Latest in Cybersecurity: Crime and Espionage
This article, originally presented to the Cross-Border Data Forum, expands upon arguments first set forth by the authors in “Flat Light: Data Protection for the Disoriented, From Policy to Practice,” The Hoover Institution, November 20, 2018.
In the U.S. there has been a long debate about “vulnerability equities”—that is, whether the government should disclose a vulnerability it discovers to the vendor, which will then allow users to apply a patch and be defended against exploitation, or keep the vulnerability secret to enable the government’s exploitation of targets. There is little data on how the process works. But the U.S. has the potential to learn how the British handle the same problem.
The May 7 indictment of a Chinese national and unnamed conspirator for hacking and stealing data from nearly 80 million customers of the health care company Anthem in 2015, which researchers previously linked to Chinese state-sponsored actors, is the latest iteration of a four-year U.S.
It’s been known since 2012 that a Baltimore-based company called Cyber Point had a contract with the United Arab Emirates (UAE) to assist its newly-established signals intelligence agency (then called the National Electronic Security Authority) with “advice on cyberdefense and policy,” as Ellen Nakashima reported at the time for the Washington Post.
On Thursday, the Justice Department announced charges against two Chinese government-associated hackers for conspiring to commit computer intrusions. Video of the press conference is below.
On Tuesday, the Department of Justice unsealed an indictment in the Southern District of California charging 10 defendants, including Chinese intelligence officers and their recruits, in two conspiracies to steal sensitive commercial aerospace information and technology from American companies in violation of provisions of the Computer Fraud and Abuse Act. The full indictment is below.
The White House recently released its National Cyber Strategy, and lawyers and privacy advocates alike should pay careful attention to its “priority actions” related to surveillance and criminal law reform.
As many readers know, supply chain security has been an increasing concern for those who use information technology for critical functions—that is, it affects everyone.
The Justice Department announced on Oct. 5 the indictment of seven officers of the Russian Military Intelligence Directorate, or GRU, on charges of computer hacking, wire fraud, aggravated identity theft and money laundering. Here are three quick takeaways.
According to Jordan Robertson and Michael Riley in Bloomberg Businessweek, China has recently engaged in bulk supply-chain sabotage, corrupting thousands of servers on computers that end up in the server rooms of major U.S. companies such as Amazon or Apple, government systems and other locations around the planet.