Chinese entity it dubs “Zirconium”, Microsoft Corp had suggested in an advisory published in 2017. “Zirconium” was accused of running hacking campaigns against organizations and individuals related to the US elections last year. Many of those targeted were linked to the campaign of US President Joe Biden.
Costin Raiu, a researcher with Moscow-based antivirus firm Kaspersky Lab, said that the research done by Checkpoint is thorough and “looks legit”.
(Adapted from Reuters.com)