Obama's new cyber-security tactics finger corrupt staff, China

Hackers or the guy with root? Trouble is closer to home, warns White House

5 things you didn’t know about cloud backup

The White House has unveiled a fresh strategy for combating the theft of American trade secrets - days after a high-profile Chinese cyber-espionage campaign against US corporate giants was exposed.

The strategy, outlined in a 141-page report [PDF] published on Wednesday, focuses on a five-part plan featuring diplomatic efforts, cooperation with private industry to bolster information security, legislation, law enforcement operations and public education campaigns. The US Departments of Commerce, Defense, Homeland Security, Justice, State and Treasury; the Office of the Director of National Intelligence; and the Office of the United States Trade Representative were all involved in drawing up the strategy, and will all be involved in aspects of putting it into play.

The US government report, which cites numerous examples of Chinese espionage and a lesser number of attacks traced to Russia and the countries, makes a fascinating read.

Although recent news headlines focused on state-sponsored cyber-espionage, the new Administration Strategy on Mitigation of Theft of US Trade Secrets also highlights the role of corrupt company insiders in the pilfering of trade secrets. Cyber-espionage is presented as making an existing threat far worse:

Foreign economic collection and industrial espionage against the United States represent significant and growing threats to the nation’s prosperity and security. Cyberspace—where most business activity and development of new ideas now takes place — amplifies these threats by making it possible for malicious actors, whether they are corrupted insiders or foreign intelligence services (FIS), to quickly steal and transfer massive quantities of data while remaining anonymous and hard to detect

Other targets of industrial espionage include firms in Canada, France, Germany, the UK and South Korea as well as US corporations, who seem to bear the brunt of attacks. And what other Western intelligence sources are telling their US counterparts, as summarised in the strategy document, bears repeating: "Russia also is seen as an important actor in cyber-enabled economic collection and espionage against other countries, albeit a distant second to China."

The report states: "Trade-secret theft threatens American businesses, undermines national security, and places the security of the US economy in jeopardy. These acts also diminish US export prospects around the globe and put American jobs at risk."

A key section of the document blames most of this malfeasance on China:

Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the IC {intelligence community] cannot confirm who was responsible.

Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.

Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence (HUMINT) tactics. Some of these states have advanced cyber capabilities.

Seven of eight highlighted cases of trade-secret theft in early section of the report involve Chinese nationals or Chinese firms. The exception involves the alleged theft of Goldman Sachs' computing trading source code by an employee of Russian extraction. The Obama administration aims to clamp down on both corporate and state-sponsored trade secret theft.

A summary of the Department of Justice's economic espionage and trade-secret criminal cases since January 2009 lists 18 Chinese suspects, one South Korean and an Indian. It also lists a case involving an attempted sale of Akamai trade secrets to Israel that the Israelis actively helped in thwarting. All the cited cases involve current or former employees of negotiable morals rather than infiltration by outside hackers.

The report is noteworthy in listing the main targets of trade-secret theft: these include information and communications technology; military technologies (particularly marine systems and drones - unmanned aerial vehicles) and other aerospace technologies; and technologies in sectors likely to experience fast growth, such as clean energy; healthcare and pharmaceuticals; and natural resources (including oil and gas).

Intelligence agencies have "used independent hackers at times to augment their capabilities and act as proxies for intrusions, thereby providing plausible deniability", the report states. It singles out the use of the Iranian Cyber Army, a hacker group with links to the Iranian government, in "social engineering techniques to obtain control over internet domains and disrupt the political opposition" as an example of this so-called "hackers for hire" trend.

Other second-tier threats include hacktivists and Wikileaks:

Similarly, political or social activists may use the tools of economic espionage against US companies, agencies, or other entities, with disgruntled insiders leaking information about corporate trade secrets or critical US technology to 'hacktivist' groups like WikiLeaks.

Hacktivists are very much a footnote to the report which focuses on corrupt insiders - such as current and former employees - and state-sponsored hackers based in China as by far the most significant threat.

Cyber-espionage to swipe US trade secrets has been going on for the last six or seven years, we're told, but are occurring with increasing frequency and getting much more media attention of late. The new strategy brings together existing initiatives in diplomacy, promotion of best practice and law enforcement action rather than introducing anything more radical, such as active defence. Strategies involving active defence may involve anything from hacking back against attackers to deliberately feeding hackers misinformation and snaring them with honeypots. The policy document also omits mention of recent debates about charging foreign cyber-spies with hacking into US corporations.

Instead the emphasis is placed far more on the Cyber Intelligence Sharing and Protection Act, or CISPA, legislation designed to facilitate sharing of intelligence about cyber-attacks and talk of how suspicions of industrial scale trade-secret theft may impact international trade negotiations - such as the Trans Pacific Partnership. The threat of trade sanctions against China is raised as a possible move although it's not fully detailed.

The Obama administration's announcement follows a spate of admissions by US high-tech firms, including Apple and Facebook, that they've fallen victim to hacking attacks linked to Java-based browser exploits. A separate run of attacks using spear-phishing and custom malware to compromise systems was levelled at The New York Times and The Wall Street Journal.

A detailed report drawn from a long-running investigation by security response firm Mandiant blamed a Shanghai-based Chinese military unit for spearheading many cyber-espionage campaigns over several years. China has denied these claims, arguing that it has often been a victim of cyber-attacks and called for greater international cooperation. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story


Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.