The stories you want. The opinions that matter.
No, thanks
Tag: cyber spying
FBI’s Comey Says Cybercrime A Top Priority After China Attacks

FBI’s Comey Says Cybercrime A Top Priority After China Attacks

By Richard A. Serrano, Tribune Washington Bureau

WASHINGTON — James B. Comey, the new FBI director, was visiting the bureau’s field office in Indiana recently and was struck by how the invention of the automobile gave old-time Midwest bank robbers like John Dillinger a faster getaway.

Today, Comey’s FBI is more concerned with cybercrime, and it is that murky world of Internet theft that gave the director pause Wednesday to imagine a new kind of thief who can steal fortunes from the comfort of his own bedroom.

“John Dillinger couldn’t do a thousand robberies in the same day in all 50 states in his pajamas halfway around the world,” Comey told the Senate Judiciary Committee. “That’s the challenge we now face with the Internet.”

On Monday, the FBI and Justice Department announced indictments against five Chinese military officials, charging them with economic espionage by hacking into corporate computer systems in the U.S. and stealing private data. The case, with more indictments expected soon, signals that the FBI views cybercrimes as the new rob-and-run bank heists of the 1930s.

Comey said a top priority is hiring new agents with cutting-edge computer and other technical skills.

“These cases illustrate our commitment to reach around the world to make clear to people that we’re not going to put up with this,” he said. “We’re going to treat these burglaries for what they are. We’re going to treat them as seriously as we would someone kicking in your door to steal your stuff, to steal your ideas, to steal your identity.”

Photo: O.maloteau via Flickr

Chinese Hackers Allegedly Used ‘Spearphishing’ To Steal Secrets

Chinese Hackers Allegedly Used ‘Spearphishing’ To Steal Secrets

By Robert Faturechi, Los Angeles Times

Much of the damage allegedly inflicted by the Chinese military officers charged with economic espionage this week came via email scams.

But the strategy, as described in a federal indictment, was far more sophisticated than the common “Nigerian prince” email blast.

Instead of sending out thousands of generic scam messages, the Chinese hackers were allegedly “spearphishing.” That’s a twist on traditional email phishing, in which bad guys entice victims with official-looking mail from, say, a bank or an online retailer. Those attacks are usually crude and sent out in bulk. Spearphishing is tightly targeted toward an individual or specific corporate unit.

Although the ruse is not commonly known, sophisticated scammers willing to put in the time and effort to learn more about their target have used it for years.

Unlike the usual email scammers, the spearphisher “thrives on familiarity” and “knows your name, your email address and at least a little about you,” according to a report by Norton, the malware prevention and removal service. “The salutation on the email message is likely to be personalized: ‘Hi Bob’ instead of ‘Dear Sir.'”

Spearphishers often scan Facebook and other social media sites to glean details about users’ friends to make messages look more legitimate. The emails might refer to a recent online purchase or a mutual friend, causing users to let down their guard and be more willing to click a link or provide user names, passwords or banking information.

In one instance highlighted in the indictment, a Chinese officer allegedly emailed roughly 20 U.S. Steel employees purporting to be their company’s chief executive. The message included a link that installed malware that gave the alleged Chinese hackers backdoor access to the company’s computers, just weeks before the release of a report on an important trade dispute. Several employees took the bait and clicked the link.

As spearphishing attacks increase, businesses are struggling to erect defenses. Adam Wosotowsky, a researcher at McAfee Labs, said it’s not enough for employees to simply check that the email comes from an in-house address. Virtually everything visible in an email, he said, can be forged, including the sender’s listed address.

What can’t be forged, Wosotowsky said, is the IP address the email is coming from — so businesses can block all messages ostensibly from their company’s email domains but not from authorized IP addresses.

Beyond that, “you have to make sure people have proper training to recognize it, especially if you realize you’re being targeted, because they’re going to try again and again,” Wosotowsky said. “If the payoff is $10 million in intellectual property, that single guy can send one email a day, maybe five emails a day, for two years and he just needs one to go through for it to be worth it.”

Among the red flags employees should be watching for is bad grammar and requests for user names and passwords. Specific types of attachments are also a concern, particularly files that end with .ser or .exe, which cause the computer to launch into a set of tasks.

Wosotowsky said spearphishing is still rare compared with traditional phishing, but appears to be growing in popularity as the money in traditional spamming dries up because of better protection against mass emails.

Jon Heimerl, a strategist for security services provider Solutionary, said he had one client, a company CEO, who bought a new BMW every three years. A hacker found out that the CEO was looking to buy and sent him an email purporting to be from a local BMW dealer, asking him to fill out a survey in exchange for a discount. Heimel said that after his client used his personal email account to comply, a virus opened on his work computer.

The virus then sent out an email from the CEO’s work account to everyone in the company. The subject line, Heimerl said, was something about the company getting acquired, which prompted nearly everyone to open it.

“It pretty much shut them down for the better part of three days,” he said.

The consequences of not being careful can be severe. The alleged scammers from China are accused of successfully hacking into the computers of U.S. companies involved in nuclear energy, steel manufacturing and solar energy.

One of the alleged Chinese spearphishers, according to the indictment, was able to steal host names and descriptions for more than 1,700 company servers, including those that controlled physical access to the company’s facilities and mobile access to its networks.

Photo: Akasped via Flickr

U.S. Indicts 5 Chinese Officers, Alleging Economic Espionage

U.S. Indicts 5 Chinese Officers, Alleging Economic Espionage

By Timothy M. Phelps and Julie Makinen, Tribune Washington Bureau

WASHINGTON — The Justice Department Monday filed unprecedented criminal charges against five members of the Chinese military, accusing them of economic espionage for hacking into the computers of U.S. companies involved in nuclear energy, steel manufacturing and solar energy.

The indictment for economic espionage marked the first such case brought against foreign government officials and was seen by some analysts as important symbolically.

U.S. Attorney General Eric H. Holder Jr. said at a news conference that the hacked American companies and organizations included U.S. Steel, Westinghouse, Alcoa, Allegheny Technologies, the United Steel Workers Union and U.S. subsidiaries of SolarWorld, a German company.

Holder said that in some cases the five Chinese officers stole trade secrets and in other cases they stole “sensitive, internal communications” that provided Chinese companies with valuable information on the strategies or vulnerabilities of U.S. competitors that the Chinese were negotiating with.

Kathleen Walsh, an associate professor at the Naval War College, said the indictment underscored key differences in the viewpoints of the two influential nations.

The U.S. has historically considered it a crime to spy on private firms in order to provide commercial advantage, she said. In contrast, China’s technology development strategy embraces all forms of technology transfer, including espionage and cyber-espionage.

“Therefore, this indictment is unlikely to fundamentally change China’s long-standing technology development strategy and cyber-espionage activities,” said Walsh, who stressed that her analysis did not represent the official views of the U.S. government or the military. “It does, nonetheless, raise the costs somewhat, if mainly in diplomatic terms and as a loss of global face.”

The indictment included the five officers’ names, their unit, their photographs and the building in Shanghai where they worked. But there was little prospect of them ever being brought to justice in the U.S., officials said.

Instead, the indictment appeared to be intended to send a message to Chinese leaders, who have denied that the People’s Liberation Army is engaged in economic espionage and have challenged the U.S. to provide proof.

“Well today, we are” providing proof, said Assistant Attorney General for National Security John Carlin. “For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses.”

“This indictment describes, with particularity, specific actions on specific days by specific actors to use their computers to steal information from across our economy,” Carlin said.

“This administration will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market,” Holder said at the news conference in Washington. “This case should serve as a wake-up call to the seriousness of the ongoing cyber threat,” he said.

The officers — identified as Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui — were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army.

In another case, prosecutors in New York were expected to announce Monday some arrests abroad and other enforcement actions involving “malicious” compromising of computer software, according to a law enforcement official familiar with the case.

The charges are certain to heighten tensions between the U.S. and China. Each side has accused the other of cyber-spying.

In 2013, the U.S. information security firm Mandiant said that a unit of the People’s Liberation Army had been linked to cyber-intrusions of 141 U.S. and foreign companies and entities, mostly in English-speaking countries.

Chinese officials have accused the U.S. of hypocrisy, noting that disclosures by former NSA contractor Edward Snowden suggested the U.S. had monitored and hacked into Chinese phone and Internet companies.

Holder said the U.S. only engages in surveillance for national security purposes, not to give American companies a competitive advantage.

AFP Photo/Al Seib