Jul 20, 2020

Analysis | The Cybersecurity 202: Russia and China's vaccine hacks don't violate rules of road for cyberspace, experts say


Joseph Marks


There are a lot of things the Russian and Chinese intelligence services are doing that we should be absolutely outraged about. This is pretty low on my list of concerns,” Dmitri Alperovitch, former chief technology officer at the cybersecurity company CrowdStrike, told me. Alperovich is now chairman at the Silverado Policy Accelerator, a nonprofit think tank.
On the other hand, experts fear that the new hacking authorities President Trump granted the Central Intelligence Agency could be a slippery slope that ends up undermining the push to define acceptable and unacceptable behavior for nations online. The kind of broad authorization described in the Yahoo News report, they worry, could open the door to hacks that affect foreign elections or disrupt energy service or financial transactions — just the sort of hacking the United States has traditionally condemned.
“What it’s really signaling is the long-standing U.S. policy on attempting to advocate for the establishment of international cyber norms… that’s gone,” Susan Hennessey, a senior fellow at the Brookings Institution and former NSA lawyer, said on the think tank's Rational Security podcast. “Now, instead, we have a U.S. policy…that’s about…being authorized to do all the things we have been screaming about China and Iran and other countries doing for years.”
The developments each underscore the difficulty of creating and abiding by hard-and-fast rules as cyberspace constantly changes. That has been particularly challenging during the Trump administration, when the White House has primarily focused on projecting strength in cyberspace and pledging to punch back against adversaries rather than working with allies on creating norms for good behavior.

Several top GOP lawmakers are taking their concerns about Chinese vaccine hacking straight to the president. 

They’re calling on Trump to sanction Chinese government hackers for stealing that research and other data in a letter this morning, saying it “puts the very lives of our citizens at risk.” The letter was signed by Reps. Michael McCaul (Texas), leading Republican on the House Foreign Affairs Committee; Greg Walden (Ore.), leading Republican on the Energy and Commerce Committee and Patrick McHenry (N.C.), leading Republican on the Financial Services Committee.
House Intelligence Chairman Adam B. Schiff (D-Calif.) similarly called the Russian efforts a “life and death” issue and promised a rigorous congressional investigation. That statement came just hours after the efforts were revealed in a joint alert by officials in the United States, the United Kingdom and Canada. Russia has denied the claims.
Experts, meanwhile, are savaging Trump for the CIA move, saying it could erode years of efforts to impose rules in cyberspace. 
Chris Finan, cybersecurity director on the National Security Council during the Obama administration who’s now CEO of Manifold Technology:
The 2018 authorization basically gave the CIA broad powers to conduct convert actions in cyberspace without first getting a go-ahead from the White House and specifically mentions Russia, China, Iran and North Korea as possible targets, Yahoo reports. Since it was approved, the agency has launched dozens of secret hacking operations, the article says.

The reactions reveal just how murky the rules can be in the shadowy world of cyberspace. 

In the case of the vaccine hacks, there has been no evidence so far that China or Russia wants to do anything other than to steal information that will help their own scientists work faster on combating the novel coronavirus. Experts say that focus on promoting public health makes this kind of hacking far different from the economic espionage U.S. officials have traditionally pilloried China for and which centers on raiding American companies' intellectual property to benefit Chines companies’ bottom lines.
But that could change down the road. For instance, China might use the stolen information to help its companies get a leg up on U.S. competitors in the market for coronavirus treatments. Even worse, hackers could use the access they gained to U.S. research labs’ computer networks to sabotage future work.
The biggest concern is doing something in a way that disrupts or a slows down a potential cure,” said Chris Painter, who was the State Department’s top cybersecurity diplomat during the Obama administration. “If they do things that are impeding the manufacture or research of a vaccine in any way, that would clearly cross a line.”
In the case of the new CIA authorities, part of what the agency is reportedly doing is hacking and releasing information that might be embarrassing to U.S. opponents. The Yahoo article points to a handful of recent data leaks that might be connected to the CIA including information about an ostensibly independent Russian company that was working with Moscow's intelligence services and about the personal information of Iranian intelligence officers.
Those operations could raise problems if they seemed aimed at affecting an election and could undermine U.S. efforts to insist that such hacks should be off the table.
“I happen to think the Russians actually need some payback in the hacking and dumping department, but it should stay the heck away from anything that looks like an electoral intervention,” Brookings Senior Fellow Benjamin Wittes said during the Rational Security podcast. “You want to be super cautious about anything that could look like an intervention into a foreign election because that is a norm that we want to strongly support.”

Diplomatic efforts to impose global cyber rules have slowed since a burst of diplomatic activity between 2013 and 2017. 

Since then officials have largely focused on the harder task of imposing consequences on nations that flout those rules.
The Trump administration has also pivoted to focusing more on project strength in cyberspace. That's included retaliatory cyberstrikes against Russia during the 2018 midterm elections and against Iran for shooting down a U.S. surveillance drone. But they haven’t prompted either nation to significantly reduce cyberattacks against the United States.
“We have countries signing onto these norms…but we haven’t done a very good job at imposing consequences when those norms get violated,” Painter told me. “We’ve become a little better at trying to disrupt them. But we still don’t see quick actions that change the calculus of people violating the norms. And if they get a benefit from violating them then they’ll keep doing it.”

The keys



Early evidence suggests a massive Twitter hack was not politically motivated.

That attack compromised the accounts of former vice president Joe Biden, former president Barack Obama and a slew of business leaders but the hackers don’t appear to have had a political ax to grind, a law enforcement official told Rachel Lerman. The FBI is leading a federal investigation into the hack.
“This was not a hack of Biden’s campaign,” the official said. “Or of Elon Musk. This was all about a fraud scheme and not about trying to turn the political winds in a certain direction.”
Four hackers identified as involved in the scam told The New York Times their main goal was profiting off the accounts by using them in a bitcoin scam. 
Twitter confirmed in a blog post that the attackers targeted 130 accounts and downloaded the data of eight accounts. None of the eight accounts were verified, meaning that hackers did not steal the data of high-profile targets including Biden, Twitter said. The company pinned the attack on hackers who conned employees into giving up credentials that provided access to Twitter's internal systems.
Hackers were also able to view personal information including email addresses and phone numbers for the 130 accounts targeted. For the 45 accounts they took over, that could have included "additional information," though Twitter didn't give specifics.
Trump, citing mail-in voting, declined to say that he will accept the election results.
The president claimed without evidence in a Fox News interview that mail-in voting could rig the November results, Felicia Sonmez reports. Trump has repeatedly railed against mail-in voting even as many states are turning to the process as a safer alternative to in-person voting during the coronavirus pandemic.
Fox News host Chris Wallace asked Trump if he “might not accept the results of the election.” Trump replied, “I have to see. Look, you — I have to see. No, I’m not going to just say ‘yes.’ I’m not going to say ‘no.’ And I didn’t last time, either. 
Biden's campaign slammed the remarks. “The American people will decide this election,” Biden spokesman Andrew Bates said. “And the United States government is perfectly capable of escorting trespassers out of the White House.” 
Biden warned Friday that the real threat to the November election is foreign interference. Biden has received intelligence briefings that both Russia and China are actively engaged in trying to sow doubt about the election results, Matt Viser reports
Those foreign interference efforts, so far, fall far short of the interference operation Russia conducted in 2016, Chris Krebs, the top cybersecurity official at the Department of Homeland Security, said Friday.
“Compared to where things were in 2016, we are not seeing that level of coordinated, determined cyber activity from adversaries,” Krebs said during a virtual event hosted by the Brookings Institution. “We absolutely have better visibility across the networks, and we are just not seeing that same level of activity that we saw in 2016.”

The Trump campaign is attacking TikTok and accusing it of spying on users.

The campaign has posted more than 100 versions of Facebook ads accusing the Chinese company of monitoring data copied by users' phones, Donie O'Sullivan at CNN reports.
The New York Times's Taylor Lorenz first spotted the ads, which all directed Facebook users to sign a petition banning TikTok.
TikTok's access to users' clipboards, which store copied data such as passwords, sparked security concerns last month. TikTok said it used the access to prevent spammy behavior but discontinued the feature shortly after the backlash.
The White House's call to ban the app, which is owned by China's ByteDance, is the latest step in Trump's push against the alleged security threats of Chinese technology. Trump has accused TikTok of sharing user data with the Chinese government. TikTok has repeatedly denied the accusation.
The administration has also gone after other Chinese tech companies for alleged spying, including telecommunications firm Huawei. TikTok recently put on hold plans to build a headquarters in London following a similar clash between the United Kingdom and Huawei, the Guardian reports.

Industry report



A federal judge greenlit Facebook's lawsuit against Israeli spyware company NSO Group.

Facebook filed the suit last year after accusing NSO of helping its government clients hack into the phones of  about 1,400 WhatsApp users, including political and human rights activists. NSO attempted to get the suit thrown out by arguing it doesn't operate in the United States and therefore isn't subject to civil charges, CyberScoop reports.

Global cyberspace



The British government is asking Japan for help building its 5G network after plans to oust Huawei. 

British officials met with Japanese leaders on Thursday to discuss the effort, Makiko Yamazaki at Reuters reports. The discussions followed Britain's decision to ban Chinese-owned Huawei from its 5G networks by 2027. Britain named NEC Corp. and Fujitsu as potential alternative suppliers to Huawei, Japan’s Nikkei publication reported.

Chat room


Former presidential candidate Andrew Yang wants to know why Internet voting is a bad idea. Election security researchers and government agencies have been providing pretty extensive answers to that question for months now.
A reply from election security expert and Georgetown University professor Matt Blaze:
Computer researcher Marcus Hutchins went in depth:

Daybook


  • The Senate Commerce Subcommittee on Manufacturing, Trade, and Consumer Protection will hold a hearing on protecting Americans from coronavirus scams on Tuesday at 2:30 p.m.
  • The Senate Rules Committee will hold a hearing on general-election preparations on Wednesday at 10:30 a.m.

Secure log off

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.