Skip to main content
The Globe and Mail
Support Quality Journalism
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
Just$1.99
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to globeandmail.com
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); }

BlackBerry Ltd. says its researchers have uncovered how China-backed hackers have been able to extract data from many of the world’s servers for a decade – largely without being noticed by cybersecurity.

It says the tactics give the hackers the ability to extract information from huge amounts of valuable data from computers using the Linux operating system, which is used on most of the world’s web servers and cloud servers.

A 44-page report published by BlackBerry says that five separate groups with links to the Chinese government have been using certain tactics and methods to target Linux systems for a decade.

Story continues below advertisement

“We’re not suggesting that this is something entirely new and entirely stand-alone, and undiscovered,” BlackBerry executive Eric Cornelius said in a phone interview Tuesday.

But, he said, BlackBerry asserts that the security industry has missed a major component of tactics used by a well-established hacker umbrella group known as WINNIT, which the company says works with the Chinese government.

“As an industry, we’ve tended to focus too much on Windows-based devices because they make up the lion’s share of the devices out there,” Mr. Cornelius said.

“But the adversaries are determined and dedicated and ... they find any opportunity and, in this case, we’ve called out some really novel techniques they’ve used against Linux and even the Android operating system to accomplish their goals.”

Mr. Cornelius said the point of these China-backed hacking campaigns is to exfiltrate, or steal, information that the United States has claimed is worth “multiple billions of dollars” in intellectual property.

“Who knows? Unless you’re an intelligence agency, it’s impossible to substantiate,” Mr. Cornelius said. “It’s impossible to quantify [the value].”

However, BlackBerry’s report says, Linux dominates the back-end infrastructure of large modern data centres.

Story continues below advertisement

“Linux runs the stock exchanges in New York, London and Tokyo, and nearly all the big tech and e-commerce giants are dependent on it, including the likes of Google, Yahoo, and Amazon,” it says.

As for the impact on Canadian governments and businesses, Mr. Cornelius said, he wasn’t aware of any claims of that sort because it’s not his area of expertise.

The federal government’s Canadian Centre for Cyber Security said in an e-mail that it works with partners to monitor and deal with potential threats, but it doesn’t comment on specific incidents.

BlackBerry’s report says that one tactic is to disguise a hacker’s tools as advertising software, which is undesirable but not considered a high priority.

Mr. Cornelius said the WINNIT hacking group was able to steal certificates that prove a products’ authenticity, and use the certificates to pretend to be adware rather than more serious attack software that’s flagged for immediate attention.

“A really, really good idea,” said Mr. Cornelius, who is BlackBerry’s chief product architect, a position he previously held at Cylance Inc. before it was acquired by the Waterloo, Ont.-based company.

Story continues below advertisement

Microsoft Corp. and Google, which makes the Android operating system, didn’t immediately comment on the BlackBerry report.

Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.

Report an error
Tickers mentioned in this story
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies