Chinese Hackers Reportedly Probed Alaska Networks During Governor's Trade Mission

by | August 20, 2018

By Alex DeMarban

An internet security firm says a cyberattack from a Chinese university probed computer networks of Alaska state departments and businesses during Gov. Bill Walker's trade mission to China, an apparent attempt to "ascertain vulnerabilities and gain illegitimate access."

The firm, Recorded Future, published a report Thursday that said the attack originated from computer infrastructure at Tsinghua University. It named the Alaska Department of Natural Resources and other state departments among the targeted networks.

The report says Alaska is not alone as the target of "cyberespionage" from Tsinghua infrastructure, called an elite Chinese university by Recorded Future.

But the probing came as Alaska seeks investment from major Chinese-owned companies, including oil company Sinopec, for the $43 billion Alaska LNG project that would export North Slope natural gas in part by pipeline, according to Recorded Future, an internet technology company based in Massachusetts.

Recorded Future suggests the effort was an attempt to give China an upper hand in negotiations with the state. An important part of the trip involved the prospect of a gas pipeline partnership between Alaska and China, Recorded Future says.

Austin Baird, a spokesman for the governor, said Alaska and most state governments routinely have "anonymous activity on the perimeter of our networks that amounts to someone checking if the door is locked."

Baird said that's the sort of activity described by Recorded Future, and there is no evidence state networks were breached.

"It is not unique, nor would we draw conclusions about its timing or source," Baird said. "There is no way to tell if the activity is related to the recent trade mission to China, and a review by the Office of Information Technology has found no evidence that state networks were hacked in this instance."

The report says the scanning activity against Alaska networks was first observed in late March, a few weeks after Gov. Walker announced a trade delegation to China dubbed Opportunity Alaska.

"The activity picked up for a few days prior to the delegation arriving on May 20, 2018, and dropped off as the delegation arrived. Probing of the Alaskan networks remained at low levels until May 28 as the delegation concluded its activities, then ramped up considerably as delegates left China," the report says.

"The spike in scanning activity at the conclusion of trade discussions on related topics indicates that the activity was likely an attempt to gain insight into the Alaskan perspective on the trip and strategic advantage in the post-visit negotiations," the report says.

The cybersecurity firm said the "reconnaissance activity" targeted organizations involved in industries "at the heart of the trade discussions, such as oil and gas."

The Department of Natural Resources is involved in the Alaska LNG project and helps oversee the state's oil and gas industry.

The state gasline agency, Alaska Gasline Development Corp., can enter into contracts related to the proposed pipeline and gas processing facilities in consultation with DNR and the Department of Revenue.

In addition to naming DNR, the report named "state of Alaska government" networks as the target of the probing.

AGDC was not specifically named in the report.

"AGDC is not aware of any cybersecurity breaches," said Jesse Carlstrom, a spokesman for the gasline agency.

AGDC employs top-end cybersecurity measures and is taking steps to boost those further, the agency said.

The agency is "in regular contact with the FBI to ensure AGDC cybersecurity is as tight as possible while still allowing for business negotiations to continue efficiently and effectively," Carlstrom said.

The agency has said it wants to secure binding agreements with Sinopec, Bank of China and China Investment Corp.  before year's end, to help move the project toward construction.

Carlstrom said the report of probing from the university's hardware does not alter AGDC's view of its Chinese partners. The agency will continue "working collaboratively" with the companies to develop Alaska LNG, he said.

The networks of telecommunications companies in Alaska were among the organizations probed, the report says. It specifically names Alaska Communications Systems Group and smaller telecommunications companies, Alaska Power & Telephone Co. and TelAlaska.

Heather Cavanaugh, a spokeswoman with ACS, said the company limits what it says about its cybersecurity operations, to avoid tipping off potential hackers.

Cavanaugh declined to say whether Chinese hackers gained access to ACS's network. The company operates a fiber optic line on the North Slope, providing internet services supporting the region's oil industry.

Cavanaugh emailed this statement:

"Alaska Communications is serious about cybersecurity. We maintain advanced technical and procedural capabilities to protect both our customers and company. We do not, however, respond with information that could be used by malicious actors to gauge the efficacy of reconnaissance and exploitation attempts."

Reuters reported the story early Thursday.

(c)2018 the Alaska Dispatch News (Anchorage, Alaska)