Article Details

China again claims Volt Typhoon hack gang was invented by the US to discredit it. Enough with the racist-sounding 'dragons' and 'pandas', Beijing complains – then points the finger at koalas. Chinese authorities have published another set of allegations that assert the Volt Typhoon threat actor is an invention of the US and its allies, and not a crew run by Beijing. Published on Monday in five languages, a document titled "Lie to Me: Volt Typhoon III – Unravelling Cyberespionage and Disinformation Operations Conducted by US Government Agencies" largely revisits the content of a similar document published in July. In its latest document, China's National Computer Virus Emergency Response Center (CVERC) and National Engineering Laboratory for Computer Virus Prevention Technology claim that Beijing's previous publications on the matter saw over 50 cyber security experts contact it to share their belief that US authorities and Microsoft lacked evidence to associate Volt Typhoon with China. But the document doesn't disclose the identity of those experts, nor the basis for their analysis. The document does go over a lot of old ground, detailing known US capabilities and efforts – such as Section 702 warrantless surveillance of foreigners. It also points out that the US ran the PRISM data collection program, and the National Security Agency's Office of Tailored Access Operation spyware operations – both exposed by Edward Snowden in 2013. Those activities, CVERC argues, are just the sort of thing of which Volt Typhoon has been accused. Volt Typhoon is therefore American and China's involvement is made up. QED. Another passage that caught The Register's eye suggests that analysis of online attacks follows a certain pattern: To cater to US politicians, government bodies and intelligence agencies, some US companies, such as Microsoft and CrowdStrike, for their commercial interest and without sufficient evidence and rigorous technical analysis, have been keen on coining various absurd code names with obvious geopolitical overtones for hacker groups, such as 'typhoon', 'panda', and 'dragon' instead of 'Anglo-Saxon' 'hurricane', and 'koala'. The authors may have a point about Orientalism being a factor in infosec reporting. But they're well off the mark criticizing koalas, as the marsupial's name is derived from the language of Australia's Dharug people and is not Anglo-Saxon at all. Further, koalas are almost entirely placid and spend most of their lives sleeping or chewing leaves. They're a terrible metaphor for anything other than languor. The document ends with a call for international collaboration in infosec, and for vendors to "focus on counter-cyber threat technology research and better products and services for users." That last point may be fair enough, given recent woes at Microsoft and CrowdStrike. The Register eagerly awaits the next volume in this series, which will surely accuse the US of also running the Salt Typhoon group accused of infiltrating US ISPs at Beijing's behest.