WASHINGTON – Chinese intelligence hackers were intent on stealing coronavirus vaccine data, so they looked for what they believed would be an easy target. Instead of simply going after pharmaceutical companies, they conducted digital reconnaissance on the University of North Carolina and other schools doing cutting-edge research.
They were not the only spies at work. Russia’s premier intelligence service, the SVR, targeted vaccine research networks in the United States, Canada and Britain, espionage efforts that were first detected by a British spy agency monitoring international fiber optic cables.
Iran, too, has drastically stepped up its attempts to steal information about vaccine research, and the United States has increased its own efforts to track the espionage of its adversaries and shore up its defenses.
In short, every major spy service around the globe is trying to find out what everyone else is up to.
The coronavirus pandemic has prompted one of the fastest peacetime mission shifts in recent times for the world’s intelligence agencies, pitting them against one another in a new grand game of spy versus spy, according to interviews with current and former intelligence officials and others tracking the espionage efforts.
Nearly all of the United States’ adversaries intensified their attempts to steal American research while Washington, in turn, has moved to protect the universities and corporations doing the most advanced work. NATO intelligence, normally concerned with the movement of Russian tanks and terrorist cells, has expanded to scrutinize Kremlin efforts to steal vaccine research as well, according to a Western official briefed on the intelligence.
The contest is reminiscent of the space race, where the Soviet Union and America relied on their spy services to catch up when the other looked likely to achieve a milestone. But where the Cold War contest to reach the Earth’s orbit and the moon played out over decades, the timeline to help secure data on coronavirus treatments is sharply compressed as the need for a vaccine grows more urgent each day.
"It would be surprising if they were not trying to steal the most valuable biomedical research going on right now,” John C. Demers, a top U.S. Justice Department official, said of China last month during an event held by the Center for Strategic and International Studies. "Valuable from a financial point of view and invaluable from a geopolitical point of view.”
China’s push is complex. Its operatives have also surreptitiously used information from the World Health Organization to guide its vaccine hacking attempts, both in the United States and Europe, according to a current and a former official familiar with the intelligence.
It was not clear how exactly China was using its influential position in the WHO to gather information about vaccine work around the globe. The organization does collect data about vaccines under development, and while much of it is eventually made public, Chinese hackers could have benefited by getting early information on what coronavirus vaccine research efforts the WHO viewed as most promising, according to a former intelligence official.
American intelligence officials learned about China’s efforts in early February as the virus was gaining a foothold in the United States, according to current and former American officials. The CIA and other agencies closely watch China’s moves inside international agencies, including the WHO.
The intelligence conclusion helped push the White House toward the tough line it adopted in May on the WHO, according to the former intelligence official.
Besides the University of North Carolina, Chinese hackers have also targeted other universities around the country and some may have had their networks breached, American officials said. Demers said in his speech that China had conducted "multiple intrusions” beyond what the Justice Department revealed in an indictment in July, which accused two hackers of working on behalf of China’s Ministry of State Security spy service to pursue vaccine information and research from American biotechnology companies.
The FBI warned officials at UNC in recent weeks about the hacking attempts, according to two people familiar with the matter. The Chinese hacking teams were trying to break into the computer networks of the school’s epidemiology department but did not infiltrate them.
A UNC spokeswoman, Leslie Minton, said that the school "regularly receives threat alerts from U.S. security agencies.” She directed further questions to the federal government, but said the school had invested in "around-the-clock monitoring” to "help guard against advanced persistent threat attacks from state sponsored organizations.”
Besides hacking, China has pushed into universities in other ways. Some government officials believe it is trying to take advantage of research partnerships that American universities have forged with Chinese institutions.
Others have warned that Chinese intelligence agents in the United States and elsewhere have tried to collect information on researchers themselves. The administration of President Donald Trump ordered China on July 22 to close its consulate in Houston in part because Chinese operatives had used it as an outpost to try to make inroads with medical experts in the city, according to the FBI.
Chinese intelligence officials are focused on universities in part because they view the institutions’ data protections as less robust than those of pharmaceutical companies. But spy work is also intensifying as researchers share more vaccine candidates and anti-viral treatments for peer review, giving adversaries a better chance of gaining access to formulations and vaccine development strategies, said an American government official briefed on the intelligence.
So far, officials believe that foreign spies have taken little information from the American biotech companies they targeted: Gilead Sciences, Novavax and Moderna.
At the same time the British electronic surveillance agency GCHQ was learning about the Russian effort and American intelligence learned of the Chinese hacking, the U.S. Department of Homeland Security and FBI dispatched teams to work with American biotech teams to bolster their computer networks’ defenses.
The Russian effort, announced by British, American and Canadian intelligence agencies in July, was primarily focused on gathering intelligence about research by Oxford University and its pharmaceutical corporate partner, AstraZeneca.
The Russians caught trying to get vaccine information were part of the group known as Cozy Bear, a collection of hackers affiliated with the SVR. Cozy Bear was one of the hacking groups that in 2016 broke into U.S. Democratic party computer servers.
U.S. security officials have warned pharmaceutical companies and universities about the attacks and helped institutions review their security. For the most part, officials have observed the would-be vaccine hackers using known vulnerabilities that have yet to be patched, not the more exquisite cyberweapons that target unknown gaps in computer security.
No corporation or university has announced any data thefts resulting from the publicly identified hacking efforts. But some of the hacking attempts succeeded in at least penetrating defenses to get inside computer networks, according to one American government official. And hackers for China and Russia test weaknesses every day, according to intelligence officials.
"It is really a race against time for good guys to find the vulnerabilities and get them patched, get those patches deployed before the adversary finds them and exploits them,” said Bryan S. Ware, the assistant director of cybersecurity for the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency. "The race is tighter than ever.”
While only two teams of hackers, one each from Russia and China, have been publicly identified, multiple hacking teams from nearly all the intelligence services of those two countries have been trying to steal vaccine information, according to law enforcement and intelligence officials.
Russia announced on Aug. 11 that it had approved a vaccine, a declaration that immediately aroused suspicion that its scientists were at least aided by its spy agencies’ work to steal research information from other countries.
American officials insist their own spy services’ efforts are defensive and that intelligence agencies have not been ordered to steal coronavirus research. But other current and former intelligence officials said the reality was not nearly so black and white. As American intelligence agencies try to find out what Russia, China and Iran may have stolen, they could encounter information on those countries’ research and collect it.
Officials expressed concerns that further hacking attempts could hurt vaccine development efforts. Hackers extracting data could inadvertently — or purposefully — damage research systems.
"When an adversary is doing a smash-and-grab, there is even more likely a chance of not just stealing information but somehow disrupting the victim’s operations networks,” Ware said.
While some of Russia’s and China’s spying may have been aimed at checking their own research or looking for shortcuts, some current and former officials raised the possibility that the countries sought instead to sow distrust in an eventual vaccine from Western countries.
Both Russia and China have already spread disinformation about the virus, its origins and the American response. Russian intelligence services in particular are laying the groundwork for a more aggressive effort to escalate the anti-vaccine movement in the West and could use the allegations of spying to give its narrative greater traction.
Russia has a long record of trying to amplify divisions in American society. Current and former national security officials said they expect Russia to eventually spread disinformation about any vaccine approved in the West.
"This case seems to be a throwback to the old Soviet Union,” said Fiona Hill, the former National Security Council official and Russia expert who testified in the impeachment hearings against Trump. "Russia and the Chinese have been out there on disinformation campaigns. How better to create confusion and weaken the U.S. further than to whip up the anti-vax movement? But you make sure all your guys are vaccinated.”
© 2020 The New York Times Company
Read more at nytimes.com