Chinese spyware code was copied from NSA: researchers

WASHINGTON – Chinese spies used code first developed by the US National Security Agency to support their hacking operations, Israeli researchers said on Monday, another indication of how malicious software developed by governments can boomerang against their creators.

Tel Aviv-based Check Point Software Technologies issued a report noting that some features in a piece of China-linked malware it dubs “Jian” were so similar they could only have been stolen from some of the National Security Agency break-in tools leaked to the internet in 2017.

Yaniv Balmas, Checkpoint’s head of research, called Jian “kind of a copycat, a Chinese replica.”

The find comes as some experts argue that American spies should devote more energy to fixing the flaws they find in software instead of developing and deploying malicious software to exploit it.

The NSA declined comment. The Chinese Embassy in Washington did not respond to requests for comment.

A person familiar with the matter said Lockheed Martin Corp – which is credited as having identified the vulnerability exploited by Jian in 2017 – discovered it on the network of an unidentified third party.

In a statement, Lockheed said it “routinely evaluates third-party software and technologies to identify vulnerabilities.”

Countries around the world develop malware that breaks into their rivals’ devices by taking advantage of flaws in the software that runs them. Every time spies discover a new flaw they must decide whether to quietly exploit it or fix the issue to thwart rivals and rogues.

That dilemma came to public attention between 2016 and 2017, when a mysterious group calling itself the “Shadow Brokers” published some of the NSA’s most dangerous code to the internet, allowing cybercriminals and rival nations to add American-made digital break-in tools to their own arsenals.

How the Jian malware analyzed by Checkpoint was used is not clear. In an advisory published in 2017, Microsoft Corp suggested it was linked to a Chinese entity it dubs “Zirconium,” which last year was accused of targeting U.S. election-related organizations and individuals, including people associated with President Joe Biden’s campaign.

Checkpoint says Jian appears to have been crafted in 2014, at least two years before the Shadow Brokers made their public debut. That, in conjunction with research published in 2019 by Broadcom Inc-owned cybersecurity firm Symantec about a similar incident, suggests the NSA has repeatedly lost control of its own malware over the years.

Checkpoint’s research is thorough and “looks legit,” said Costin Raiu, a researcher with Moscow-based antivirus firm Kaspersky Lab, which has helped dissect some of the NSA’s malware.

Balmas said a possible takeaway from his company’s report was for spymasters weighing whether to keep software flaws secret to think twice about using a vulnerability for their own ends.

“Maybe it’s more important to patch this thing and save the world,” Balmas said. “It might be used against you.”

All countries
197,295,547
Total confirmed cases
Updated on July 30, 2021 12:20 am
Italy
4,336,906
Total confirmed cases
Updated on July 30, 2021 12:20 am
Spain
4,422,291
Total confirmed cases
Updated on July 30, 2021 12:20 am
Iran
3,826,447
Total confirmed cases
Updated on July 30, 2021 12:20 am
Germany
3,772,307
Total confirmed cases
Updated on July 30, 2021 12:20 am

Latest Updates

Without Backpackers to Pick Them, Crops Rot by the Ton in Australia

SHEPPARTON, Australia — Peter Hall ran a hand over the Gala apples sitting in a wooden crate on his orchard in southeastern Australia, lamenting...

U.S. Will Have Enough COVID-19 Vaccines for All Adults by End of May, Biden Says

You have reached your limit of 4 free articles. Get unlimited access to TIME.com.99¢ for the first month Subscribe Now You have...

Biden Vows Enough Vaccine ‘for Every Adult American’ by End of May

But Johnson & Johnson and its partners fell behind in their manufacturing. The company was supposed to deliver its first 37 million doses by...

Popular Articles

Without Backpackers to Pick Them, Crops Rot by the Ton in Australia

SHEPPARTON, Australia — Peter Hall ran a hand over the Gala apples sitting in a wooden crate on his orchard in southeastern Australia, lamenting...

U.S. Will Have Enough COVID-19 Vaccines for All Adults by End of May, Biden Says

You have reached your limit of 4 free articles. Get unlimited access to TIME.com.99¢ for the first month Subscribe Now You have...

Biden Vows Enough Vaccine ‘for Every Adult American’ by End of May

But Johnson & Johnson and its partners fell behind in their manufacturing. The company was supposed to deliver its first 37 million doses by...

Twitch gamer Sodapoppin quits fake GTA jobs because they’re too hard

Sometimes being a fake fast-food restaurant manager can be as taxing as being a real one. This is especially true when you also have pretend...

Sarkozy says could take corruption appeal to European human rights court

France's former president Nicolas Sarkozy said Tuesday that he might consider taking his appeal against a corruption conviction to the European Court of...

Where Biden’s Foreign Policy Is Taking the U.S.

One day before the administration announced its decision on Saudi Arabia, Biden gave the first major indication of his presidency that he would be...

Interviews