[The Library] Technological and Economic Ties between China and DPRK

in #osint7 years ago

[The Library] Technological and Economic Ties between China and DPRK


Private firms with government ties, illegal and shady business activities, and state-sanctioned espionage.

Summary: Firms with heavy ties to the Communist Party of China (CPC), Ministry of State Security (MSS), and People's Liberation Army have technological and economic ties to the Democratic People's Republic of Korea (DPRK). These ties are against international sanctions, and include companies that are allegedly involved in Computer Network Operations (CNO) and work together with the Chinese Intelligence Community (IC). End Summary.


China's economy has come a long way since their "Great Leap Forward", China's own cultural slaughterhouse. Whether it be intellectual property (IP) theft, manual meddling in their own economy, or by breaking international sanction laws, China seems determined to force their way into the world economy. IP theft and Communist economies are spooky enough, but when international sanctions are meant to break down human rights abusers and depose malevolent dictators, the latter is a terrifying method of pushing an economy along. This becomes even more threatening when China's method of propping up their economy is by doing business with the nuclear nation of North Korea.

North Korea is on the sanctions short list for a variety of reasons. Insistent nuclear tests that make the headlines up to twice a month are one of the biggest reasons, but human rights abuses, non-nuclear military provocations, and cyber attacks give the international community good reason to stick the Hermit Kingdom right next to Syria and Russia on the sanctions short list.

China taking heat for their relationship with the DPRK is nothing new. For a long time, they were just about the only trading partner North Korea had. Up to 80 percent or more of North Korea's foreign trade was with the PRC, but as NK ramped up their nuclear development program, China began to bow to the international pressure. China dropped out of their coal agreement with the Kim regime, later dropping critical ore trade, fishing agreements, and other economic ties. 

Almost immediately, or even long before sanctions began, the US picked up on trade deals underneath the table. Banks began siphoning money across the border, and it seemed China was using their state-sponsored but "privately owned" enterprises to pass money on under the UN's noses. Reports were released detailing boat loads of tech hardware crossing the river over to North Korea, as well as all-but confirmed reports that workers at the North Korean embassy were selling meth and other illicit drugs out of the back doors of their embassies.

Now, there could potentially be even more sinister ties between the two nations. North Korean cyber crime has been in the headlines for a while, whether it be the SWIFT bank attacks or the WannaCry ransomware. I recently wrote a post on an elite North Korean cyber espionage unit posted comfortably in a Chinese hotel. It is also no secret that North Korea's internet only exists because China allows it to run through their own state-sponsored ISP.

Now, though, there may be an almost direct tie between the North Korean government and Chinese state-sponsored hackers. I introduce to you Chinese mobile infrastructure giant HuaWei and shady Chinese security company BoyuSec.

Simple Mistakes, Huge Attribution

BoyuSec goes by many a name, specially thanks to IntrusionTruth, an anonymous research group that unveilled the true identity of BoyuSec... more infamously known as APT3. APT3/Gothic Panda/UPS Team/Buckeye/TG-0110 (I told you, many a name) had been on a hacking rampage, aimed at security, defense, and technology companies in the US, UK, and Hong Kong. IntrusionTruth investigated APT3's premier backdoor Pirpi, digging deep into the Command and Control (C&C) domains and the administrators that reserved them.

In the end, IntrusionTruth and Cybereason unveiled the actors behind the APT3 attacks were huge shareholders in a well-known Chinese security firm BoyuSec. This meant that either BoyuSec shareholders were moonlighting on the weekends as black hat hackers with targets aligned with the Chinese Communist Party (CCP), or BoyuSec at the very least had an elite hacking division working with the State.

In reality, BoyuSec is best seen as equivalent to a government contractor. The Chinese government enlists their help to secure their own networks, much like Lockheed Martin in the US. They are technically a private company, but enjoy significant government funding. Private company cyber actors give the government plausible deniability in cyber attacks, a tactic that MSS had employed before when gathering Human Intelligence (HUMINT). They're often ahead of the learning curve, as opposed to the government being ever behind due to the bureaucratic nature of government cyber entities.

The ties between the MSS and BoyuSec were clear, but it's the ties between HuaWei and BoyuSec that are more interesting in this context.


Business Billions and Shady Sanctioned Stipends


Chinese technology giant HuaWei is at the forefront of China's economic development. Boasting an impressive No. 2 spot in the world mobile technology market, HuaWei is developing bleeding edge mobile infrastructure backbone technology. They boast an incredible 23,000 plus patents in four years, and boast even more loudly about their foreign investments: 68 to 75% of HuaWei's total revenue comes from foreign investment, according to a top HuaWei executive.

According to a different kind of executive, this could be a big threat.

According to various intelligence agencies, HuaWei is using their impressive R&D budget (10% of their total revenue, a whopping 6% more than the national average) to backdoor the devices they're developing. These backdoors are potentially being used for espionage, and the NSA worries that they could be used for DDoS attacks. 

While HuaWei chairwoman Sun Yafang insists that the company is entirely privately funded, intelligence officials and government entities in the US, as well as Chinese internal reports allege otherwise. According to a report from a CIA backed Open Source Intelligence (OSINT) firm, BoyuSec received $228 million from the Chinese government, on top of a significant amount of startup money in their inception in 1987. This would be further explained when you consider Sun Yafang's service with the MSS and founder Ren Zhengfei's service in the military. Under normal circumstances, these former government and military ties would be boasted about, but any mention of their former CCP ties are noticeably absent from their Chinese biographies.

In leaked internal emails from intelligence contractor Stratfor, former intelligence officials and defense contractors say they have historically operated under the assumption that HuaWei was an entity of the MSS. Government entities blocking HuaWei from making buys and sells in the states would insinuate that politicians are taking this allegation seriously. 

With their clear ties to the government, the fact that HuaWei has close ties to BoyuSec puts the icing on the cake. It's almost an unimportant detail, but is just another connection between the so-called private company and the government. BoyuSec is apparently the firm HuaWei contracts security audits to, but intelligence entities insist the ties are deeper.

If the BoyuSec ties are the icing, HuaWei's sanctions are the bulldozer running the whole cake over. If HuaWei's ties to a nation-state backed Advanced Persistent Threat weren't bad enough, HuaWei is under investigation for doing business with North Korea.

With the takedown of ZTE, a smaller competitor of HuaWei, for doing business with NK and other sanctioned countries, an internal memo was published alleging a second firm's involvement with countries on the short list. "F7" as the report named them carried a very similar description as HuaWei. The mysterious company in the memo had business dealings with the same companies, at the same time, as HuaWei, and were getting blocked from entering the US markets like HuaWei was. This report alleges that the company had hired a legal team to deal with sanctions compliance issues. If this mysterious company is in fact the internet giant HuaWei, they very well could be doing business with the North Koreans, on behalf of the Chinese government.

Bureau 121 is a much more concrete connection between the DPRK and the CCP. It is well-known and under very careful watch. If internet giant HuaWei is doing business in the Hermit Kingdom, though, this means China is circumventing current economic sanctions in a big way. HuaWei does business in the billions, and sits on a stockpile of high-tech patents that could give the Kim regime a huge boost in research and development. Financial help from the CCP could be going straight to the North Korean missile program, all being funneled through a private company. BoyuSec could provide a boost in black hat cyber operators, giving NK a boost in manpower and training expertise.

Using private companies to circumvent sanctions is par for the course for China, but doing so through such a large company could indicate that the circumvention is larger than previously thought. This is a huge threat, and should be dealt with with heavy hands if China really is going around the black list.

Sources: 


[1]  https://www.cybereason.com/blog-blurring-the-lines-between-nation-state-and-for-profit/ 

[2] https://www.justice.gov/opa/pr/chinese-national-pleads-guilty-conspiring-hack-us-defense-contractors-systems-steal-sensitive 

[3] https://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong

[4] https://intrusiontruth.wordpress.com

[5] https://www.recordedfuture.com/chinese-mss-behind-apt3/

[6] http://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/

[7] http://www.huawei.com/cn/executives/board-of-directors/sun-yafang

[8] https://baike.baidu.com/item/%E5%AD%99%E4%BA%9A%E8%8A%B3/3082650?fr=aladdin

[9] https://www.strategyand.pwc.com/global/home/what-we-think/innovation1000/rd-intensity-vs-spend-2014

[10] https://www.nytimes.com/2017/03/07/technology/zte-china-fine.html

[11] https://www.nytimes.com/2016/03/19/technology/zte-document-raises-questions-about-huawei-and-sanctions.html http://www.scmp.com/news/china/diplomacy-defence/article/2099087/us-pressure-china-north-korea-threat-sanctions  

Sort:  

@stevescoins you ask for my return, I have returned. ;)

I'm not a bot either 010101111101000111011010100010011110100100100100100101001

Bahaha thank you as always Steve!

Wow! This is breathtaking. Well researched and well laid out, highly classified security information.

I always enjoy a good read like this... Investigative reporting at its best!

I already hit the follow button, i want more of these stories, conspiracy theories, classified info... The whole works. Well done!

please accept this gift

Enjoyed reading, thanks my friend.
Peace.

Don't spam my page anymore m8. Turn the bot off.

Don't insult my, I'm a human being.
Passed the turing test

Like I said, don't spam my page. You changed your comment to look more human and it still looks botlike. Turn it off or get it off my page.

Don;'t have intention to piss you off, I'm human loving AI :)