Latest in Cybersecurity: Crime and Espionage
The overemphasis on trespass in the Computer Fraud and Abuse Act disincentivizes the wrong types of activities in cyberspace, while also permitting activities that should be criminalized.
The GCHQ’s disclosure of the “BlueKeep” vulnerability offers an opportunity for the U.S. to learn from how the British handle the question of vulnerabilities equities.
It’s not clear whether criminal charges against hackers deter foreign adversaries, but they are still valuable.
A Reuters expose about American contractors working for Emirati signals intelligence raises hard questions about the legal architecture for situations in which U.S. persons leave the intelligence community and go to work for foreign intelligence agencies.
On Thursday, the Justice Department announced charges against two Chinese government-associated hackers for conspiring to commit computer intrusions. Video of the press conference is below.
On Tuesday, the Department of Justice unsealed an indictment in the Southern District of California charging 10 defendants, including Chinese intelligence officers and their recruits, in two conspiracies to steal sensitive commercial aerospace information and technology from American companies in violation of provisions of the Computer Fraud and Abuse Act. The full indictment is below.
Lawyers and privacy advocates alike should pay careful attention to the “priority actions” in the National Cyber Strategy related to surveillance and criminal law reform.
There has never been a publicly documented incident of hardware supply chain compromise at the fabrication level originating abroad—until now.
Russia is using highly effective methods to conduct cyberattacks, but even the GRU is not immune from mistakes.
Bloomberg reports that the Chinese People’s Liberation Army has quietly been corrupting a key computer chip. The technical implications are frightening.