Main Article

Chinese authorities have pledged to “publicly disclose a highly secretive global reconnaissance system” operated by the U.S. government following an investigation into the alleged hacking of earthquake monitoring equipment in Wuhan.

The claim marks the latest of a series of attempts by the People’s Republic of China to highlight Washington’s intelligence-gathering efforts in response to criticisms of Beijing’s activities, which, according to the U.S., are often conducted in breach of international law by targeting commercial rather than national security material.

The Global Times, China’s state-controlled English-language newspaper, reported Monday that the disclosure would be made as a result of progress in a joint investigation by China's National Computer Virus Emergency Response Center (CVERC) and the internet security company Qihoo 360 into alleged espionage targeting seismic intensity data.

It quoted Xiao Xinguang, a member of a crucial advisory body to the Chinese Communist Party and the chief software architect at anti-virus company Antiy Labs, saying the seismological data had “significant intelligence value for judging geological terrain, analyzing weapons system tests, and nuclear tests.”

Violation of international law?

Du Zhenhua, a senior engineer from the CVERC, claimed that the “US military intelligence agencies' use of their information technology advantage to launch cyberattacks on civilian infrastructure is a criminal act in clear violation of international law, seriously infringing on China's national security and public interest.”

Du warned that if damage had been caused to the monitoring system, it could have impacted early warning and disaster assessment efforts in the case of an earthquake, potentially “leading to more severe loss of life and property.”

“Even more dangerous is that if the attackers tamper with the earthquake monitoring data, triggering false alarms, it could lead to social panic and disorder, resulting in casualties among innocent people," he added.

It is not clear whether there were any such attempts to cause damage. Recorded Future News previously asked the CVERC whether it had observed any attempts to interfere with the integrity of the seismological data, or if the malware was capable of doing so. Despite an initial interest in receiving our questions, a spokesperson subsequently declined to comment.

The claims by Chinese officials that the data was of legitimate intelligence value and that the computer network exploitation was a violation of international law appear to be inconsistent. Typically, espionage is not considered to be a violation of international law, though there is some ambiguity around the interpretation of the UN Charter on the matter.

The United States explicitly considers espionage a legitimate part of statecraft. It avows the existence of its intelligence agencies and has legislation governing their operations domestically and abroad.

China has been accused of foreign intelligence activities, but Beijing does not publicly avow these. China has also been criticized in the West for what are perceived to be the overly-broad powers afforded to its security apparatus under its laws.

‘It’s espionage. It’s what nation-states do.’

The Global Times’ report on the earthquake monitoring equipment hack was published shortly after Microsoft announced a threat actor based in China known as Storm-0558 had exploited a bug in its cloud email service to spy on government agencies in the U.S. and Western Europe.

Unlike alleged incidents in which state-sponsored Chinese hacking groups have targeted commercial companies to steal intellectual property, or have left exposed web shells on victim servers in what was described as a “reckless” breach of U.N. cyber norms, the Storm-0558 incident did not prompt the U.S. to accuse China of breaking international law.

Rob Joyce, the NSA's director of cybersecurity, told the Aspen Security Forum that the hack was “China doing espionage” adding: “It is what nation-states do. We have to defend against it, we need to push back against it. But that is something that happens.”

Last September, China denounced the U.S. Embassy in Beijing following a joint report from two of the country’s most prominent cyber authorities accusing the NSA of stealing “sensitive information” from Chinese institutions.

The Northwestern Polytechnical University, which the NSA was accused of targeting, is considered to be “a Chinese military university that is heavily involved in military research,” according to the U.S. Department of Justice — and thus likely to be seen as a legitimate target for espionage under international law.

Global reconnaissance system

Xiao told the Global Times that “by leveraging its global comprehensive reconnaissance ability, along with various means of intrusion, theft, and other comprehensive measures to obtain all kinds of telemetry data, and combining other multi-source auxiliary data, [the U.S.] forms the ability to analyze, judge, attribute, and locate China's economic, social operations, and even military actions.”

It is not clear that this reconnaissance ability involves, nor did Xiao state when the Chinese authorities would attempt to publicize it. Through the Global Times, officials in the country have made several allegations about U.S. intelligence collection activities in recent years, but these often seem dependent upon material that is already in the public domain.

Reports often cite public-domain material leaked by Edward Snowden, the Shadow Brokers, and WikiLeaks — with a reference to the ECHELON system appearing in Monday’s report.

However they appear without the kinds of details often included in U.S. Department of Justice indictments, nor do they provide indicators of compromise (IoCs) or other technical intelligence used when the Western cybersecurity community attributes similar incidents to China and attempts to inform defenders about how to protect their networks.