Chinese hackers targeted Alaska firms, government after trade mission, say researchers

The attacks came in the weeks before and after Alaska Gov. Bill Walker traveled to China to promote trade, including a Chinese-backed Arctic gas line, the researchers said.

By Christopher Bing and Jack Stubbs, Reuters - August 16, 2018
An new report says Chinese hackers probed Alaska businesses and state government networks after a trade mission by Alaska Gov. Bill Walker in May. (Kacper Pempel / Reuters / illustration)

WASHINGTON/LONDON — Hackers operating from an elite Chinese university probed Alaska companies and government departments for espionage opportunities following a U.S. trade delegation visit to China earlier this year, security researchers told Reuters.

Cybersecurity firm Recorded Future said the group used computers at China’s Tsinghua University to target U.S. energy and communications companies, as well as the Alaska state government, in the weeks before and after Alaska’s trade mission to China. Led by Governor Bill Walker, representatives of companies and economic development agencies spent a week in China in May.

Organizations involved in the trade mission were subject to focused attention from Chinese hackers, underscoring the tensions around an escalating tit-for-tat trade war between Washington and Beijing.

A major Arctic gas pipeline in Alaska, set to be built with Chinese backing, is among the projects now in limbo as trade tensions escalate.

China was Alaska’s largest foreign trading partner in 2017, with over $1.32 billion in exports.

Chinese President Xi Jinping and Alaska Governor Bill Walker meet during Xi’s visit to Alaska in April 2017. Alaska has since pursued partnerships with China to build a natural gas pipeline and liquefaction plant to develop gas from the state’s Arctic region to supply markets in Asia. (Office of Alaska Gov. Bill Walker)

Recorded Future said in a report to be released later on Thursday that the websites of Alaska internet service providers and government offices were closely inspected in May by university computers searching for security flaws, which can be used by hackers to break into normally locked and confidential systems.

The Alaska government was again scanned for software vulnerabilities in June, just 24 hours after Walker said he would raise concerns in Washington about the economic damage caused by the U.S.-China trade dispute.

A Tsinghua University official, reached by telephone, said the allegations were false.

“This is baseless. I’ve never heard of this, so I have no way to give a response,” said the official, who declined to give his name.

Tsinghua University, known as “China’s MIT,” is closely connected to Tsinghua Holdings, a state-backed company focused on the development of various technologies, including artificial intelligence and robotics.

China’s Defense Ministry did not respond to a request for comment.

Recorded Future gave a copy of its report to U.S. law enforcement agencies. The FBI declined to comment.

It is unclear whether the targeted systems were compromised, but the highly focused, extensive and peculiar scanning activity indicates a “serious interest” in hacking them, said Priscilla Moriuchi, director of strategic threat development at Recorded Future and former head of the National Security Agency’s East Asia and Pacific cyber threats office.

“The spike in scanning activity at the conclusion of trade discussions on related topics indicates that the activity was likely an attempt to gain insight into the Alaskan perspective on the trip and strategic advantage in the post-visit negotiations,” Recorded Future said in the report.

The targeted organizations included Alaska Communications Systems Group Inc., Ensco Plc’s Atwood Oceanics, the Alaska Department of Natural Resources, the Alaska governor’s office and regional internet service provider TelAlaska.

Alaska Communications declined to comment.

A spokesperson for the Alaska Governor’s Office said “everyday, the State of Alaska, like most state governments, has anonymous activity on the perimeter of our networks that amounts to someone checking if the door is locked. The activity referenced here is not unique.”

The other targets did not respond to requests for comment.

U.S.-China trade tensions have escalated in recent months with both sides imposing a series of punitive tariffs and restrictions across multiple industries, and threatening more.

The economic conflict has also damaged cooperation in cyberspace following a 2015 agreement by Beijing and Washington to stop cyber-enabled industrial espionage, Moriuchi said.

“In the fall of 2015, cybersecurity cooperation was seen as a bright spot in the U.S.-China relationship,” she said.

“It was seen as a topic that the U.S. and China could actually have substantive discussions on. That’s not really the case anymore, especially with this trade war that both sides have vowed not to lose.”

Reporting by Christopher Bing in Washington and Jack Stubbs in London; Additional reporting by Gao Liangping and Ben Blanchard in Beijing.