According to Israeli researchers, Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations. It is another indication of how malicious software developed by governments can boomerang against their producers.
Check Point Software Technologies announced that some features in a piece of China-linked malware called Jian were so similar they could only have been stolen from some of the National Security Agency break-in tools published on the internet in 2017.
Furthermore, the find comes as some specialists argue that American spies should dedicate more energy to fixing the flaws they find in software instead of developing and deploying malicious software to exploit it.
The NSA refused to comment. Meanwhile, the Chinese Embassy in Washington did not respond to requests for comment.
Notably, Lockheed Martin Corp discovered it on the network of an unidentified third party. Lockheed Martin Corp is credited as having identified Jian’s vulnerability in 2017.
Lockheed announced it routinely evaluates third-party software and technologies in order to identify vulnerabilities.
Countries worldwide develop malware that breaks into their virals’ devices
Countries worldwide develop malware that breaks into their competitors’ devices by taking advantage of flaws in the software that runs them. Whenever spies find a new flaw, they should decide whether to exploit it or fix the issue to prevent rivals and rogues.
That difficulty came to public attention between 2016 and 2017. A mysterious group named the Shadow Brokers published some of the NSA’s most dangerous code to the internet, enabling cybercriminals and rival nations to add American-made digital break-in tools to their arsenals.
However, it is unclear how the Jian malware analyzed by Checkpoint was used. Microsoft Corp suggested it was linked to a Chinese entity named Zirconium, which last year was blamed for targeting U.S. election-related organizations and individuals, including people associated with U.S. President’s campaign.
According to Yaniv Balmas, Checkpoint’s head of research, a possible takeaway from his company’s report was for spymasters weighing whether to keep software flaws secret to think twice about using a vulnerability for their ends.
He said that maybe it’s more necessary to patch this thing and save the world; it can be used against you.