Obama's new cyber-security tactics finger corrupt staff, China

Hackers or the guy with root? Trouble is closer to home, warns White House

3 Big data security analytics techniques

The White House has unveiled a fresh strategy for combating the theft of American trade secrets - days after a high-profile Chinese cyber-espionage campaign against US corporate giants was exposed.

The strategy, outlined in a 141-page report [PDF] published on Wednesday, focuses on a five-part plan featuring diplomatic efforts, cooperation with private industry to bolster information security, legislation, law enforcement operations and public education campaigns. The US Departments of Commerce, Defense, Homeland Security, Justice, State and Treasury; the Office of the Director of National Intelligence; and the Office of the United States Trade Representative were all involved in drawing up the strategy, and will all be involved in aspects of putting it into play.

The US government report, which cites numerous examples of Chinese espionage and a lesser number of attacks traced to Russia and the countries, makes a fascinating read.

Although recent news headlines focused on state-sponsored cyber-espionage, the new Administration Strategy on Mitigation of Theft of US Trade Secrets also highlights the role of corrupt company insiders in the pilfering of trade secrets. Cyber-espionage is presented as making an existing threat far worse:

Foreign economic collection and industrial espionage against the United States represent significant and growing threats to the nation’s prosperity and security. Cyberspace—where most business activity and development of new ideas now takes place — amplifies these threats by making it possible for malicious actors, whether they are corrupted insiders or foreign intelligence services (FIS), to quickly steal and transfer massive quantities of data while remaining anonymous and hard to detect

Other targets of industrial espionage include firms in Canada, France, Germany, the UK and South Korea as well as US corporations, who seem to bear the brunt of attacks. And what other Western intelligence sources are telling their US counterparts, as summarised in the strategy document, bears repeating: "Russia also is seen as an important actor in cyber-enabled economic collection and espionage against other countries, albeit a distant second to China."

The report states: "Trade-secret theft threatens American businesses, undermines national security, and places the security of the US economy in jeopardy. These acts also diminish US export prospects around the globe and put American jobs at risk."

A key section of the document blames most of this malfeasance on China:

Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the IC {intelligence community] cannot confirm who was responsible.

Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.

Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence (HUMINT) tactics. Some of these states have advanced cyber capabilities.

Seven of eight highlighted cases of trade-secret theft in early section of the report involve Chinese nationals or Chinese firms. The exception involves the alleged theft of Goldman Sachs' computing trading source code by an employee of Russian extraction. The Obama administration aims to clamp down on both corporate and state-sponsored trade secret theft.

A summary of the Department of Justice's economic espionage and trade-secret criminal cases since January 2009 lists 18 Chinese suspects, one South Korean and an Indian. It also lists a case involving an attempted sale of Akamai trade secrets to Israel that the Israelis actively helped in thwarting. All the cited cases involve current or former employees of negotiable morals rather than infiltration by outside hackers.

The report is noteworthy in listing the main targets of trade-secret theft: these include information and communications technology; military technologies (particularly marine systems and drones - unmanned aerial vehicles) and other aerospace technologies; and technologies in sectors likely to experience fast growth, such as clean energy; healthcare and pharmaceuticals; and natural resources (including oil and gas).

Intelligence agencies have "used independent hackers at times to augment their capabilities and act as proxies for intrusions, thereby providing plausible deniability", the report states. It singles out the use of the Iranian Cyber Army, a hacker group with links to the Iranian government, in "social engineering techniques to obtain control over internet domains and disrupt the political opposition" as an example of this so-called "hackers for hire" trend.

Other second-tier threats include hacktivists and Wikileaks:

Similarly, political or social activists may use the tools of economic espionage against US companies, agencies, or other entities, with disgruntled insiders leaking information about corporate trade secrets or critical US technology to 'hacktivist' groups like WikiLeaks.

Hacktivists are very much a footnote to the report which focuses on corrupt insiders - such as current and former employees - and state-sponsored hackers based in China as by far the most significant threat.

Cyber-espionage to swipe US trade secrets has been going on for the last six or seven years, we're told, but are occurring with increasing frequency and getting much more media attention of late. The new strategy brings together existing initiatives in diplomacy, promotion of best practice and law enforcement action rather than introducing anything more radical, such as active defence. Strategies involving active defence may involve anything from hacking back against attackers to deliberately feeding hackers misinformation and snaring them with honeypots. The policy document also omits mention of recent debates about charging foreign cyber-spies with hacking into US corporations.

Instead the emphasis is placed far more on the Cyber Intelligence Sharing and Protection Act, or CISPA, legislation designed to facilitate sharing of intelligence about cyber-attacks and talk of how suspicions of industrial scale trade-secret theft may impact international trade negotiations - such as the Trans Pacific Partnership. The threat of trade sanctions against China is raised as a possible move although it's not fully detailed.

The Obama administration's announcement follows a spate of admissions by US high-tech firms, including Apple and Facebook, that they've fallen victim to hacking attacks linked to Java-based browser exploits. A separate run of attacks using spear-phishing and custom malware to compromise systems was levelled at The New York Times and The Wall Street Journal.

A detailed report drawn from a long-running investigation by security response firm Mandiant blamed a Shanghai-based Chinese military unit for spearheading many cyber-espionage campaigns over several years. China has denied these claims, arguing that it has often been a victim of cyber-attacks and called for greater international cooperation. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.