It says the tactics give the hackers the ability to extract information from huge amounts of valuable data from

computers using the Linux operating system, which is used on most of the world’s web servers and cloud servers.

A 44-page report published by BlackBerry says that five separate groups

with links to the Chinese government have been using certain tactics and methods to target Linux systems for a decade.

“We’re not suggesting that this is something entirely new and entirely stand-alone, and undiscovered,”

BlackBerry executive Eric Cornelius said in a phone interview Tuesday.

But, he said, BlackBerry asserts that the security industry has missed a

major component of tactics used by a well-established hacker umbrella group

known as WINNIT, which the company says works with China’s government.

“As an industry, we’ve tended to focus too much on Windows-based devices

because they make up the lion’s share of the devices out there,” Cornelius said.

“But the adversaries are determined and dedicated and . . . they find any

opportunity and, in this case, we’ve called out some really novel techniques

they’ve used against Linux and even the Android operating system to accomplish their goals.”

Cornelius said the point of these China-backed hacking campaigns is

to exfiltrate, or steal, information that the United States has claimed

is worth “multiple billions of dollars” in intellectual property.

“Who knows? Unless you’re an intelligence agency,

it’s impossible to substantiate,” Cornelius said.

“It’s impossible to quantify (the value).”

However, BlackBerry’s report says,

Linux dominates the back-end infrastructure of large modern data centers.

“Linux runs the stock exchanges in New York, London and Tokyo,

and nearly all the big tech and e-commerce giants are dependent on it,

including the likes of Google, Yahoo, and Amazon,” it says.

As for the impact on Canadian governments and businesses,

Cornelius said, he wasn’t aware of any claims of that sort

because it’s not his area of expertise.

The federal government’s Canadian Centre for Cyber Security

said in an email to The Canadian Press that it works with partners

to monitor and deal with potential threats but it doesn’t comment on specific incidents.

BlackBerry’s report says that one tactic is to disguise a hacker’s tools

as advertising software, which is undesirable but not considered a high priority.

Cornelius said the WINNIT hacking group was able to steal certificates

that prove a products’ authenticity, and use the certificates to pretend to be

adware rather than more serious attack software that’s flagged for immediate attention.

“A really, really good idea,” said Cornelius, who is BlackBerry’s chief product architect,

a position he previously held at Cylance before it was acquired by the Waterloo, Ont.-based company.

Microsoft and Google, which makes the Android operating system, didn’t immediately comment on the BlackBerry report.

This report by The Canadian Press was first published April 7, 2020.