Microsoft's report keeps it in the family
In a statement issued on Wednesday, the US company Microsoft claimed a Chinese government hacking group has acquired a significant foothold inside critical infrastructure environments throughout the US and Guam and is stealing network credentials and sensitive data while remaining largely undetectable.
The company alleges that the group to which it has given the name "Volt Typhoon" is pursuing the development of capabilities that could "disrupt critical communications infrastructure between the United States and the Asian region during future crises".
Although Microsoft's network security threat monitoring technology is no doubt world-class, the murky relations between such US internet giants and the US government, as exposed by the US whistle-blower Edward Snowden, makes such readouts nothing more than political propaganda.
Almost at the same time, the US National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency and their counterparts in Australia, New Zealand, Canada and the United Kingdom published a joint advisory sharing technical details on "the recently discovered cluster of activity".
The seamless connections among these security agencies mean they can all weigh in on the claims to give them a semblance of credibility.
Given the universality of hacking activities today that are organized, implemented and funded by various parties for different purposes, they are not difficult to be spotted. Yet the challenge is how to find the real sponsors of these cyberattacks.
That's why the US government feels no qualms about running the largest hackers' empire in the world, as Snowden revealed. Were it not for the disclosure of the former employee and subcontractor of the NSA, it would have been almost impossible for the other countries to have acquired hard evidence to prove the numerous global surveillance programs sponsored by Washington.
US internet companies, media organizations and government departments, such as the NSA, and the Five Eyes intelligence alliance are the foursome on the stage to make the show complete. They have different roles to play in the process. This time, after Microsoft fired the first shot, the chief analyst at Google's Mandiant cybersecurity intelligence operation told the US media that Microsoft's announcement is "potentially a really important finding".
However, no matter how many technical details the chorus has provided, the choir has stopped short of explaining on what grounds it has determined the hacker group is "state-sponsored" by China.
The moniker "Volt Typhoon" that Microsoft gave the group is according to its own "taxonomy". It gives the hackings it discovers family names — Typhoon, Blizzard, Sleet and Sandstorm for Beijing, Moscow, Pyongyang and Teheran — along with modifiers according to what it thinks are their purposes and degrees. The point is the company, which tasks itself "to empower every person and every organization on the planet to achieve more" and regularly issues independent reports warning the world against cybersecurity threats, only targets these few countries, and does not even bother to give a family name to the huge numbers of US-sponsored hackings.
Such reports on "family activities" are extremely fishy: red herrings that stink to high heaven.