Cybersecurity & Espionage Articles
https://www.fbi.gov/news/speeches/countering-threats-posed-by-the-chinese-government-inside-the-us-wray-013122 Today, we in the United States and the Western world find ourselves in a very different struggle against another global adversary—the Chinese Communist Party. Now, there are some surface-level similarities between the threat posed by the Chinese government and the historical threat of the Soviet Union: The Chinese government also rejects the fundamental freedoms, basic human rights, and democratic norms we value as Americans.
1 Comment
https://www.axios.com/newsletters/axios-china-eef77137-5aac-4c8b-82f0-a0174adc8759.html?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioschina&stream=china The tide of public opinion may be turning against the Justice Department's China Initiative, as more cases fall apart and more of the researchers charged are speaking out.
The big picture: Chinese government-linked economic and industrial espionage in the United States is a real concern, but the China Initiative's flaws may be overshadowing the problem it was intended to address. https://www-spectator-co-uk.cdn.ampproject.org/c/s/www.spectator.co.uk/article/how-china-spies-on-the-west/amp
It is hard to say what was the most shocking part of the incident. The audacity of a company with close links to the Chinese Communist Party, which is barred from Britain’s 5G telecoms networks on security grounds? Or the apparent indifference of Oxford University? But it is just one example of the brazen way in which entities linked to the CCP are able to trawl for information and technology in Britain, with few questions asked. .... In one operation I was told about while researching a book on Chinese surveillance, hackers penetrated a US oil company by infecting the online menu of a local Chinese restaurant where systems engineers ordered their takeaways. When the engineers clicked on General Tso’s chicken, they got a lot more than sweet crispy meat. https://www.wsj.com/articles/official-beijing-2022-olympics-mobile-app-is-marred-by-security-flaws-researchers-say-11642511957
Athletes, officials, media and other participants in the Games all will be required to download My 2022 and use it to upload their travel plans, passport details, and health information such as body temperature, respiratory symptoms and medications each day for two weeks before arriving in China. Users are required to continue using the app to upload information about their health condition during the Games. https://www.spytalk.co/p/how-foreign-spies-infiltrate-us-police
The arrest in New York last week of an Egyptian-American accused of spying on exiles opposed to President Abdel Fattah al-Sisi’s repressive regime has lifted the curtain on a “significant” but little noted national security issue: the recruitment of U.S. state and local police by foreign intelligence agencies. Pierre Girgis, a dual Egyptian-U.S. citizen in Manhattan, worked at the "direction and control" of several Cairo agencies to advance the regime's interests in the United States from 2014 through 2019, according to a federal indictment handed down Jan. 6. Girgis, a Capital One bank vice president who openly promoted interchanges between Egyptian officials and American police, had a secret helper, according to the Justice Department: a source in local law enforcement. FBI wiretaps overheard Girgis and Egyptian officials talking about exploiting the (unnamed) police officer for private information on anti-regime activists here. The Girgis case is hardly atypical, law enforcement sources say. The full number and disposition of such cases in recent years was not readily available from the Justice Department, but according to former FBI counterintelligence chief Frank Figliuzzi and other former national security officials, efforts by foreign spy agencies to recruit U.S. state and local police is a persistent problem. https://www.insaonline.org/new-paper-addresses-bias-and-insider-threat-programs/?utm_source=INSA+General+Audience&utm_campaign=69a2aaa47e-EMAIL_CAMPAIGN_2020_09_29_12_57_COPY_02&utm_medium=email&utm_term=0_1ffc0bc53f-69a2aaa47e-563764701
The Intelligence and National Security Alliance (INSA) today released a new white paper, Strategies for Addressing Bias in Insider Threat Programs, that can help insider threat and security managers identify and mitigate biases that undermine the effectiveness of insider threat (InT) programs in both government and industry. Developed by INSA’s Insider Threat Subcommittee, this paper identifies sources of potential bias that can be attributed to both people and technology. Through personal cognitive biases, whether implicit and unrecognized or overt, InT program staff can affect the objectivity of InT analyses. Organizations can introduce bias at a systemic level through enterprise-wide hiring practices and personnel decisions. Technology can create bias through the selection, weighting, and categorization of data and the design or risk analysis models. The consequences of both human and technological bias in InT programs are high. Bias undermines the effectiveness of insider threat programs by diverting attention to low risks and causing higher risks to go unexamined. In addition, bias wastes resources, creates potential legal liability, and impairs an organization’s ability to hire and retain staff. “We all know by now that algorithms don’t yield perfectly objective analyses – they reflect the assumptions and the data that humans provide them,” said Larry Hanauer, INSA’s Vice President for Policy. “If government agencies and corporations are to manage risk effectively, they must take proactive steps to identify and mitigate both human and technological biases in their approach to insider threats.” The paper offers several recommendations for how organizations can identify and mitigate bias in InT programs:
https://www.scmp.com/tech/big-tech/article/3162609/walmarts-china-unit-disciplined-shenzhen-police-breaches
The China arm of the world’s largest retailer Walmart Inc has received a warning from police in the southern tech hub of Shenzhen for breaches of cybersecurity laws, as the country tightens its grip over how data is handled by businesses. The public security authorities in Shenzhen found 19 cybersecurity loopholes in November in the online network of Walmart’s China operation, which could be susceptible to exploitation, and the company did not subsequently fix the issues in a timely manner, according to a document issued by local authorities and shown on Qichacha, a Chinese business information platform. https://www.justice.gov/opa/pr/chinese-national-pleads-guilty-economic-espionage-conspiracy
Xiang Haitao, 44, a Chinese national formerly residing in Chesterfield, Missouri, pleaded guilty today to conspiracy to commit economic espionage. According to court documents, Xiang conspired to steal a trade secret from Monsanto, an international company based in St. Louis, for the purpose of benefitting a foreign government, namely the People’s Republic of China. “Despite Xiang’s agreements to protect Monsanto’s intellectual property and repeated training on his obligations to do so, Xiang has now admitted that he stole a trade secret from Monsanto, transferred it to a memory card and attempted to take it to the People’s Republic of China for the benefit of Chinese government,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “With his guilty plea, Xiang is now being held accountable for this unlawful conduct.” “Mr. Xiang used his insider status at a major international company to steal valuable trade secrets for use in his native China,” said U.S. Attorney Sayler Fleming for the Eastern District of Missouri. “We cannot allow U.S. citizens or foreign nationals to hand sensitive business information over to competitors in other countries, and we will continue our vigorous criminal enforcement of economic espionage and trade secret laws. These crimes present a danger to the U.S. economy and jeopardize our nation’s leadership in innovation and our national security.” “The American worker suffers when adversaries, like the Government of China, steal technology to grow their economies,” said Assistant Director Alan E. Kohler Jr. of the FBI’s Counterintelligence Division. “It’s not just military technology developed in secret labs that adversaries want; in this case, it was agricultural technology used by American farmers to improve crop yields. The FBI will continue investigating the theft of technology from American companies because economic security is national security.” According to court documents, Xiang was employed by Monsanto and its subsidiary, The Climate Corporation, from 2008 to 2017, where he worked as an imaging scientist. Monsanto and The Climate Corporation developed a digital, online farming software platform that was used by farmers to collect, store and visualize critical agricultural field data and increase and improve agricultural productivity for farmers. A critical component to the platform was a proprietary predictive algorithm referred to as the Nutrient Optimizer. Monsanto and The Climate Corporation considered the Nutrient Optimizer a valuable trade secret and their intellectual property. In June 2017, the day after leaving employment with Monsanto and The Climate Corporation, Xiang attempted to travel to China on a one-way airplane ticket. While he was waiting to board his flight, Federal officials conducted a search of Xiang’s person and baggage. Investigators later determined that one of Xiang’s electronic devices contained copies of the Nutrient Optimizer. Xiang continued on to China where he worked for the Chinese Academy of Science’s Institute of Soil Science. Xiang was arrested when he returned to the United States. Xiang pleaded guilty to one count of conspiracy to commit economic espionage and is scheduled to be sentenced on April 7. He faces a maximum penalty of 15 years in prison, a potential fine of $5 million and a term of supervised release of not more than three years. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors. |
Cyber-CyI find interesting articles on the web that are simple, down-to-earth, easy to understand, and (hopefully) informative for non-technical readers. Archives
November 2022
Categories |