Latest in Cybersecurity: Crime and Espionage
The Department of Justice has charged five Chinese nationals with a variety of crimes for allegedly hacking into over 100 organizations worldwide, including targeted attacks on U.S. companies.
Domestic organizations need to be cautious of COVID-19-related phishing attacks, which have the potential to cripple business and administrative operations during the time of a health emergency.
This article, originally presented to the Cross-Border Data Forum, expands upon arguments first set forth by the authors in “Flat Light: Data Protection for the Disoriented, From Policy to Practice,” The Hoover Institution, November 20, 2018.
In the U.S. there has been a long debate about “vulnerability equities”—that is, whether the government should disclose a vulnerability it discovers to the vendor, which will then allow users to apply a patch and be defended against exploitation, or keep the vulnerability secret to enable the government’s exploitation of targets. There is little data on how the process works. But the U.S. has the potential to learn how the British handle the same problem.
The May 7 indictment of a Chinese national and unnamed conspirator for hacking and stealing data from nearly 80 million customers of the health care company Anthem in 2015, which researchers previously linked to Chinese state-sponsored actors, is the latest iteration of a four-year U.S.
It’s been known since 2012 that a Baltimore-based company called Cyber Point had a contract with the United Arab Emirates (UAE) to assist its newly-established signals intelligence agency (then called the National Electronic Security Authority) with “advice on cyberdefense and policy,” as Ellen Nakashima reported at the time for the Washington Post.
On Thursday, the Justice Department announced charges against two Chinese government-associated hackers for conspiring to commit computer intrusions. Video of the press conference is below.
On Tuesday, the Department of Justice unsealed an indictment in the Southern District of California charging 10 defendants, including Chinese intelligence officers and their recruits, in two conspiracies to steal sensitive commercial aerospace information and technology from American companies in violation of provisions of the Computer Fraud and Abuse Act. The full indictment is below.
The White House recently released its National Cyber Strategy, and lawyers and privacy advocates alike should pay careful attention to its “priority actions” related to surveillance and criminal law reform.
As many readers know, supply chain security has been an increasing concern for those who use information technology for critical functions—that is, it affects everyone.