BlackBerry Ltd. says researchers have discovered how China-backed hackers have been able to extract data from many servers around the world for a decade – largely unnoticed by cybersecurity.
He says the tactics give hackers the ability to extract information from huge amounts of valuable data from computers using the Linux operating system, which is used on most of the world’s web and cloud servers .
A 44-page report released by BlackBerry indicates that five separate groups with ties to the Chinese government have used certain tactics and methods to target Linux systems for a decade.
“We are not suggesting that this is something entirely new and entirely self-contained and undiscovered,” BlackBerry director Eric Cornelius said on Tuesday in a telephone interview.
But, he said, BlackBerry says the security industry has missed a major part of the tactics used by a well-known umbrella group of hackers called WINNIT, which the company says works with the Chinese government.
“As an industry, we’ve tended to focus too much on Windows devices because they represent the lion’s share of devices in the market,” said Cornelius.
“But the adversaries are determined and devoted and. . . they find every opportunity and, in this case, we called in some really new techniques that they used against Linux and even the Android operating system to achieve their goals. “
Cornelius said the purpose of these Chinese-supported hacking campaigns is to infiltrate or steal information that the United States claims is “billions of dollars” in intellectual property.
” Who knows? Unless you’re an intelligence agency, it’s impossible to prove that, ”said Cornelius. “It is impossible to quantify (the value). “
However, according to the BlackBerry report, Linux dominates the main infrastructure of large modern data centers.
“Linux runs the New York, London and Tokyo stock exchanges, and almost all of the big tech and e-commerce giants depend on it, including Google, Yahoo and Amazon,” he said.
As for the impact on Canadian governments and businesses, said Cornelius, he was unaware of any such claim, as it is not his area of expertise.
The federal government’s Canadian Center for Cybersecurity has stated in an email to the Canadian Press that it works with partners to monitor and manage potential threats, but does not comment on specific incidents.
The BlackBerry report says that one tactic is to disguise a pirate’s tools as adware, which is undesirable but is not considered a high priority.
Cornelius said the hacking group WINNIT was able to steal certificates proving the authenticity of a product and use the certificates to pretend to be adware rather than more serious reported attacker for immediate attention.
“A very, very good idea,” said Cornelius, chief product architect for BlackBerry, a position he previously held at Cylance before it was acquired by the company in Waterloo, Ontario.
Microsoft and Google, which make the Android operating system, did not immediately comment on the BlackBerry report.
This report from The Canadian Press was first published on April 7, 2020.