BlackBerry Ltd. has come up with a sensational report that indicates that Chinese state sponsored hackers have been stealing data from computers across the globe for almost around a decade. A major reason for this unnoticed attack is its target, Linux operating systems.

Blackberry makes the claim in a new 44-page long report. It claims advanced hackers from China camouflaged their software tools posing a low level security risk in the form of advertisements. The approach made it possible for them to extract information out of their targeted systems.

(Representative Image: Reuters)

With low level security tools affecting a limited number of systems, the hackers were able to work in the shadows for almost eight years. The tools used by the hackers were not new but were aptly targeted on Linux systems so as to escape the scrutiny of most of the cyber security experts working on either Microsoft Windows or Google Android.



A total of five different advanced persistent threat (APT) groups were found to be responsible for the attacks, all of which were claimed to be state sponsored in one way or another. The report, however, clarifies that this involvement can be denied by the Chinese government due to the nature of the attacks carried out.



Why Linux?

Linux is not the optimum choice of operating system for regular use and hence its use has been limited to less than 2% of the entire world’s desktop usage. That being said, Linux does occupy a premium position in the computing world, powering all of the top 500 supercomputers in the world.

With such an apex position and almost no attention of cyber security entities, Linux proved to be an ideal target for the Chinese APT groups. Actively deployed since March 13, 2012, the hacking is considered to be “highly probable” to have impacted a significant number of organizations and that “the duration of the infections lengthy.”

(Representative Image: Reuters)

The scale of the attack is still just an estimate but given the type of information mostly present in a top-grade Linux system as well as the duration of the attack, it is probable that the Chinese government was able to extract much valuable data through the malpractice.

As BlackBerry mentions it in the report, “these [APT] groups have readily adapted, shared new tools, borrowed from open-source resources, and developed new methods to harvest information - all while effectively hiding more or less in plain sight.”

