“NSA does not confirm nor deny allegations in the media regarding its operations. Our core focus is countering foreign malign activities persistently targeting American interests, and we will continue to defend against adversaries wishing to threaten us.”The Chinese post says the country “shattered the US cyber attack plot of stealing secrets and infiltration and sabotage, and made every effort to protect the security of ‘Beijing Time.’”
Possible ‘serious escalation’: If the recent Chinese claim against the NSA is true, said Bardin, it suggests a strategic intent by the US not just to spy, but to position the country to potentially disrupt a core piece of Chinese infrastructure, the timing system underpinning communications, finance, energy, and defense.That, he said, “would mark a serious escalation.””It’s also striking,” he added, “that Beijing went public with this claim, since China typically avoids admitting breaches of its own critical systems. China’s public accusation signals a bid to sway international opinion, painting the US as a global ‘hacker empire’ and rallying other nations behind calls to rein in state-sponsored cyber intrusions. Beijing is expected to bolster its cyber defenses and could even hint at tit-for-tat moves against US timekeeping networks to deter further incursions.”Economically, he added, “the incident continues China’s push for tech self-reliance tightening supply chains and fast-tracking homegrown alternatives (such as sovereign timing systems) as it seeks to reduce exposure to US tech influence amid already high trade and technology tensions.” The Chinese allegation also fits with the pattern of behavior from Beijing “leaning forward with public attribution of what they consider malicious cyber activity “¦ and oftentimes that attribution is not necessarily accurate,” said Matthew Ferren, international affairs fellow in national security at the US Council on Foreign Relations. In fact, he couldn’t say whether there was an attack or an intrusion.”This tells me nothing about what may or may not have happened in the real world, but it does fit within the pattern of behavior of the Chinese to shape narratives around the United States being an irresponsible actor in the cyber domain,” he said.
Advice for CISOs: Time services are an interesting and often overlooked target, said Johannes Ullrich, dean of research at the SANS Institute, because many authentication protocols rely on accurate time services. To prevent replay of old attestations, these systems require synchronized times. If the times are not synchronized, messages from authentication servers will be discarded.The simplest result of a compromised time service is a denial of service attack. Or, he added, it can lead to bypassing some authentication or access control checks, or the ability to replay old authentication messages to gain access to systems. “CISOs should not neglect these time services,” he said in an email. “It is too easy to leave them in a default configuration which often uses undefined open cloud based time server pools. Instead, internal time servers should be defined to serve as an internal standard, and these internal time standards need to be synchronized with carefully selected sources like GPS or time servers run by a trusted entity.”Treadstone 71’s Bardin said that CSOs in any country who want to protect themselves from a sophisticated nation-state attacker should treat time infrastructure linked to their servers as a national-level dependency.Segment and isolate all systems relying on NTP (network time protocol) or GPS sources, verify clock integrity against multiple independent references and deploy cryptographic attestation for time signals, he advised.He also recommends disabling SMS-based login authentication for privileged access, enforcing out-of-band multi-factor authentication, and continuous monitoring for anomalies in timing drift or certificate use.He added that red team drills simulating loss of trusted time, which will validate IT operational resilience, is also worthwhile.To assist defenders, the US Cybersecurity and Infrastructure Security Agency (CISA) offers this advice to organizations to help protect themselves from nation-state attacks.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4075846/us-nsa-alleged-to-have-launched-a-cyber-attack-on-a-chinese-agency.html
