The most under reported war across the globe is cyber-spying. It has only been this week that Eric Holder and the Department of Justice decided to arrest a handful of Chinese that have been cyber-spying on America for years among other factions.
Cyber threats and hackers is nothing new, but it is rarely reported until it involves citizens like in the matter of Target stores last year. The question that remains officially unanswered is just why has the United States been so soft on cyber-wars against the United States? The answer is in fact foreign policy trumps everything and that should cause some real head-scratching as foreign policy under Barack Obama via Hillary Clinton and John Kerry is decayed.
There is the Syrian Electronic Army, Turkey’s RedHack, Serbia’s TeslaTeam, China has them, Russia has them, Iran has them. Hackers are the 21st century nuclear weapons. In fact nuclear weapons secrets is just what the Chinese hackers were after and are now sought by Eric Holder.
The United States brought first-of-its kind cyber-espionage charges Monday against five Chinese military officials accused of hacking into U.S. companies to gain trade secrets.
According to the indictment, hackers targeted the U.S. nuclear power, metals and solar products industries and are accused of stealing trade secrets and economic espionage. The victims are Alcoa World Alumina, Westinghouse Electric Co., Allegheny Technologies, U.S. Steel Corp., United Steelworkers Union, and SolarWorld, Attorney General Eric Holder said.
The charges underscore a longtime Obama administration goal of prosecuting state-sponsored cyber threats.
“The alleged hacking appears to have been conducted for no other reason than to advantage state-owned companies and other interests in China at the expense of businesses here in the United States,” Holder told a news conference at the Justice Department. “This is a tactic that the United States government categorically denounces.”
Said Bob Anderson Jr., executive assistant director of the FBI’s criminal, cyber response and services division: “This is the new normal. This is what you’re going to see on a recurring basis.”
In a statement, China’s Foreign Ministry said the U.S. charges were based on “fabricated facts” and jeopardize China-U.S. “cooperation and mutual trust.”
US Government: China Cited in Cyber-spying Case
“China is steadfast in upholding cybersecurity,” said the statement. “The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cyber theft of trade secrets. The U.S. accusation against Chinese personnel is purely ungrounded and absurd.”
The charges against the Chinese military officials come on the heels of a separate worldwide operation over the weekend that resulted in the arrest of 97 people in 16 countries who are suspected of developing, distributing or using malicious software called BlackShades, Holder said. The software allows criminals to gain surreptitious control of personal computers. An announcement on those arrests was expected for later Monday in New York.
“These two cases show that we are stepping up our cyber enforcement efforts really around the globe,” Holder said, adding that the U.S. will not tolerate these activities.
U.S. officials have previously asserted that China’s army and China-based hackers had launched attacks on American industrial and military targets, often to steal secrets or intellectual property. China has said that it faces a major threat from hackers, and the country’s military is believed to be among the biggest targets of the NSA and U.S. Cyber Command.
“It is our hope that the Chinese government will respect our criminal justice system,” Holder said.
In recent months, Washington has been increasingly critical of what it describes as provocative Chinese actions in pursuit of territorial claims in disputed seas in East Asia. For its part, Beijing complains that the Obama administration’s attempt to redirect its foreign policy toward Asia after a decade of war in the Middle East is emboldening China’s neighbors and causing tension.
The hackers allegedly stole emails and other communications that could have helped Chinese firms learn the strategies and weaknesses of American companies involved in litigation with the Chinese government or Chinese firms.
Despite the ominous-sounding allegations, at least one of the firms downplayed the hacking.
“To our knowledge, no material information was compromised during this incident, which occurred several years ago,” said Monica Orbe, Alcoa’s director of corporate affairs. “Safeguarding our data is a top priority for Alcoa, and we continue to invest resources to protect our systems.”
Last September, President Barack Obama discussed cybersecurity issues on the sidelines of a summit in St. Petersburg, Russia, with Chinese President Xi Jinping.
“China not only does not support hacking but also opposes it,” Premier Li Keqiang said last year in a news conference when asked if China would stop hacking U.S. websites. “Let’s not point fingers at each other without evidence but do more to safeguard cyber security.”
But hacking still does threaten common citizens and yet no one tells us much less provides the tools to protect us.
On the popular websites where cyber criminals buy and sell software kits and help each other solve problems, hackers issued warnings about police visits to their homes.
The hackers quickly guessed that a major crackdown was underway on users of the malicious software known as Blackshades.
The malware sells for as little as $40. It can be used to hijack computers remotely and turn on computer webcams, access hard drives and capture keystrokes to steal passwords — without victims ever knowing it.
Criminals have used Blackshades to commit everything from extortion to bank fraud, the FBI said.
Last week, watching it all play out were about two dozen FBI cybercrime investigators holed up in the New York FBI’s special operations center, high above lower Manhattan.
Rows of computer screens flickered with updates from police in Germany, Denmark, Canada, the Netherlands and elsewhere. Investigators followed along in real time as hundreds of search warrants were executed and suspects were interviewed.
One of the largest global cybercrime crackdowns has yielded the arrests of over 100 people linked to the Blackshades malware.
The sweep, capping a two-year operation, was coordinated so suspects didn’t have time to destroy evidence. It included the arrest in Moldova of a Swedish hacker who was a co-creator of Blackshades. Prosecutors in the Manhattan U.S. attorney’s office are expected to announce the results of the probe later Monday.
700,000 victims around the world: Inside the FBI special operations center, six large computer monitors displayed key parts of the probe. Agents kept an eye on one screen showing a popular website where Blackshades was sold. The site was taken down by the FBI.
Another monitor showed a heatmap of the world displaying the locations of the 700,000 estimated victims, whose computers have been hijacked by criminals using the Blackshades software. Splotches of green on the map indicated concentrations of infected computers in highly populated parts of the U.S., Europe, Asia and Australia.
The FBI said that in just a few years Blackshades has become one of the world’s most popular remote-administration tools, or RATs, used for cybercrime.
Leo Taddeo, chief of the FBI’s cybercrime investigations in New York, said the unprecedented coordination with so many police agencies came about because of concern about the fast growth of cybercrime businesses.
“These cyber criminals have paid employees, they have feedback from customers — other cyber criminals — to continually update and improve their product,” Taddeo said recently. While he spoke, agents took calls from counterparts working the case in more than 40 U.S. cities.
Blackshades had grown rapidly because it was marketed as off-the-shelf, easy to use software, much like legitimate consumer tax-preparation software.
“It’s very sophisticated software in that it is not very easy to detect,” Taddeo said. “It can be installed by somebody with very little skills.”
Hack victim: ‘I felt completely violated’: For victims whose personal computers were turned into weapons against them, the arrests bring reassurance.
Cassidy Wolf, the reigning Miss Teen USA, received an ominous email message in March 2013.
The email, from an unidentified sender, included nude photos of herself, obviously taken in her bedroom from her laptop. “Either you do one of the things listed below or I upload these pics and a lot more … on all your accounts for everybody to see and your dream of being a model will be transformed into a porn star,” the email said.
And so began what Wolf describes as three months of torture.
The email sender demanded better quality photos and video, and a five-minute sex show via Skype, according to FBI documents filed in court. He told her she must respond to his emails immediately — software he had installed told him when she opened his messages.
“I felt completely violated,” Wolf said in an interview. “I felt scared because I didn’t know if this person was a physical threat. My whole sense of security and trust was gone.”
A former classmate she knew, Jared Abrahams, had installed Blackshades malware on Wolf’s laptop. In March, the 20-year-old computer science student was sentenced to 18 months in prison after pleading guilty to extortion and unauthorized access of a computer.
Abrahams had been watching her from her laptop camera for a year, Wolf later learned. The laptop always sat open in her bedroom, as she played music or communicated with her friends.
Abrahams had used Blackshades to target victims from California to Maryland, and from Russia to Ireland. He used the handle “cutefuzzypuppy” to get tips on how to use malware, according to FBI documents. In all, he told the FBI, he had controlled as many as 150 computers.
Cybercriminals like Abrahams often rely on weak links in computer security, and mistakes by victims, to infect computers.
Many computer users don’t update anti-virus software. Many click on links sent in messages on social media sites such as Facebook, or in email, without knowing what they’re clicking on. In seconds, malware is downloaded. Often computer users have no idea infection has taken place.
“A hacker is going to go for the low-hanging fruit,” said Tyler Cohen Wood, a cybersecurity expert at the Defense Intelligence Agency and author of the book “Catching the Catfishers.”
Victims often don’t realize how easy they make themselves to be targeted and can better protect themselves by being careful about what they reveal online, Wood said.
Taddeo, the FBI cyber chief, said the most common way criminals have used Blackshades to target victims is by sending emails that seem legitimate, perhaps with a marketing offer, and with a link to click. “Anyone who signs on to the internet is potentially a victim of this tool,” he said.
In Wolf’s case, she received a Facebook message related to teen pageants. When her computer was infected it sent messages to other friends, whose computers also became infected.
The episode has made Wolf into a campaigner to urge young people to be better educated about online safety. She said her passwords are now more complicated and unique for each account, and she changes them often. She uses updated security software.
“I really didn’t think that everything I worked for could be lost because of this,” she said. “This can happen to anybody.”