back to article Surprise surprise! Hostile states are hacking coronavirus vaccine research, warn UK and USA intelligence

Foreign state hackers are trying to brute-force their way into pharmaceutical and medical research agencies hunting for a COVID-19 vaccine, British and American infosec agencies are warning. The National Cyber Security Centre (NCSC) and America’s Cybersecurity and Infrastructure Security Agency (CISA) cautioned of a “password …

  1. grizewald
    Facepalm

    Bullshit article based on bullshit press releases.

    "Hostile countries". What kind of dumb expression is that?

    This article is all about attributing motive to unknown actors with zero evidence of the intent of the attacks.

    An equally plausible explanation is that the usual actors are taking advantage of the fact the the targeted companies are likely to be "rushed off their feet" busy at the moment and are less likely to notice being penetrated.

    Bullshit, bullshit, bullshit.

    How about some analysis of your own Gareth instead of just recycling dodgy press releases like most lazy print hacks?

    1. foo_bar_baz

      Re: Bullshit article based on bullshit press releases.

      Is it not news that said agencies have released said press releases?

      You’re right that the linked source has no mention of state actors, so that looks like a bit of embellishment. Good catch.

      1. Paratrooping Parrot

        Re: Bullshit article based on bullshit press releases.

        Citing the Daily Mail and the US government as your source is a bit rubbish. Remember this is the same US government that loves spreading false rumours.

        1. LucreLout Silver badge

          Re: Bullshit article based on bullshit press releases.

          Citing the Daily Mail and the US government as your source is a bit rubbish.

          True, but it could have been worse and he could have cited the guardian.

          When their science editor is writing to other publications (El Reg itself no less) begging for an agenda to push and to be used as "a mouthpiece" you know they have no scruples. Couple that with their own highly structured tax position while barracking anyone else who has even the slightest of structures, often yielding much smaller tax avoidance than the groans own setups.

          They deceive their readership by pretending to take an ethical stance all the while they're up to their elbows in it, treating them as nothing more than idiots. Useful idiots, and unthinking cash cows.

      2. Anonymous Coward
        Anonymous Coward

        APT groups mentioned in the NCSC release.

        These are state actors, or at least affiliated?

        To be fair, what else has El Reg to report on this? Do you want journalism, or commentary?

        Any rogue state locked out of the global share could be motivated to get the info. Equally, it could be opportunistic hackers looking for information for the unscrupulous equities traders willing to pay.

      3. veti Silver badge

        Re: Bullshit article based on bullshit press releases.

        The source talks about "advanced persistent threat" (APT) actors, which is a euphemism for state-sponsored hackers.

        1. gazthejourno (Written by Reg staff)

          Re: Re: Bullshit article based on bullshit press releases.

          You leave the OP alone. All his friends have been posting on Facebook about the bad MSM and how journalists have got it wrong all the time. He wants to feel like part of the special group, fearlessly posting The Truth in comment sections across the internet, bravely pointing out that It's Wrong, You Know. Verily, we are blessed to have his Righteous Sword of Truth gracing our base commentardery.

          I'm sure he couldn't tell you what an APT is or does, even given two hours with Google and a packet of crayons. But that's no reason for you to come and crap all over his historic crusade by repeating simple facts well understood by the readers of El Reg, you nasty bully.

          1. Kane Silver badge
            Joke

            Re: Bullshit article based on bullshit press releases.

            Hello, Police? I'd like to report a murder I just witnessed.

          2. LucreLout Silver badge
            Happy

            Re: Bullshit article based on bullshit press releases.

            I'm sure he couldn't tell you what an APT is or does, even given two hours with Google and a packet of crayons.

            I'm not the OP, and my "Sword of truth" is more like a "Dagger of hazy views", but I'll give this a whirl.

            APT is Alpha Pro Tech, an American company specializing in building products and equipment.

            Or it could be a word - meaning appropriate in the circumstances.

            It definitely used to be a dodgy nightclub in the City. Allegedly.

            You might have meant Advance Package Tool for software installation and removal.

            But by far my favorite meaning would be [Sweet Home] Alabama Public Television.

    2. Anonymous Coward
      Anonymous Coward

      Re: Bullshit article based on bullshit press releases.

      "Hostile countries". What kind of dumb expression is that?

      George Bush the 2'nd started it, and the mobbed-up guy in the white house expanded on it to mean "Anyone I currently disagree with for any reason".

    3. Jason Bloomberg Silver badge
      Black Helicopters

      Re: Bullshit article based on bullshit press releases.

      "Hostile countries". What kind of dumb expression is that?

      "China. Iran. North Korea. Russia", when coming from the west. Take your pick and feel free to add any other country you don't like, any you would like others to perceive as today's existential threat.

    4. TechHeadToo

      Re: Bullshit article based on bullshit press releases.

      if only I had the skill to extract the details of the research, I could sell it for a fortune to 'someone' who may be able to be first to market with a vaccine. Make no mistake - Donald Chump wants to be first in the US so he can sell it to the rest of the world and make billions. He'll already have his family buying up all the right stocks and shares for the companies he can promote.

      Not sure if Boris Buffoon maybe doing the same - I'd like to think we're better organised, but maybe our corruption in high places is better hidden.

      Doesn't alter the main idea that vaccine knowledge is the next 'big thing' though

  2. Barrie Shepherd

    So will the NHS centralised Track & Tracing APP will be secure from snoopers? /s

    Maybe that's why Sirco will be doing the track and tracing so that when the data from the APP is leaked it will not be the Governments fault? /s

  3. Andy1

    What possible reason would there be to hack into this research, isn't it supposed to be shared between nations. Or is it to wreck the computer system the data is held on or possibly a ransomware attack. Come on journos try and find out why it's really happening.

    1. Anonymous Coward
      Anonymous Coward

      My thoughts precisely. We'd want to share any means to halt the virus with the whole world, there's no good reason to keep it to ourselves.

      Sounds more to me like the security services are a bit worried that they've been out of the headlines too long and are desperate for some good publicity....

      1. LucreLout Silver badge

        My thoughts precisely. We'd want to share any means to halt the virus with the whole world, there's no good reason to keep it to ourselves.

        Put aside the emotive stuff for a minute and look at who benefits.

        The first fully vaccinated country will have their economy working faster than the last country to get properly vaccinated. Trade with other nations will have moved from those slower to roll out the vaccination tot hose quicker to roll it out.

        Yes, the global economy does need everyone to get this, but its the sequencing you see. That matters financially, and we're talking big numbers here, really big. Nobody is giving away the cure until their country is sure it can secure and apply sufficient doses be fast out of the starting blocks.

        Like so many things in life, it isn't about what they should do, or what they could do, its about what they actually will do.

    2. Smooth Newt Silver badge
      Alert

      Stealing a march

      What possible reason would there be to hack into this research, isn't it supposed to be shared between nations. Or is it to wreck the computer system the data is held on or possibly a ransomware attack. Come on journos try and find out why it's really happening.

      An international emergency doesn't change someone's personality. If you are of a certain mindset, then you look at everything as an opportunity for advancement. Clearly, having stocks of vaccine, when other countries don't yet, gives you colossal leverage. Which countries do you prioritize supplies to? Which countries are going to be ignored? It's even better than having an ICBM, since you can kill thousands of people with complete impunity.

      From the opposite perspective, if you are sitting in, e.g., the Health Ministry in Iran, you are probably thinking that if the UK or the USA wins the race then you won't be seeing any vaccine supplies before the next millennium. It would be stupid and malicious not to distribute the vaccine as quickly and widely as possible, since a disease is a threat to everyone until it is eradicated everywhere. But we only have to look across the Atlantic so see that stupidity and malice are no impediment to high office.

  4. Anonymous Coward
    Anonymous Coward

    I thought Iran had a reasonably effective covid-19 treatment already, using sofosbuvir (possibly together with daclatasvir).

    1. veti Silver badge

      Lots of countries like to brag about their effective treatments. But the best evidence is, none of them are really all that effective. They still brag, because it makes their leaders look stronger and look like they're doing something to help their people - but like Trump with his hydroxychloroquine, they're just overselling something that might have helped some tiny number of people but - at best - doesn't work for most.

      Iran got hit early. If their treatment was "reasonably effective", at four months in they wouldn't still be losing a full 5% of their cases, and that's just the official figures.

      1. Anonymous Coward
        Anonymous Coward

        Drink new Clorox flavor Coolaid!

        He's already switch from promoting hydroxychloroquine to promoting Remdesivir (Gileads drug), they gave it orphan drug status, which is a big cash win for Gilead.

        I haven't heard anything from Gilead's China trial, I think they'd be shouting from the roof if it was a magic cure.

        Still at least he's stopped telling his followers to drink the Clorox Coolaid.

        Rage tweeting at 1am about Kellyanne Conways marriage keeps him busy. It doesn't matter that he's ended the task force, everyone will still listen to Fauci even after Trump fires him.

        Fauci's authority comes from years of dealing with epidemics, not Trump introducing him on a podium.

        1. Anonymous Coward
          Anonymous Coward

          Re: Drink new Clorox flavor Coolaid!

          "I haven't heard anything from Gilead's China trial"

          The US trial showed a reduction in time in hospital of about 30%, but no statistically significant alteration in outcome. The Chinese trial did not indicate it was effective.

          1. Anonymous Coward
            Anonymous Coward

            Re: Drink new Clorox flavor Coolaid!

            Seems to be at least partly correct. The last I heard the China trials were cancelled because China controlled it with lockdown and Gilead couldn't get enough infected people for their trials. [1]

            But I see they're promoting their the "National Institute of Allergy and Infectious Diseases" trial on their website, as shortening the hospital time as you said. [2]

            Gileads profits depend on Covid 19 not being stopped by basic quarantine protocols (as happened in China), and Mr quid-pro-quo is in the Whitehouse and Fox News on cable. I wonder how that will play out (facepalm).

            [1] China trial cancelled:

            https://www.reuters.com/article/us-health-coronavirus-gilead-remdesivir-idUSKCN21X2A2

            "A trial in China testing Gilead Sciences Inc’s antiviral drug, remdesivir, in those with mild symptoms of COVID-19 has been suspended due to a lack of eligible patients...China, where the outbreak is believed to have originated, has been able to control it through tough measures such as lockdowns. Gilead expects early data from its trial of the drug in severe patients at the end of April, and data from a trial testing it in patients with moderate symptoms by May. "

            [2] Gilead promoting their anti-viral

            https://www.gilead.com/stories/articles/an-open-letter-from-our-chairman-and-ceo-april-29

            "From the two sets of results today - the NIAID and SIMPLE data - we now know two things: that remdesivir appears to shorten time to recovery and when treating patients with severe disease,"

  5. vtcodger Silver badge

    We're talking medical research, not nuclear launch codes.

    I'm trying to think of a reason for not simply giving legitimate Russian, Iranian, Icelandic, Fenwickian etc. representatives user accounts that let them view any and all research info on Coronavirus. Can't come up with much.

    Heck, why not just publish the information on Wikipedia?

    1. Chewi
      Flame

      Re: We're talking medical research, not nuclear launch codes.

      I'm glad I'm not the only one thinking this. I was really angry when I saw this reported in the mainstream media. They're taking the totally wrong angle. Sure, they have cause to be concerned if the intent is malicious damage but that seems highly unlikely. The official warning talked about potential theft of "intellectual property" and that makes me sick. Placing more concern over that than the welfare of humanity makes them no better than Trump trying to score that exclusive vaccine deal.

    2. Danny Boyd

      Re: We're talking medical research, not nuclear launch codes.

      And what about the profits of the pharmaceuticals? How can the pharmaceuticals make money off the vaccine if everybody and his uncle can produce it?

      1. Anonymous Coward
        Anonymous Coward

        Re: We're talking medical research, not nuclear launch codes.

        "How can the pharmaceuticals make money off the vaccine if everybody and his uncle can produce it?"

        If ChAdOx1 works, AstraZeneca have stated they'll produce it at cost.

        1. Neil 44

          Re: We're talking medical research, not nuclear launch codes.

          >> If ChAdOx1 works, AstraZeneca have stated they'll produce it at cost.

          ****** DURING THE EPIDEMIC ****

          AFTER the epidemic they can make money (though I suspect they'll still have to pay a license fee as they won't own it)

        2. Smooth Newt Silver badge
          Boffin

          Re: We're talking medical research, not nuclear launch codes.

          If ChAdOx1 works, AstraZeneca have stated they'll produce it at cost.

          For a company, costs - like profits - are whatever you want them to be. Are the extra executive bonuses a cost? Is that new office building a cost? Is this new lab a cost? You can bet your ass they are, if you want them to be.

        3. LucreLout Silver badge

          Re: We're talking medical research, not nuclear launch codes.

          If ChAdOx1 works, AstraZeneca have stated they'll produce it at cost.

          Sure, but the cost is a very fungible item. Companies have two kinds of staff - billable and non-billable. Billable people are an income stream for you company (Traders in finance, Devs in software companies etc), non-billable people don't (System Admins, HR etc).

          Given my company apparently needs the non-billable people to run and running has let us produce this thing we're giving away at cost, I might be tempted to proscribe 100% of my non-billables to the cost of production, thereby massively increasing the revenue percentage of my other billables that are working on something else.

          It makes my company a lot of money either way, and you get whatever I'm handing out "at cost".

          Now, I'm not suggesting AstraZeneca are doing this or would do it, I'm sure they're positively lovely people through and through, so they have no need to let lose the dogs of law.

    3. EvilDrSmith Bronze badge

      Re: We're talking medical research, not nuclear launch codes.

      I'm not sure how advisable it is to share research between different institutions at an early stage - there would seem to be a risk that all may end up following a research dead end, so I can see a reason for different groups to work in isolation, and only share the results and methodology once it looks to be reliable.

      More generally to the article, medical research is expensive (and I believe often unsuccessful). This may be less about getting info on COVID, and more about getting into the systems of the various research institutes for future exploitation, trying to benefit from possible lax user security brought on by the urgency of dealing with COVID now.

      Additionally, there may be an element of 'what do they know?' A potential revelation might be embarrassing to some regimes if it isn't their government scientists that save the country/world.

      1. Kane Silver badge

        Re: We're talking medical research, not nuclear launch codes.

        "I'm not sure how advisable it is to share research between different institutions at an early stage - there would seem to be a risk that all may end up following a research dead end, so I can see a reason for different groups to work in isolation, and only share the results and methodology once it looks to be reliable."

        But if they don't share the research, how would they know they're following a dead end? If dozens, or tens of dozens of research groups aren't communicating with each other and working in isolation it's possible they could increase the likelihood of that pitfall. At least with open communication they can see where the potential dead ends lie and switch focus accordingly.

  6. Claverhouse Silver badge
    Unhappy

    Bad to the Bone

    Them furrin varmints are always up to some sort of no good.

    .

    .

    They forgot to include North Korea.

  7. Anonymous Coward
    Anonymous Coward

    Sounds very much like

    Some orange baboon and his glove puppets are viewing a vaccine as a private proprietary profit opportunity rather than something altruist for the benefit for all mankind.

    1. P. Lee Silver badge

      Re: Sounds very much like

      Just to play devil’s advocate, who is paying for the research?

      Who pays for the research for any medical remedy?

      He who shall not be named gets slammed for suggesting a cheap, widely available treatment and slammed for as hoping for an expensive proprietary one. Is there any scenario in which he could do the right thing? Would you like the government to intervene and take the researchers’ work at gun-point?

      All medical advances benefit humanity. If you insist that they all be given away for free, there will be no money to build labs or pay researchers to work on these problems. Are you sure that is what you want?

      1. Olius

        Re: Sounds very much like

        Just to play devil's advocate on that:

        WE are paying for it, the human race.

        And money doesn't evaporate once it is spent: it is spent again on those peoples' food, housing, utilities and even on more research and research-tools. It is also be created on demand. Then once spent, it gets taxed right back to the govts. So what has it "cost"? The actual cost is the individual hours "spent" on it. Money simply lubricates that work. And the work always comes before the money.

        Why should some of us be able to hold the rest to ransom, via the patent system, backed by the military, on something this important?

      2. Anonymous Coward
        Anonymous Coward

        Re: Sounds very much like

        "Who pays for the research for any medical remedy? ... If you insist that they all be given away for free, there will be no money to build labs or pay researchers to work on these problems"

        Certainly within the UK, the state is throwing money at research institutions, and one of the largest drug companies on the planet (AstraZeneca) has stated that they will manufacture the vaccine at cost.

        1. Olius

          Re: Sounds very much like

          Well, that's great news :-)

          Question though (for those on this thread who are concerned about giving the research away for free) - if the product of the research will be created and sold at cost, then who has lost out by giving the research away for free for others to use to produce the product at cost? Or conversely, who would gain if Astrazeneca were the only company producing the vaccine if Astrazeneca are not making a profit?

      3. Anonymous Coward
        Anonymous Coward

        Re: Sounds very much like

        Universities do the bulk of the research, the pharmaceutical industry does the marketing and branding.

  8. Anonymous Coward
    Anonymous Coward

    Insights? Seriously?

    "The joint warning comes hot on the heels of reports from Sunday newspapers that Iran and Russia are targeting British universities in the hope of stealing insights into how to fight the deadly coronavirus pandemic"

    South Korea has 8 cases a day, New Zealand has 1. UK ~4.5 thousand cases a day USA ~27 thousand cases a day

    Delusion aside, UK isn't leading anything. What should it do? Gee if only there was a simple fix it could do....

    March 30th "Austria to make faces masks compulsary in public"

    https://www.reuters.com/article/us-health-coronavirus-austria-idUSKBN21H16A

    "Austria will require shoppers to wear basic face masks in supermarkets in a bid to slow the still too-rapid spread of the coronavirus...Austria has closed schools, restaurants, bars, theatres and other gathering places, including non-essential shops. People have been told to stay at home and work from there if possible. The country has reported 108 deaths and more than 9,000 cases"

    So they had 9000 cases, did a lockdown, wore face masks in public, and what happened.....

    Austria is down to 31 cases a day, total 15600 cases:

    https://www.worldometers.info/coronavirus/country/austria/

    They squashed it. Poof, 40 days and its gone.

    Easy fix. QUARANTINE, the 40 days is in the word itself.

    1. werdsmith Silver badge

      Re: Insights? Seriously?

      People are still believing the official stats.

  9. Olius

    Here's a thought: Why not publish all work in the public domain so that everyone can contribute to it and benefit from it?

    The only "valuable asset" which should be being created here is a healthy population.

    1. Anonymous Coward
      Anonymous Coward

      "Why not publish all work in the public domain so that everyone can contribute to it and benefit from it?"

      The teams working on a vaccine (or other treatments) kinda are doing that - there's over 100 individual programs, and they're all sharing data with each other as they go.

      Note that the US, China, and Russia opted out of joining the joint funding program for a vaccine ...

      1. Olius

        Are they the only countries in the world who opted not to join the program, and therefore shouldn't benefit from anything it produces? Or will we be holding 99% of the world to ransom if our research is fruitful?

        Do you contribute to the development of any of the "free" software on your computer, or the "free" software running on the El Reg servers?

  10. sean.fr

    I would like to think we are doing the same

    If china has know how we lack. I would hope the west is also trying to extract this by hacking .

    No state or company should gain an economic advantage by owning this IP.

    If that takes stealing the IP, stealing is the moral thing to do.

    People first.

    1. MrMerrymaker Bronze badge

      Re: I would like to think we are doing the same

      Yes, the real story is this being hidden information at all.

      Not sure hacking hackers solves much, or fosters the attitude we want.. But it's shocking that this article misses the trick that it's information that should definitely be out there.

      That's the real tale.

  11. Flywheel Silver badge
    Devil

    Coincidence maybe

    It may be coincidence but I'm running a FoldingAtHome client at home(!) and have some FAH advertising on my website trying to get more people joining in. On Sunday evening I was hit by a intensive and sustained barrage of access attempts on my mail, VPN and web servers. The IP addresses purported to be from North Korea, Lithuania and Adelaide, Australia. This went on for a couple of hours and then stopped as my firewall had kicked in.

    As I say, it may be coincidence but I'm prepared to give the theory the benefit of the doubt.

    1. batfink Silver badge

      Re: Coincidence maybe

      Shhh - if that gets to the Daily Mail then we'll have to add Lithuania and South Australia to the list of Our Latest Enemies...

  12. Roger Kynaston Bronze badge
    Paris Hilton

    spooks

    The disconnect between fictional and real ones has always flabbered my gast.

    Paris because 007. Or is she Anne Smiley?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020