North Korea spied on through “fourth party” data collection

Jan 19, 2015 09:31 GMT  ·  By

A top secret presentation from the NSA, leaked by former government contractor Edward Snowden, reveals that Chinese cyber spies have stolen sensitive information about the F-35 fighter jets produced by US aerospace company Lockheed Martin.

The document leaked by Snowden contains information about the efforts made by NSA and its partners to identify and thwart the cyber-attacks carried out by China on US sensitive military organizations.

Hundreds of Chinese intrusions detected in one year

According to German newspaper Der Spiegel, which published the new disclosures, the Chinese managed to exfiltrate massive amounts of data (terabytes) about the fighter jet, including plans touching on the radar system, engine and methods used for cooling exhaust gases.

It is believed that the stolen information has been extensively used by China to build their own fighters, the Chengdu J-20 and the Shenyang J-31; the aircraft are still in early development, with the first flight tests having occurred in 2011. The J-20 is expected to be fully operational between 2017 and 2019.

The first breach at Lockheed Martin that resulted in an unauthorized third party exfiltrating confidential information on military projects is believed to have taken place in 2007; another one is believed to have occurred in 2013.

The documents from Snowden reveal that this wasn’t the only successful Chinese cyber-espionage operation, as more than 500 significant intrusions were recorded in a single year.

Fourth party data collection

Furthermore, the leaks reveal how the intelligence agency would collect data by relying on tools used by a different party for attacking the common target. The method is called “fourth party collection” and it refers to “passively or actively obtaining data from some other actor’s CNE [computer network exploitation] activity against a target.”

Basically, one actor exploits the computer network of a different one, both of them focusing on a target NSA is interested in.

One example given in a leaked top secret document refers to getting information about North Korea. “At that point, our access to NK was next to nothing but we were able to make some inroads to the SK CNE program. We found a few instances where there were NK officials with SK implants on their boxes, so we got on the exfil points, and sucked the data back. That's fourth party.”

Der Spiegel also published a leaked slide presentation for the fourth party data collection, explaining how the technique works.

Important to note is that this data gathering technique takes advantage of computer network exploitation activity that is not associated with a Five Eye partner (US, Canada, UK, Australia and New Zealand).

NSA hacking activity (5 Images)

F-35 fighter jet
Life cycle of fourth party data collectionDNS injection attack used by the NSA to hijack botnets
+2more