Chinese hackers took trillions in intellectual property from about 30 multinational companies; CBS News, May 4, 2022

NICOLE SGANGA, CBS News; Chinese hackers took trillions in intellectual property from about 30 multinational companies

"A yearslong malicious cyber operation spearheaded by the notorious Chinese state actor, APT 41, has siphoned off an estimated trillions in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy and pharmaceutical sectors.

A new report by Boston-based cybersecurity firm, Cybereason, has unearthed a malicious campaign — dubbed Operation CuckooBees — exfiltrating hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas, and manufacturing-related proprietary data from multiple intrusions, spanning technology and manufacturing companies in North America, Europe, and Asia. 

"We're talking about Blueprint diagrams of fighter jets, helicopters, and missiles," Cybereason CEO Lior Div told CBS News. In pharmaceuticals, "we saw them stealing IP of drugs around diabetes, obesity, depression." The campaign has not yet been stopped.

Cybercriminals were focused on obtaining blueprints for cutting-edge technologies, the majority of which were not yet patented, Div said.

The intrusion also exfiltrated data from the energy industry – including designs of solar panel and edge vacuum system technology. "This is not [technology] that you have at home," Div noted. "It's what you need for large-scale manufacturing plants.""

Ransomware is a national security threat and a big business — and it’s wreaking havoc; The Washington Post, May 15, 2021

 

Ellen Nakashima and Rachel Lerman, The Washington Post; Ransomware is a national security threat and a big business — and it’s wreaking havoc

 

"But many of the actors are in countries outside the reach of U.S. and allied authorities. DarkSide, for example, is believed to be based in Russia and many of its communications are in Russian. 

 

“They’ve become the 21st century equivalent of countries that sheltered pirates,” said Daniel, the Obama White House cyber coordinator. “We have to impose diplomatic and economic consequences so they don’t see it as in their interest to harbor those criminals.”"

People Are Looking At Your LinkedIn Profile. They Might Be Chinese Spies; NPR, September 19, 2019

Ryan Lucas, NPR; People Are Looking At Your LinkedIn Profile. They Might Be Chinese Spies

"Demers took over leadership of the National Security Division in February 2018 after being confirmed by the Senate. Since taking the helm, he has spent a considerable amount of time on China and what he calls its prolific espionage efforts against the United States.

They're vast in scale, he said, and they span the spectrum from traditional espionage targeting government secrets to economic espionage going after intellectual property and American trade secrets...

It's a play that has also been used to target folks in the business world and academia, where China is hungry for cutting-edge technology and trade secrets. For years, the Chinese intelligence services have hacked into U.S. companies and made off with intellectual property.

Now, U.S. officials say China's spies are increasingly turning to what is known as "nontraditional collectors" — students, researchers and business insiders — to scoop up secrets."

Trump’s bizarre statement on China dishonors us all; The Washington Post, January 11, 2019

Dana Milbank, The Washington Post; Trump’s bizarre statement on China dishonors us all

"Asked an unrelated question on the White House South Lawn on Thursday, Trump volunteered a comparison between Speaker Nancy Pelosi (D-Calif.) and Senate Minority Leader Charles E. Schumer (D-N.Y.) — and the leaders of the People’s Republic of China.

“I find China, frankly, in many ways, to be far more honorable than Cryin’ Chuck and Nancy. I really do,” he said. “I think that China is actually much easier to deal with than the opposition party.”

China, honorable?

China, which is holding a million members of religious minorities in concentration camps for “reeducation” by force?

China, which, according to Trump’s own FBI director, is, by far, the leading perpetrator of technology theft and espionage against the United States and is “using illegal methods” to “replace the U.S. as the world’s leading superpower”?

China, whose state-sponsored hackers were indicted just three weeks ago and accused of a 12-year campaign of cyberattacks on this and other countries?

China, whose ruling Communist Party has caused the extermination of tens of millions of people since the end of World War II, through government-induced famine, the ideological purges of the Cultural Revolution, and in mowing down reformers in Tiananmen Square?

Trump has a strange sense of honor. In April, he bestowed the same adjective on the world’s most oppressive leader, North Korea’s nuclear-armed dictator: “Kim Jong Un, he really has been very open and I think very honorable from everything we’re seeing.”

Now, the president is declaring that China’s dictatorship, by far the world’s biggest international criminal and abuser of human rights and operator of its most extensive police state, is more honorable than his political opponents in the United States.

In Trump’s view, your opponents are your enemies — and your actual enemies are your friends. How can you negotiate with a man who thinks like this?"

Hackers Are Breaking into Medical Databases to Protect Patient Data; The Scientist, October 1, 2018

Catherine Offord, The Scientist; Hackers Are Breaking into Medical Databases to Protect Patient Data

"The first few times Ben Sadeghipour hacked into a computer, it was to access the video games on his older brother’s desktop. “He would usually have a password on his computer, and I would try and guess his password,” Sadeghipour tells The Scientist. Sometimes he’d guess right. Other times, he wouldn’t. “So I got into learning about how to get into computers that were password protected,” he says. “At the time, I had no clue that what I was doing was considered hacking.”

The skills he picked up back then would become unexpectedly useful later in life. Sadeghipour now breaks into other people’s computer systems as a profession. He is one of thousands of so-called ethical hackers working for HackerOne, a company that provides services to institutions and businesses looking to test the security of their systems and identify vulnerabilities before criminals do."

The Chinese threat that an aircraft carrier can’t stop; The Washington Post, August 7, 2018

David Ignatius, The Washington Post; The Chinese threat that an aircraft carrier can’t stop

"America’s vulnerability to information warfare was a special topic of concern. One participant recalled a conversation several years ago with a Russian general who taunted him: “You have a cybercommand but no information operations. Don’t you know that information operations are how you take countries down?”"

My terrifying deep dive into one of Russia's largest hacking forums; The Guardian, July 24, 2018

Dylan Curran, The Guardian; 

My terrifying deep dive into one of Russia's largest hacking forums

[Kip Currier: I had a similar reaction to the author of this article when I attended a truly eye-opening 4/20/18 American Bar Association (ABA) Intellectual Property Law Conference presentation, "DarkNet: Enter at Your Own Risk. Inside the Digital Underworld". One of the presenters, Krista Valenzuela with the New Jersey Cybersecurity and Communications Integration Cell in West Trenton, New Jersey, did a live foray into the Dark Web. The scope of illicit activities and goods witnessed in just that brief demo was staggering and evoked a feeling that scenes of "black market" contraband and "bad actors" endemic to dystopian sci-fi fare like Blade Runner 2049 and Netflix's Altered Carbon are already part of the present-day real-world.]
 
"It’s fascinating to see how this community works together to take down “western” systems and derive chaos and profit from it. Typically, hackers in first-world countries are terrified to work together due to the multiplicative risk of a group being caught. In Russia, however, the authorities don’t seem to care that these hackers are wreaking havoc on the west. They are left to their own devices, and most users on this forum have been regular members for over six years.

A lot of the information on this forum is incredibly worrying, even if a lot of it is harmless 15-year-olds trying to be edgy and hack their friend’s phones. In any case, it’s important to know these communities exist. The dark underbelly of the internet isn’t going anywhere."

Trump Wants Putin to Keep Meddling to Get Himself Reelected; The Daily Beast, July 19, 2018

Margaret Carlson, The Daily Beast; Trump Wants Putin to Keep Meddling to Get Himself Reelected

"From the gist of special counsel Robert Mueller’s indictments, Trump knows how sophisticated, how costly the Russian actions were, and how likely they are to take place again. Yet he’s made no moves to deny Putin a glide path to a sequel, no elevating election security to a priority as he did for the calamitous separating children at the border, which has all the money and attention in the world.

To the contrary, the White House hasn’t spearheaded anything close to the kind of Manhattan Project that protecting our democracy deserves, not even the cost-free appointment of an election czar, or a request to Silicon Valley to help. Small efforts to counter voting machine fraud, bots, fake news (the real kind) go along at a snail’s pace at the FBI and Homeland Security. Congress has allotted a mere $380 million, a pittance to the cause. It’s likely that Russia is putting more money into interfering in 2020 than the U.S. is putting in to stopping it."

“A shameless lie”: Holes poked in Donald Trump’s assertion that he misspoke when praising Putin; Salon, July 17, 2018

Shira Tarlo and Joseph Neese, Salon; “A shameless lie”: Holes poked in Donald Trump’s assertion that he misspoke when praising Putin

"As controversy mounted over his assertion that he believed Russian President Vladimir Putin's word over the findings of the U.S. intelligence community, President Donald Trump attempted to walk back his remarks, in part, by claiming that "other people" could have also meddled in the 2016 presidential election."

Data scandal is huge blow for Facebook – and efforts to study its impact on society; Guardian, March 18, 2018

Olivia Solon, Guardian; Data scandal is huge blow for Facebook – and efforts to study its impact on society

"The revelation that 50 million people had their Facebook profiles harvested so Cambridge Analytica could target them with political ads is a huge blow to the social network that raises questions about its approach to data protection and disclosure.

As Facebook executives wrangle on Twitter over the semantics of whether this constitutes a “breach”, the result for users is the same: personal data extracted from the platform and used for a purpose to which they did not consent.

Facebook has a complicated track record on privacy. Its business model is built on gathering data. It knows your real name, who your friends are, your likes and interests, where you have been, what websites you have visited, what you look like and how you speak."

Research: A Strong Privacy Policy Can Save Your Company Millions; Harvard Business Review, February 15, 2018

Kelly D. Martin and 

Abhishek Borah and 

Robert W. Palmatier, 

Harvard Business Review; Research: A Strong Privacy Policy Can Save Your Company Millions

"Our research shows that data breaches sometimes harm a firm’s close rivals (due to spillover effects), but sometimes help them (due to competitive effects). What is more, we found that a good corporate privacy policy can shield firms from the financial harm posed by a data breach — by offering customers transparency and control over their personal information — while a flawed policy can exacerbate the problems caused by a breach. Together, this evidence is the first to show that a firm’s close rivals are directly, financially affected by its data breach and also to offer actionable solutions that could save some companies hundreds of millions of dollars.

Our research shows that sometimes a breach creates spillover, where investors perceive a guilt-by-association effect that harms the breached firm’s close rivals."

To Protect Voting, Use Open-Source Software; New York Times, August 3, 2017

R. James Woolsey and Brian J. Fox, New York Times; To Protect Voting,Use Open-Source Software

"If the community of proprietary vendors, including Microsoft, would support the use of open-source model for elections, we could expedite progress toward secure voting systems.

With an election on the horizon, it’s urgent that we ensure that those who seek to make our voting systems more secure have easy access to them, and that Mr. Putin does not."

The privacy risk of using a digital home assistant; KSL.com, July 6, 2017

Sloan Schrage, KSL.com

KSL TV

The privacy risk of using a digital home assistant

"“For the machine to know you’re talking to it, it has to be taking that voice information that it’s recording and sending it back and processing,” said [cyber security expert Sean Lawson. "The technology is really cool, especially if you grew up watching ‘The Jetsons’ or ‘Star Trek.’ The problem is, I also know how they work and the privacy implications. The costs versus the benefits of what this device will do for me is just not worth paying in terms of the privacy you give up. But everyone needs to make that decision for themselves.”"

Target to Pay $18.5M to States Over Data Breach; Inside Counsel, May 24, 2017

P.J. D'Annunuzio, Inside Counsel; 

Target to Pay $18.5M to States Over Data Breach

"Deterrence was a major theme brought up by many of the attorneys general who released statements about the agreement.

The $18.5 million settlement with the states, coupled with the $10 million consumer class action settlement approved last week, may seem like a drop in the bucket for a retail juggernaut like Target, but according to Lambiras, the deterrent effect lies in the residual legal and public relations costs companies incur following a data breach.

In a statement Tuesday, Connecticut Attorney General George Jepsen said the settlement should serve as a wake-up call to companies to tighten their data security. He also gave kudos to Target for working with authorities after the breach."

America’s dangerous Internet delusion; Washington Post, May 21, 2017

Robert J. Samuelson, Washington Post; America’s dangerous Internet delusion

"We are addicted to the Internet and refuse to recognize how our addiction subtracts from our security. The more we connect our devices and instruments to the Internet, the more we create paths for others to use against us, either by shutting down websites or by controlling what they do. Put differently, we are — incredibly — inviting trouble. Our commercial interests and our national security diverge.

The latest example of this tension is the “Internet of things” or the “smart home.” It involves connecting various devices and gadgets (thermostats, lights, cameras, locks, ovens) to the Internet so they can be operated or monitored remotely."

Boy, 11, hacks cyber-security audience to give lesson on 'weaponisation' of toys; Agence France-Presse via Guardian, May 16, 2017

Agence France-Presse via Guardian; 

Boy, 11, hacks cyber-security audience to give lesson on 'weaponisation' of toys

"“Most internet-connected things have a Bluetooth functionality ... I basically showed how I could connect to it, and send commands to it, by recording audio and playing the light,” [Reuben Paul] told AFP later.

“IOT home appliances, things that can be used in our everyday lives, our cars, lights refrigerators, everything like this that is connected can be used and weaponised to spy on us or harm us.”

They could be used to steal private information such as passwords, as remote surveillance to spy on kids, or employ GPS to find out where a person is, he said. More chillingly, a toy could say “meet me at this location and I will pick you up”, Reuben said."

Consumer Reports: Your kid's online privacy: Connected toys; Consumer Reports via WSAW, May 16, 2017

Consumer Reports via WSAW; 

Consumer Reports: Your kid's online privacy: Connected toys

"It’s no secret that sharing personal information online comes with risk. But what if toys were also making it possible for hackers to access both you and your children’s information? Consumer Reports has some stern warnings about a new generation of toys."

WikiLeaks’ latest release of CIA cyber-tools could blow the cover on agency hacking operations; Washington Post, March 31, 2017

Ellen Nakashima, Washington Posr; WikiLeaks’ latest release of CIA cyber-tools could blow the cover on agency hacking operations

"WikiLeaks’ latest disclosure of CIA cyber-tools reveals a technique used by the agency to hide its digital tracks, potentially blowing the cover on current and past hacking operations aimed at gathering intelligence on terrorists and other foreign targets.

The release Friday of the CIA’s “Marble Framework” comes less than a month after the WikiLeaks dumped onto the Internet a trove of files — dubbed “Vault 7” — that described the type of malware and methods the CIA uses to gain access to targets’ phones, computers and other electronic devices...

WikiLeaks, founded by Julian Assange, has sought to position itself as a champion of transparency and defender of privacy rights. It described the Marble Framework as “the digital equivalent of a specialized CIA tool to place covers over the English language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.”"

Ethics And Hacking: What You Need To Know; Forbes, March 6, 2017

Forbes Technology Council, Forbes; 

Ethics And Hacking: What You Need To Know

"The term hacking gets bandied about a great deal in both the industry and in the media. Some stories carry the image of bored tweens, building skills while bragging about tearing up someone else’s hard work. Other stories talk more about offshore groups using server farms to mass phish for information.

The kinds of damage that hackers can cause is as varied as functions of a computer or device: Lost finances, trade secrets, and files swapped or erased are only the tip of what could be done to a person or company. Sometimes, just being one of the few people aware that different companies are talking to each other about business can mean opportunities for the unethical.

So the question gets raised: Can the arts of hacking be used to improve lives on a broader scale, or is it a purely destructive activity? Below, Forbes Technology Council members weigh in on ethics and hacking."

State-sponsored hackers targeting prominent journalists, Google warns; Politico, February 10, 2017

Daniel Lippman, Politico; 

State-sponsored hackers targeting prominent journalists, Google warns

"Google has warned a number of prominent journalists that state-sponsored hackers are attempting to steal their passwords and break into their inboxes, the journalists tell POLITICO...

Some journalists getting the warnings say they suspect the hackers could be Russians looking to find incriminating emails they could leak to embarrass journalists, either by revealing alleged liberal bias or to expose the sausage-making of D.C. journalism."